Fichier suspect trouvé par AVAST _ Rootkit [Résolu]

rebonjour,

Voici le rapport
PS : l'ordi n'a pas redemarré...


############################## [ UsbFix V3.015 # Cleaning ]

# User : Emeline (Administrateurs) # PC226562534526
# Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:34:04 | 30/04/2009

# AMD Turion(tm) 64 Mobile Technology MK-36
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090429-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 65,19 Go (9,24 Go free) # NTFS
# D:\ # Disque fixe local # 8,31 Go (1,16 Go free) [HP_RECOVERY] # FAT32
# E:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,82 Go (3,33 Go free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

(!) Not Deleted ! C:\WINDOWS\system32\nmdfgds0.dll

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

[26/07/2007 01:35|-rahs----|209] - C:\boot.ini
[25/03/2006 13:00|-rahs----|4952] - C:\Bootfont.bin
[?|?|?] - C:\hiberfil.sys
[30/04/2009 19:07|--a------|1666] - C:\hpqp.ini
[25/03/2006 13:00|-rahs----|47564] - C:\ntdetect.com
[25/03/2006 13:00|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[11/08/2006 16:38|--a------|688] - C:\pcanet.ini
[27/10/2008 13:15|--a------|13469] - C:\TB.txt
[27/10/2008 13:15|--a------|13469] - C:\TB2.txt
[06/04/2009 20:24|--a------|1020] - C:\updatedatfix.log
[30/04/2009 20:34|--a------|4312] - C:\UsbFix.txt
[30/04/2009 19:05|--a------|44] - C:\XP_TV.ini
[27/07/2001 13:07|---hs----|0] - D:\AUTOEXEC.BAT
[09/01/2002 17:52|---hs----|244] - D:\BOOT.INI
[25/03/2005 05:00|---hs----|298096] - D:\CMLDR
[28/07/2001 05:07|---hs----|0] - D:\CONFIG.SYS
[25/05/2005 01:48|---hs----|102] - D:\Desktop.ini
[10/09/2002 07:21|---hs----|7850] - D:\Folder.htt
[17/06/2001 14:31|---hs----|0] - D:\GRAPH
[25/01/2002 07:21|---hs----|0] - D:\GRAPH16
[30/11/2004 02:01|---hs----|73728] - D:\Info.exe
[28/07/2001 05:07|---hs----|0] - D:\IO.SYS
[28/07/2001 05:07|---hs----|0] - D:\MSDOS.SYS
[25/07/2001 21:00|---hs----|45124] - D:\NTDETECT.COM
[17/08/2001 05:32|---hs----|0] - D:\NTFS
[25/03/2005 05:00|---hs----|298096] - D:\NTLDR
[03/11/2005 06:19|---hs----|181736] - D:\protect.ed
[19/06/2007 19:51|---hs----|36] - D:\SAVEFILE.DIR
[08/02/2002 06:44|---hs----|88038] - D:\Warning.bmp
[25/03/2005 05:00|---hs----|10] - D:\WIN51
[25/03/2005 05:00|---hs----|10] - D:\WIN51IA
[25/03/2005 05:00|---hs----|10] - D:\WIN51IA.SP1
[25/03/2005 05:00|---hs----|167] - D:\WINBOM.INI
[23/05/2001 18:19|---hs----|0] - D:\XGA
[19/06/2007 19:52|---hs----|34] - D:\BLOCK.RIN
[01/08/2007 11:10|---hs----|974] - D:\MASTER.LOG
[19/06/2007 19:52|---hs----|0] - D:\USER
[01/08/2007 11:11|-r-hs----|0] - D:\RCBoot.sys
[01/08/2007 12:23|--ahs----|22] - D:\HPCD.sys
[05/04/2009 19:22|--a------|154624] - G:\CV_exo_DRH.doc
[03/03/2009 19:24|--a------|1333] - G:\mdp.txt
[29/04/2009 16:31|--a------|30208] - G:\MOZAMBIQUE_SARAH eMELINE.xls
[13/04/2009 12:55|--a------|75264] - G:\CV_ERivallan_13042009-SI.doc
[13/04/2009 13:38|--a------|75264] - G:\CV_ERivallan_13042009-SI2.doc
[13/04/2009 15:30|--a------|76288] - G:\CV_ERivallan_13042009.doc

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\Emeline\Mes documents\log\2 Dreamweaver MX 2004 Keygenerator.exe
C:\Documents and Settings\Emeline\Mes documents\log\Adobe.CS3.Fireworks.crack.rar
C:\Documents and Settings\Emeline\Mes documents\log\Adobe.Dreamweaver.CS3.Crack + Keygen.rar
C:\Documents and Settings\Emeline\Mes documents\log\Dreamweaver CS3 serial.zip
C:\Documents and Settings\Emeline\Mes documents\log\Macromedia Studio MX 2004 (Dreamweaver, Flash, Fireworks etc) Crack.zip
C:\Documents and Settings\Emeline\Mes documents\log\Adobe.Dreamweaver.CS3.Crack + Keygen\Adobe.Dreamweaver.CS3.Crack - MKDEV TEAM\Dreamweaver.rar
C:\Documents and Settings\Emeline\Mes documents\log\Adobe.Dreamweaver.CS3.Crack + Keygen\Adobe.Dreamweaver.CS3.Crack - MKDEV TEAM\Dreamweaver\Dreamweaver2.exe
C:\Documents and Settings\Emeline\Mes documents\log\Adobe.Dreamweaver.CS3.Crack + Keygen\Keygen\adw3kg.exe
C:\Documents and Settings\Emeline\Mes documents\log\WinRar.v3.61.FR.Incl-Crack\wrar361fr.exe
C:\Documents and Settings\Emeline\Mes documents\log\WinRar.v3.61.FR.Incl-Crack\Crack\Patch.exe

################## [ ! Fin du rapport # UsbFix V3.015 ! ]

Voila!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:33, on 01/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Emeline\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://emmi08.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,916,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{17F5E4B8-11A5-426D-BACA-F14876919321}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F4648D-28D1-49B8-B77C-C2668BCAF411}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{17F5E4B8-11A5-426D-BACA-F14876919321}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{17F5E4B8-11A5-426D-BACA-F14876919321}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

voila le dernier rapport, je fais maintenant la manip que tu me conseilles.
Merci,

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Emeline\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Emeline\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Emeline\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\Emeline\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Emeline\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\HijackThis.lnk: trouvé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\TB.txt: trouvé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\pbvirus_30042009\UsbFix.txt: trouvé !
C:\Documents and Settings\Emeline\Recent\UsbFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Emeline\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\HijackThis.lnk: supprimé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\ToolBarSD.exe: supprimé !
C:\TB.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Emeline\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Emeline\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\Emeline\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\TB.txt: supprimé !
C:\Documents and Settings\Emeline\Mes documents\pb virus_26102008\pbvirus_30042009\UsbFix.txt: supprimé !
C:\Documents and Settings\Emeline\Recent\UsbFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\UsbFix: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Emeline\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Merci pour l'aide!
Juste pour info, je n'ai pas réussi à purger la restauration... La case à cocher et en gris et n'est pas accessible (comme si je n'étais pas utilisateur, alors que pourtant oui!)... Si jamais tu as une solution. Mais en tout cas, merci pour l'aide!

Emeline