Generic12.AZCN

mmmm ie crashed, explorer crashed , (i ran opera through process explorer),
unable to restart the scan with opera..

bad situation..

should i try something like deleting my windows directory, reinstalling , and scanning afterwards ?

No.
Lets use this and we'll see if it shows anything.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 18:26:30,26 on 03/02/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.456 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\Administrator.CHAOSCOMP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\administrator.chaoscomp\lackf.exe \s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [services] c:\windows\services.exe
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRun: [lfwffqrf.exe] c:\windows\lfwffqrf.exe
dRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

============= SERVICES / DRIVERS ===============

S3 CSNPD51;CSNPD51 NDIS Protocol Driver;c:\windows\system32\drivers\CSNPD51.sys [2009-1-31 27800]
S3 FrwDriver;Frw Virtual Audio Device (WDM);c:\windows\system32\drivers\FrwDriver.sys [2009-1-15 33152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-02-03 18:17 21,803,560 a------- C:\sav32sfx.exe
2009-02-03 17:54 138,496 a------- c:\windows\system32\drivers\ethkliyu.sys
2009-02-03 17:54 3,584 a------- c:\windows\lfwffqrf.exe
2009-02-03 17:49 32,768 a---h--- c:\documents and settings\administrator.chaoscomp\lackf.exe
2009-02-03 17:49 53,248 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-03 17:49 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-03 17:49 163,844 a------- c:\windows\system32\4.tmp
2009-02-03 14:56 537,088 a------- C:\rmvirut.exe
2009-02-03 14:56 495,104 a------- C:\rmvirut.nt
2009-02-03 11:50 4,622,076 a------- c:\temp\WINDOWSXP-KB310994-SP2-PRO-BOOTDISK-FRA.EXE
2009-02-03 11:27 168,960 a------- c:\temp\JavaRa.exe
2009-02-03 11:25 69,512 a------- c:\temp\JavaRa.zip
2009-02-03 10:54 --d----- c:\docume~1\admini~1.cha\applic~1\Malwarebytes
2009-02-03 10:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-03 10:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 10:54 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 10:54 --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-03 01:11 9,728 -------- c:\windows\system32\rwnh.dll
2009-02-03 01:11 10,752 -------- c:\windows\system32\smtpapi.dll
2009-02-03 01:04 --d----- c:\docume~1\admini~1.cha\applic~1\iWin
2009-02-03 00:46 --d----- c:\windows\system32\appmgmt
2009-02-02 23:58 19,569 a------- c:\windows\000001_.tmp
2009-02-02 22:57 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-02-02 22:36 37,376 a------- c:\windows\services.exe
2009-02-02 20:49 4 a------- c:\windows\_id.dat
2009-02-02 20:49 130 a------- c:\windows\adobe.bat
2009-02-02 20:15 --d----- c:\program files\Trend Micro
2009-02-02 20:06 59,904 a------- c:\windows\system32\drivers\atmarpc.sys.bak
2009-02-02 19:44 --d----- c:\windows\Jewel Match 2
2009-02-02 18:52 0 a------- c:\windows\system32\3C.tmp
2009-02-02 18:15 0 a----r-- c:\windows\vxrikaff.exe
2009-02-02 18:11 0 a------- c:\windows\system32\2C.tmp
2009-02-02 17:36 --d-h--- C:\$AVG8.VAULT$
2009-02-02 17:25 --d----- c:\docume~1\alluse~1.win\applic~1\Downloaded Installations
2009-02-02 17:24 --d----- c:\program files\AVG
2009-02-02 17:24 --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-02-02 17:20 --d-h--- c:\windows\PIF
2009-02-02 16:44 --d----- c:\program files\Advanced Registry Fix
2009-02-02 16:22 0 a------- c:\windows\system32\B5.tmp
2009-02-02 16:05 0 a------- c:\windows\system32\8D.tmp
2009-02-02 15:45 0 a----r-- c:\windows\system32\drivers\803ff150.sys
2009-02-02 15:08 194 a------- c:\windows\workshop.ini
2009-02-02 15:06 --d----- C:\Boulot
2009-02-02 14:30 --d----- c:\docume~1\admini~1.cha\applic~1\JewelMatch2
2009-02-02 02:40 1,341 a------- C:\regtools.vbs
2009-02-02 02:30 --d-h--- c:\windows\system32\GroupPolicy
2009-02-02 02:21 0 a------- c:\windows\mqcd.dbt
2009-02-02 02:20 28,672 a------- c:\windows\system32\do8d.sr
2009-02-02 02:20 32,768 a------- c:\windows\system32\rer.wa
2009-02-02 02:20 32,768 a------- c:\windows\system32\qzhr1.ant
2009-02-02 02:20 28,672 a------- c:\windows\system32\dedwf.lp
2009-02-02 02:20 77,312 a------- c:\windows\system32\re3d.pf
2009-02-02 02:18 --d----- c:\program files\ReflexiveArcade
2009-02-01 10:36 --d----- c:\program files\Nmap
2009-02-01 01:56 --d----- c:\program files\SQLPowerInjector
2009-02-01 01:37 --d----- c:\program files\0x90.org
