Analyse Hyjacksis ques ce qui ce passe ?

merci de m'aider, je suis vos conseils et je vous donne des nouvelles

je n'arrive pas à ouvrir Navilog 1, quand je fais exécuter, il me le déclare comme infecté et me le ferme

Si je n'ai plus mon fond d'écran, et il y'a écrit :
System has been stopped due to a serious malfunction
Spyware activity has been detected
It is recommended to use spyware removal tool to prevent data loss
Do not use the computer before all spyware removed

marche toujours pas , je me demande si le pc ne c pas mis en sécurité élevée et qu'il me refuse tout ou presque non ?

Merci de ton aide, mais les liens que tu me conseille ne fonctionnent pas, j'ai essayé par ailleurs, mais apparemment ce logiciel a été attaqué par un virus et ils sont entrain de le refaire.

voilà le rapport de malwarebytes :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1665
Windows 5.1.2600 Service Pack 3

18/12/2009 10:43:07
mbam-log-2009-12-18 (10-43-07).txt

Type de recherche: Examen rapide
Eléments examinés: 76999
Temps écoulé: 18 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ooika_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ooika_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ooika.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ooika.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\tyekpvah_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\tyekpvah_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\tyekpvah.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\tyekpvah.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\hbbvpjd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\hbbvpjd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\hbbvpjd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\hbbvpjd.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ubaonbi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ubaonbi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ubaonbi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\ubaonbi.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\uiews_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\uiews_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\uiews.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\uiews.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

Il me demande de redémarrer l'ordinateur, j'y vais ?

c quoi un "rsit"

Merci

j'ai aussi OOO favorit dans les options internet, je le vire ?

J'ai télécharger OTM, je l'ai installé, j'ai copié et collé ce que vous aviez écrit en gris, j'ai enlevé le go que vous aviez mis au début car il ne le reconnaissait pas, et il me répond :

All processes killed
============PROCESSES============
No active process named explorer.exe was found
============SERVICES/DRIVERS=======
============REGISTRY=============

Et il plante, impossible de le refermer et de lui demander quoi que ce soit, je suis obligé de redémarrer mon ordinateur.

Cordialement

Même réponse, et plantage

voici ce que je récupère dans le fichier résultat :
c:\windows\system32\winhelper86.dll

L'analyse hyjacksis donne :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:00, on 18/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku125.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sukoku\sukoku.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\directprof\directprof.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\KirysTech2k\FastNote\kfn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.directprof.com/professeur/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.6.0.940\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.1.4630\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [directProf] C:\Program Files\directprof\directprof.exe
O4 - HKLM\..\RunOnce: [ICLaunch000] regsvr32 /s "C:\WINDOWS\system32\olepro32.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [yycoogy] "c:\documents and settings\jean-gabriel gantet\local settings\application data\yycoogy.exe" yycoogy
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [thlydk] "c:\documents and settings\jean-gabriel gantet\local settings\application data\thlydk.exe" thlydk
O4 - HKCU\..\Run: [paalgx] "c:\documents and settings\jean-gabriel gantet\local settings\application data\paalgx.exe" paalgx
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fast Note.lnk = C:\Program Files\KirysTech2k\FastNote\kfn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TomTomHOMEService - Unknown owner - C:\Documents and Settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe (file missing)

Si si à la lettre pourquoi ?

ça ne fonctionne pas, on m'y détecte un virus et il ne s'ouvre pas, je ne sais plus trop quoi faire !

Non, je n'ai pas le rapport de combofix dans C:/rsit
Je fais ce que tu m'a demandé avec Navilog

Voilà le rapport de malwarebytes :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1665
Windows 5.1.2600 Service Pack 3

19/12/2009 11:33:29
mbam-log-2009-12-19 (11-33-29).txt

Type de recherche: Examen rapide
Eléments examinés: 56754
Temps écoulé: 4 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