2009-01-31 20:01 --d----- c:\docume~1\admini~1.cha\applic~1\Colasoft Packet Builder
2009-01-31 20:01 --d----- c:\program files\common files\Colasoft Shared
2009-01-31 20:01 --d----- c:\program files\Colasoft Packet Builder 1.0
2009-01-31 11:36 4,096 a------- c:\windows\d3dx.dat
2009-01-31 00:17 186,407 a------- c:\windows\system32\nvapps.nvb
2009-01-31 00:16 --d----- C:\NVIDIA
2009-01-31 00:13 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-31 00:12 --d----- c:\windows\system32\xircom
2009-01-31 00:05 --d----- c:\windows\ServicePackFiles
2009-01-30 12:56 --d----- c:\windows\system32\DirectX
2009-01-29 23:13 --d----- c:\docume~1\alluse~1.win\applic~1\2DBoy
2009-01-29 17:51 59 a------- c:\windows\go.bat
2009-01-27 16:54 --d----- c:\documents and settings\administrator.chaoscomp\.thumbnails
2009-01-27 16:53 --d----- c:\documents and settings\administrator.chaoscomp\.gimp-2.6
2009-01-27 16:53 --d----- c:\documents and settings\administrator.chaoscomp\.gegl-0.0
2009-01-27 16:48 --d----- c:\program files\GIMP-2.0
2009-01-27 16:45 3,639,412 a------- c:\temp\GREYCstoration-2.9.zip
2009-01-27 16:30 --d----- c:\program files\VirtuallTek
2009-01-25 16:21 --d----- c:\docume~1\admini~1.cha\applic~1\Wireshark
2009-01-25 16:09 --d----- c:\program files\WinPcap
2009-01-25 16:08 --d----- c:\program files\Wireshark
2009-01-25 13:51 --d----- c:\docume~1\alluse~1.win\applic~1\Trymedia
2009-01-24 00:55 --d----- c:\temp\Word
2009-01-24 00:53 --d----- c:\program files\MSECache
2009-01-22 21:54 74 a------- c:\windows\CFF Explorer.INI
2009-01-22 21:09 1,869 a------- c:\windows\TSearch.INI
2009-01-22 20:33 1,764,044 a------- C:\TestSound2.wav
2009-01-22 19:04 196,652 a------- C:\Ramp3.wav
2009-01-22 18:54 524,324 a------- C:\Ramp2.wav
2009-01-22 18:50 524,324 a------- C:\Ramp.wav
2009-01-20 00:13 32,768 a------- c:\windows\ReBirth RB-338 2.prf
2009-01-20 00:11 41,216 a---h--- C:\rb20crk.dat
2009-01-20 00:11 --d----- C:\audio
2009-01-18 20:01 82,583 a------- c:\temp\in_mpc.exe
2009-01-18 20:00 51,600 a------- c:\windows\system32\RadLightMPCUninstall.exe
2009-01-18 18:44 176,444 a------- C:\TestSound.wav
2009-01-16 14:57 423,424 a------- C:\HdErazer.exe
2009-01-15 22:06 11,008 a------- c:\windows\system32\drivers\KSMON.SYS
2009-01-15 20:56 3,154,009 a------- c:\temp\audacity-win-1.2.6.zip
2009-01-15 14:09 33,152 a------- c:\windows\system32\drivers\FrwDriver.sys
2009-01-15 13:38 156,910 a------- c:\windows\WMSysPr8.prx
2009-01-15 13:38 665,424 a------- c:\windows\system32\wmv8dmoe.dll
2009-01-15 13:38 572,752 a------- c:\windows\system32\wmvdmoe.dll
2009-01-15 13:38 438,608 a------- c:\windows\system32\wmv8dmod.dll
2009-01-15 13:38 1,683,792 a------- c:\windows\system32\wmvcore2.dll
2009-01-15 13:38 285,184 a------- c:\windows\system32\wmidx2.ocx
2009-01-15 11:44 14,275,882 a------- c:\temp\pidgin-2.5.4.exe
2009-01-14 20:24 --d----- c:\documents and settings\administrator.chaoscomp\VSWebCache
2009-01-11 21:23 17,408 a------- c:\windows\system32\drivers\vadsimpl.sys
2009-01-11 20:49 0 a------- c:\windows\graphedt.INI
2009-01-11 20:16 321 a------- c:\windows\ksstudio.ini
2009-01-11 20:03 --d----- C:\WINDDK
2009-01-10 17:36 --d----- c:\temp\aspell
2009-01-09 22:17 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-09 22:15 --d----- c:\program files\Peer2Me
2009-01-09 22:07 3,217,072 a------- c:\temp\Peer2Me - setup.exe
2009-01-09 18:02 --d----- c:\docume~1\admini~1.cha\applic~1\ChaosPro
2009-01-09 18:02 --d----- c:\program files\ChaosPro3.3
2009-01-08 22:54 --d----- c:\program files\ionCube Package Foundry Evaluation
2009-01-08 22:53 86,016 a------- c:\windows\system32\ionenshi.dll
2009-01-08 22:53 --d----- c:\program files\ionCubePHPEncoder6.5
2009-01-08 22:10 --d----- c:\docume~1\admini~1.cha\applic~1\Subversion
2009-01-08 22:08 --d----- c:\program files\TortoiseSVN
2009-01-08 20:54 22,148,280 a------- c:\temp\antivir_workstation_winu_fr_h.exe
2009-01-07 18:55 --d----- c:\temp\Fractals
2009-01-06 19:30 --d----- c:\temp\idaplugs
2009-01-06 18:47 --d----- c:\program files\Delphi Files
2009-01-06 14:27 --d----- c:\docume~1\admini~1.cha\applic~1\Dev-Cpp
2009-01-06 14:27 --d----- C:\Dev-Cpp
2009-01-05 20:22 --d----- c:\program files\ShareAPicUploader
2009-01-05 20:22 --d----- c:\temp\SAPuploader30
2009-01-05 19:38 --d----- c:\temp\crackjob
2009-01-05 13:31 --d----- c:\docume~1\admini~1.cha\applic~1\Datarescue
2009-01-05 13:30 --d----- c:\program files\Photo N-Gine
2009-01-04 20:08 --d----- c:\windows\system32\oodag

==================== Find3M ====================

2009-01-02 19:13 159 a------- c:\windows\fonts\INSTALL.LOG
2009-01-02 11:12 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 20:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 20:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-08 12:53 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-12-07 19:08 795,648 a------- c:\windows\system32\xvidcore.dll
2008-12-07 19:08 130,048 a------- c:\windows\system32\xvidvfw.dll
2004-08-22 17:05 102,400 a------- c:\program files\daemon.exe
2002-05-23 11:55 167,936 a------- c:\program files\pfctoc.dll

============= FINISH: 18:26:52,94 ===============

A very bad situation.
Did you surf the web from the time you started this thread and now? there is alot more malware present than shown in the first HJT log.

• Download combofix from here combofix.exe
  
• Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

A very bad situation.
Did you surf the web from the time you started this thread and now? there is alot more malware present than shown in the first HJT log.

avg crashed with the others processes, i forgot to mention it

Well, please stay offline until we are done, and go ahead with Combofix.
See here if CF says AVG isn't disabled:
http://www.bleepingcomputer.com/forums/index.php?showtopic=114351&st=0&p=649847&#entry649847

unable to reboot after combofix finished his work, i guess damage was too much extensive
i made a quick windows install to be able to connect

i ran absolutely nothing from my hard drive, any advice to remove the infected files left everywhere ?

So there is no Combofix log?
Need a new DDS log please.

no Combofix log ...