et voilà :
ComboFix 09-12-17.03 - Jean-Gabriel GANTET 19/12/2009 12:29:04.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1316 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean-Gabriel GANTET\Bureau\KittyFix.exe
Commutateurs utilisés :: c:\documents and settings\Jean-Gabriel GANTET\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\jean-gabriel gantet\local settings\application data\paalgx.exe"
"c:\documents and settings\jean-gabriel gantet\local settings\application data\thlydk.exe"
"c:\program files\doubled\juicyaccess toolbar\4.2.4.23050\stbapp.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\osypuain.sys
.
---- Exécution préalable -------
.
c:\documents and settings\Jean-Gabriel GANTET\Bureau\Internet Security 2010.lnk
c:\program files\Internet Saving Optimizer\3.7.1.4630\adwpx.exe
c:\program files\Internet Saving Optimizer\3.7.1.4630\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.1.4630\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.7.1.4630\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.1.4630\unins000.dat
c:\program files\Internet Saving Optimizer\3.7.1.4630\unins000.exe
c:\program files\InternetSecurity2010\IS2010.exe
c:\program files\Media Access Startup\1.6.0.940\Data\config.md
c:\program files\Media Access Startup\1.6.0.940\FF\chrome.manifest
c:\program files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.6.0.940\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.6.0.940\FF\install.rdf
c:\program files\Media Access Startup\1.6.0.940\HPCommon.dll
c:\program files\Media Access Startup\1.6.0.940\HPIEaddon.dll
c:\program files\Media Access Startup\1.6.0.940\hppx.exe
c:\program files\Media Access Startup\1.6.0.940\MAHelper.exe
c:\program files\Media Access Startup\1.6.0.940\unins000.dat
c:\program files\Media Access Startup\1.6.0.940\unins000.exe
c:\program files\System Search Dispatcher\1.4.1.1010\ssD.dll
c:\windows\ADI.INF
c:\windows\ADO.INF
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\Ijl11.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sbuyt


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-19 au 2009-12-19 ))))))))))))))))))))))))))))))))))))
.

2009-12-19 09:24 . 2009-12-19 09:39 -------- d-----w- c:\program files\navilog1
2009-12-18 22:22 . 2009-12-18 22:22 152576 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-18 22:18 . 2009-12-18 22:18 79488 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-18 16:17 . 2009-12-18 16:17 -------- d-----w- C:\rsit
2009-12-18 10:57 . 2009-12-18 10:57 -------- d-----w- C:\_OTM
2009-12-17 22:52 . 2009-12-17 23:07 -------- d-----w- C:\Casino
2009-12-05 16:13 . 2009-12-05 16:54 -------- d-----w- c:\program files\directprof

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 11:41 . 2009-01-29 22:33 -------- d-----w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Free Download Manager
2009-12-19 09:45 . 2009-10-24 14:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-18 22:23 . 2006-01-16 16:56 -------- d-----w- c:\program files\Java
2009-12-18 10:57 . 2007-06-16 13:26 427146 ----a-w- c:\windows\system32\perfh040.dat
2009-12-18 10:57 . 2007-06-16 13:26 54928 ----a-w- c:\windows\system32\perfc040.dat
2009-12-18 10:57 . 2006-01-16 16:23 83432 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-18 10:57 . 2006-01-16 16:23 506344 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-17 16:50 . 2008-11-22 22:09 -------- d-----w- c:\program files\Windows Live
2009-12-17 08:59 . 2006-10-21 20:50 1568 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\wklnhst.dat
2009-11-08 18:13 . 2009-11-07 16:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-08 11:53 . 2006-10-19 16:46 40128 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 17:43 . 2008-11-22 22:27 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-07 16:27 . 2009-11-07 16:27 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\program files\Microsoft
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 20:46 . 2009-09-01 13:40 -------- d-----w- c:\program files\Sukoku
2009-10-29 18:59 . 2006-01-17 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 18:55 . 2007-01-27 16:12 -------- d-----w- c:\program files\Google
2009-10-29 18:41 . 2008-11-08 21:44 -------- d-----w- c:\program files\Yahoo!
2009-10-29 18:29 . 2009-09-01 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sukoku
2009-10-29 07:44 . 2006-01-16 16:23 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2006-01-16 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2006-01-16 16:22 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 15:03 . 2009-10-29 18:29 54760 ----a-w- c:\documents and settings\All Users\Application Data\Sukoku\sukoku125.exe
2009-10-24 14:01 . 2009-10-24 14:01 -------- d-----w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Thunderbird
2009-10-21 05:39 . 2006-01-16 16:23 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-01-16 16:23 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2006-01-16 16:23 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2006-01-16 16:23 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2006-01-16 16:23 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-06-18 06:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 09:34 . 2009-09-25 09:34 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 19:55 . 2009-09-23 19:55 30940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="00" [X]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMERunner.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-11-12 2474031]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]
"Google Update"="c:\documents and settings\Jean-Gabriel GANTET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [BU]
"SmileyApp"="c:\program files\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe" [BU]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"yycoogy"="c:\documents and settings\jean-gabriel gantet\local settings\application data\yycoogy.exe" [BU]
"thlydk"="c:\documents and settings\jean-gabriel gantet\local settings\application data\thlydk.exe" [BU]
"paalgx"="c:\documents and settings\jean-gabriel gantet\local settings\application data\paalgx.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [BU]
"DLADiag"="c:\windows\DLADiag.EXE" [2005-08-25 57403]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-10 262401]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-07-24 37136]
"pdfSaver3"="" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"directProf"="c:\program files\directprof\directprof.exe" [2008-05-29 1305600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICLaunch000"="c:\windows\system32\olepro32.dll" [2008-04-14 84992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fast Note.lnk - c:\program files\KirysTech2k\FastNote\kfn.exe [2008-12-29 1723520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 525640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"=
"c:\\MATLAB6p5\\bin\\win32\\matlab.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 DLADiagN;DLADiagN;c:\windows\system32\drivers\DLADiagN.SYS [22/09/2007 13:33 10908]
R1 DLAPMonN;DLAPMonN;c:\windows\system32\drivers\DLAPMonN.SYS [22/09/2007 13:33 22812]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [07/11/2009 17:29 54752]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe --> c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.directprof.com/professeur/
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
uDefault_Search_URL = hxxp://www.durable.com/recherche
mSearch Page = hxxp://www.durable.com/recherche
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
IE: &Windows Live Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|https://start.mozilla.org/fr/\n
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-HijackThis - c:\docume~1\JEAN-G~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
AddRemove-TomTom HOME - c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\Uninstall TomTom HOME.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.6.0.940\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 12:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\matlab6p5\webserver\bin\win32\matlabserver.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\matlab6p5\bin\win32\matlab.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Heure de fin: 2009-12-19 12:44:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-19 11:44

Avant-CF: 62 588 084 224 octets libres
Après-CF: 62 442 762 240 octets libres

- - End Of File - - DEB7B82D79F1B95B39A71A356AF385D8

Voilà le rapport pour combofix :
ComboFix 09-12-20.04 - Jean-Gabriel GANTET 21/12/2009 10:39:53.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1090 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean-Gabriel GANTET\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jean-Gabriel GANTET\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\All Users\Application Data\Sukoku\sukoku125.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Casino
c:\documents and settings\All Users\Application Data\Sukoku
c:\documents and settings\All Users\Application Data\Sukoku\sukoku125.exe
c:\program files\Sukoku
c:\program files\Sukoku\sukoku.dll
c:\program files\Sukoku\sukoku.exe
c:\program files\Sukoku\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RDPWD
-------\Service_TDTCP


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-21 au 2009-12-21 ))))))))))))))))))))))))))))))))))))
.

2009-12-19 09:24 . 2009-12-19 09:39 -------- d-----w- c:\program files\navilog1
2009-12-18 16:17 . 2009-12-18 16:17 -------- d-----w- C:\rsit
2009-12-18 10:57 . 2009-12-18 10:57 -------- d-----w- C:\_OTM
2009-12-05 16:13 . 2009-12-05 16:54 -------- d-----w- c:\program files\directprof