new dds log ->


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 23:43:45.65 on Tue 02/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.562 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-02-03 23:34 --d----- c:\docume~1\admini~1\applic~1\JewelMatch2
2009-02-03 23:31 --d----- c:\windows\Jewel Match 2
2009-02-03 23:29 186,407 a------- c:\windows\system32\nvapps.nvb
2009-02-03 23:28 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-02-03 23:28 --d----- C:\NVIDIA
2009-02-03 23:00 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-02-03 22:59 --d----- c:\program files\Creative
2009-02-03 22:59 10,194 -------- c:\windows\system32\PFMODNT.SYS
2009-02-03 22:58 83,456 a----r-- c:\windows\system32\drivers\DLKRTXP.SYS
2009-02-03 22:56 --d----- c:\windows\system32\xircom
2009-02-03 22:47 --d----- c:\windows\system32\scripting
2009-02-03 22:47 --d----- c:\windows\l2schemas
2009-02-03 22:47 --d----- c:\windows\system32\en
2009-02-03 22:47 --d----- c:\windows\system32\bits
2009-02-03 22:45 --d----- c:\windows\ServicePackFiles
2009-02-03 22:40 19,569 a------- c:\windows\002659_.tmp
2009-02-03 22:40 --d----- c:\windows\system32\ReinstallBackups
2009-02-03 22:40 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-02-03 22:23 --d----- c:\documents and settings\Administrator
2009-02-03 22:23 --ds---- c:\windows\system32\Microsoft
2009-02-03 22:16 2,577 a------- c:\windows\system32\CONFIG.NT
2009-02-03 22:16 0 a------- c:\windows\control.ini
2009-02-03 22:16 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-03 22:16 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-03 22:16 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-03 22:14 --dsh--- c:\documents and settings\all users\DRM
2009-02-03 22:14 --d--r-- c:\windows\Offline Web Pages
2009-02-03 22:14 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-02-03 22:14 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-03 22:14 --ds---- c:\windows\Downloaded Program Files
2009-02-03 22:14 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-03 22:14 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-03 22:14 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-03 22:14 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-03 22:14 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-03 22:14 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-02-03 22:13 --d-h--- c:\program files\WindowsUpdate
2009-02-03 22:13 --d----- c:\windows\system32\DirectX
2009-02-03 22:12 --d----- c:\program files\common files\MSSoap
2009-02-03 22:10 --d----- c:\program files\Online Services
2009-02-03 22:09 --d----- c:\program files\LClock
2009-02-03 22:09 --d----- c:\program files\Unlocker
2009-02-03 22:09 --d----- c:\program files\Messenger
2009-02-03 22:09 --d----- c:\program files\MSN Gaming Zone
2009-02-03 22:08 --d----- c:\program files\Windows NT
2009-02-03 13:54 --d----- c:\program files\common files\ODBC
2009-02-03 13:54 --d----- c:\program files\common files\SpeechEngines
2009-02-03 13:53 --d--r-- c:\documents and settings\all users\Documents
2009-02-03 02:50 4,622,076 a------- c:\temp\WINDOWSXP-KB310994-SP2-PRO-BOOTDISK-FRA.EXE
2009-02-03 02:27 168,960 a------- c:\temp\JavaRa.exe
2009-02-03 02:25 69,512 a------- c:\temp\JavaRa.zip
2009-01-27 07:45 3,639,412 a------- c:\temp\GREYCstoration-2.9.zip
2009-01-23 15:55 --d----- c:\temp\Word
2009-01-18 11:01 82,583 a------- c:\temp\in_mpc.exe
2009-01-15 11:56 3,154,009 a------- c:\temp\audacity-win-1.2.6.zip
2009-01-15 02:44 14,275,882 a------- c:\temp\pidgin-2.5.4.exe
2009-01-10 08:36 --d----- c:\temp\aspell
2009-01-09 13:07 3,217,072 a------- c:\temp\Peer2Me - setup.exe
2009-01-08 11:54 22,148,280 a------- c:\temp\antivir_workstation_winu_fr_h.exe
2009-01-07 09:55 --d----- c:\temp\Fractals
2009-01-06 10:30 --d----- c:\temp\idaplugs
2009-01-05 11:22 --d----- c:\temp\SAPuploader30
2009-01-05 10:38 --d----- c:\temp\crackjob

==================== Find3M ====================

2009-02-03 22:51 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-03 22:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-01 17:40 1,341 a------- C:\regtools.vbs
2009-01-16 05:57 423,424 a------- C:\HdErazer.exe

============= FINISH: 23:44:03.37 ===============

Hello.
I think the re-install was a better option, but now no AV is present when the log was taken.

This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Done, scan in progress
( i wanted anything else than the new avg anyway, such a bloatware ...)

Do you want to see antivir log ?
It seems there is a lot of false positive (mostly dev tools, and things like upx)
In brief , is there some well know false positive with antivir ? (like packed executable)

Nah, don't need to see it.
UPX sets of alot of virus scanners, one of our tools was packed in UPX, but the developer changed it.

Hello, sadly i'm back
everything was running fine, and suddenly when working antivir crashed
i cannot reinstall it each time i install it says the setup was modified by the virus.

i really need to find a way to get rid of that thing ...

as a further note i need to say i was very careful i ran nothing from the hard disk, all soft were redownloaded

horrible thing .......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:39 AM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Opera\opera.exe
C:\temp\procexp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\fjmm.exe \s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [vxvffpqw.exe] C:\WINDOWS\vxvffpqw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [vxvffpqw.exe] C:\WINDOWS\vxvffpqw.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 2221 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R3 - Default URLSearchHook is missing
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\fjmm.exe \s
  O4 - HKUS\S-1-5-18\..\Run: [vxvffpqw.exe] C:\WINDOWS\vxvffpqw.exe (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [vxvffpqw.exe] C:\WINDOWS\vxvffpqw.exe (User 'Default user')
  O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.