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 09:52 . 2009-01-29 22:33 -------- d-----w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Free Download Manager
2009-12-21 08:54 . 2009-10-24 14:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-19 17:40 . 2006-10-21 20:50 1568 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\wklnhst.dat
2009-12-18 22:23 . 2006-01-16 16:56 -------- d-----w- c:\program files\Java
2009-12-18 22:22 . 2009-12-18 22:22 152576 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-18 22:18 . 2009-12-18 22:18 79488 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-18 10:57 . 2007-06-16 13:26 427146 ----a-w- c:\windows\system32\perfh040.dat
2009-12-18 10:57 . 2007-06-16 13:26 54928 ----a-w- c:\windows\system32\perfc040.dat
2009-12-18 10:57 . 2006-01-16 16:23 83432 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-18 10:57 . 2006-01-16 16:23 506344 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-17 16:50 . 2008-11-22 22:09 -------- d-----w- c:\program files\Windows Live
2009-12-16 13:42 . 2009-12-19 15:57 872960 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2009-12-19 15:57 43008 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2009-12-19 15:57 340480 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2009-12-19 15:57 346624 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-08 18:13 . 2009-11-07 16:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-08 11:53 . 2006-10-19 16:46 40128 ----a-w- c:\documents and settings\Jean-Gabriel GANTET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 17:43 . 2008-11-22 22:27 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-07 16:27 . 2009-11-07 16:27 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\program files\Microsoft
2009-11-07 16:23 . 2009-11-07 16:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 18:59 . 2006-01-17 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 18:55 . 2007-01-27 16:12 -------- d-----w- c:\program files\Google
2009-10-29 18:41 . 2008-11-08 21:44 -------- d-----w- c:\program files\Yahoo!
2009-10-29 07:44 . 2006-01-16 16:23 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2006-01-16 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2006-01-16 16:22 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-24 14:01 . 2009-10-24 14:01 -------- d-----w- c:\documents and settings\Jean-Gabriel GANTET\Application Data\Thunderbird
2009-10-21 05:39 . 2006-01-16 16:23 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-01-16 16:23 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2006-01-16 16:23 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2006-01-16 16:23 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2006-01-16 16:23 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-06-18 06:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 09:34 . 2009-09-25 09:34 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 19:55 . 2009-09-23 19:55 30940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="00" [X]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMERunner.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-11-12 2474031]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]
"Google Update"="c:\documents and settings\Jean-Gabriel GANTET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [BU]
"SmileyApp"="c:\program files\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe" [BU]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"yycoogy"="c:\documents and settings\jean-gabriel gantet\local settings\application data\yycoogy.exe" [BU]
"thlydk"="c:\documents and settings\jean-gabriel gantet\local settings\application data\thlydk.exe" [BU]
"paalgx"="c:\documents and settings\jean-gabriel gantet\local settings\application data\paalgx.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [BU]
"DLADiag"="c:\windows\DLADiag.EXE" [2005-08-25 57403]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-10 262401]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-07-24 37136]
"pdfSaver3"="" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"directProf"="c:\program files\directprof\directprof.exe" [2008-05-29 1305600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICLaunch000"="c:\windows\system32\olepro32.dll" [2008-04-14 84992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fast Note.lnk - c:\program files\KirysTech2k\FastNote\kfn.exe [2008-12-29 1723520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 525640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"=
"c:\\MATLAB6p5\\bin\\win32\\matlab.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 DLADiagN;DLADiagN;c:\windows\system32\drivers\DLADiagN.SYS [22/09/2007 13:33 10908]
R1 DLAPMonN;DLAPMonN;c:\windows\system32\drivers\DLAPMonN.SYS [22/09/2007 13:33 22812]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [07/11/2009 17:29 54752]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe --> c:\documents and settings\Jean-Gabriel GANTET\Bureau\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.directprof.com/professeur/
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
uDefault_Search_URL = hxxp://www.durable.com/recherche
mSearch Page = hxxp://www.durable.com/recherche
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
IE: &Windows Live Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|https://start.mozilla.org/fr/\n
FF - component: c:\documents and settings\Jean-Gabriel GANTET\Application Data\Mozilla\Firefox\Profiles\r4tlzqkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - (no file)
AddRemove-Sukoku - c:\program files\Sukoku\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 10:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\TDispVol.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\matlab6p5\webserver\bin\win32\matlabserver.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\matlab6p5\bin\win32\matlab.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\TDispVol.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2009-12-21 10:57:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-21 09:57
ComboFix2.txt 2009-12-19 11:44

Avant-CF: 62 450 675 712 octets libres
Après-CF: 62 456 274 944 octets libres

- - End Of File - - B56A85DEEC03F77BA2B243916D632813

Merci encore de ton aide; merci mon ordinateur va mieux et semble plus rapide

Bonsoir,

Désolé de te répondre si tard, j'ai fais ce que tu m'as demandé, voilà le rapport de AD-removert

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 21.12.2009 à 22:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:30:00, 22/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: JEAN-GABRIEL | Utilisateur actuel: Jean-Gabriel GANTET
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\Program Files\DoubleD
C:\Program Files\EoRezo
C:\Program Files\ItsLabel
C:\Program Files\System Search Dispatcher
C:\DOCUME~1\JEAN-G~1\APPLIC~1\EoRezo
C:\DOCUME~1\JEAN-G~1\APPLIC~1\ItsLabel
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Internet Saving Optimizer
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Media Access Startup
.
HKCU\software\DoubleD
HKCU\software\Internet Saving Optimizer
HKCU\software\Live-Player
HKCU\software\Media Access Startup
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SmileyApp
HKLM\Software\Classes\CLSID\{27FF1EE8-8CCC-49E1-B801-F212E3744E80}
HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}
HKLM\Software\Classes\TypeLib\{22C12739-C111-44C6-9BB7-F335C2A9BE2A}
HKLM\software\DoubleD
HKLM\software\Internet Saving Optimizer
HKLM\software\Live-Player
HKLM\software\Media Access Startup
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKLM\software\microsoft\windows\currentversion\uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1
HKLM\Software\Mozilla\Firefox\Extensions\\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec}
HKLM\Software\Mozilla\Firefox\Extensions\\{2224e955-00e9-4613-a844-ce69fccaae91}
HKLM\software\Sukoku
HKU\s-1-5-21-28540140-2528877174-3643389466-1006\software\DoubleD
HKU\s-1-5-21-28540140-2528877174-3643389466-1006\software\Internet Saving Optimizer
HKU\s-1-5-21-28540140-2528877174-3643389466-1006\software\Live-Player
HKU\s-1-5-21-28540140-2528877174-3643389466-1006\software\Media Access Startup
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: r4tlzqkg.default (Jean-Gabriel GANTET)
.
(JEAN-G~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Jean-Gabriel GANTET\Mes documents\images
(JEAN-G~1, prefs.js) Browser.search.defaultenginename, Google
(JEAN-G~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(JEAN-G~1, prefs.js) Browser.search.selectedEngine, Google
(JEAN-G~1, prefs.js) Browser.startup.homepage, hxxp://www.theprizeday.com/today.php|hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official\n
(JEAN-G~1, prefs.js) Extensions.enabledItems, {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0,web@veoh.com:1.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://www.directprof.com/professeur/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Default_Search_URL: hxxp://www.durable.com/recherche
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://www.durable.com/recherche
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: hxxp://www.durable.com/recherche
.
===================================
.
4435 Octet(s) - C:\Ad-Report-SCAN[1].log
.
5 Fichier(s) - C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
55 Fichier(s) - C:\WINDOWS\Prefetch
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 16:35:35 | 22/12/2009 - SCAN[1]
.
============== E.O.F ==============
.
Merci de ton aide, mon PC va mieux et je n'ai rien perdu, vous êtes incroyables d'aider les gens comme ça,
J'espère vous renvoyer l'ascenseur, on ne sait jamais le monde est petit, en tout cas bonne continuation, bonnes fêtes et bonne année.
Cordialement
JG

Voilà le rapport de AD-remover, en ce qui le fichier zippé à envoyer, ça a été fait.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 21.12.2009 à 22:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:26:27, 23/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: JEAN-GABRIEL | Utilisateur actuel: Jean-Gabriel GANTET
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\DoubleD
C:\Program Files\EoRezo
C:\Program Files\ItsLabel
C:\Program Files\System Search Dispatcher
C:\DOCUME~1\JEAN-G~1\APPLIC~1\EoRezo
C:\DOCUME~1\JEAN-G~1\APPLIC~1\ItsLabel
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Internet Saving Optimizer
C:\Documents and Settings\Jean-Gabriel GANTET\Local Settings\Application Data\Media Access Startup

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\DoubleD
HKCU\software\Internet Saving Optimizer
HKCU\software\Live-Player
HKCU\software\Media Access Startup
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SmileyApp
HKLM\Software\Classes\CLSID\{27FF1EE8-8CCC-49E1-B801-F212E3744E80}
HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}
HKLM\Software\Classes\TypeLib\{22C12739-C111-44C6-9BB7-F335C2A9BE2A}
HKLM\software\DoubleD
HKLM\software\Internet Saving Optimizer
HKLM\software\Live-Player
HKLM\software\Media Access Startup
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKLM\software\microsoft\windows\currentversion\uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1
HKLM\Software\Mozilla\Firefox\Extensions\\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec}
HKLM\Software\Mozilla\Firefox\Extensions\\{2224e955-00e9-4613-a844-ce69fccaae91}
HKLM\software\Sukoku
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: r4tlzqkg.default (Jean-Gabriel GANTET)
.
(JEAN-G~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Jean-Gabriel GANTET\Mes documents\images
(JEAN-G~1, prefs.js) Browser.search.defaultenginename, Google
(JEAN-G~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(JEAN-G~1, prefs.js) Browser.search.selectedEngine, Google
(JEAN-G~1, prefs.js) Browser.startup.homepage, hxxp://www.theprizeday.com/today.php|hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official\n
(JEAN-G~1, prefs.js) Extensions.enabledItems, {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0,web@veoh.com:1.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4349 Octet(s) - C:\Ad-Report-CLEAN[1].log
4800 Octet(s) - C:\Ad-Report-SCAN[1].log
.
4 Fichier(s) - C:\DOCUME~1\JEAN-G~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
9 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
499 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:32:38 | 23/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.