@ BoulePate62: J'ai suivi tes conseils et j'ai obtenu ce résultat:
1/ les occurrences dans HijackThis que j'ai coché ne réapparaissent plus, sauf 23 Service: terminal service NT, même après un redémarrage en mode sans échec.

2/ Compte rendu VirtumondoBeGone:

[08/30/2006, 22:11:03] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[08/30/2006, 22:11:10] - Detected System Information:
[08/30/2006, 22:11:10] - Windows Version: 5.0.2195, Service Pack 4
[08/30/2006, 22:11:10] - Current Username: Administrateur (Admin)
[08/30/2006, 22:11:10] - Windows is in SAFE mode with Networking.
[08/30/2006, 22:11:10] - Searching for Browser Helper Objects:
[08/30/2006, 22:11:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/30/2006, 22:11:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/30/2006, 22:11:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2006, 22:11:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/30/2006, 22:11:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/30/2006, 22:11:10] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2006, 22:11:10] - BHO 4: {A893C6FD-ED46-4023-AECF-E720143FEFBA} ()
[08/30/2006, 22:11:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2006, 22:11:10] - Checking for HKLM\...\Winlogon\Notify\nnlji
[08/30/2006, 22:11:10] - Found: HKLM\...\Winlogon\Notify\nnlji - This is probably Virtumundo.
[08/30/2006, 22:11:10] - Assigning {A893C6FD-ED46-4023-AECF-E720143FEFBA} MSEvents Object
[08/30/2006, 22:11:10] - BHO list has been changed! Starting over...
[08/30/2006, 22:11:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/30/2006, 22:11:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/30/2006, 22:11:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2006, 22:11:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/30/2006, 22:11:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/30/2006, 22:11:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2006, 22:11:11] - BHO 4: {A893C6FD-ED46-4023-AECF-E720143FEFBA} (MSEvents Object)
[08/30/2006, 22:11:11] - ALERT: Found MSEvents Object!
[08/30/2006, 22:11:11] - Finished Searching Browser Helper Objects
[08/30/2006, 22:11:11] - *** Detected MSEvents Object
[08/30/2006, 22:11:11] - Trying to remove MSEvents Object...
[08/30/2006, 22:11:12] - Terminating Process: IEXPLORE.EXE
[08/30/2006, 22:11:12] - Terminating Process: RUNDLL32.EXE
[08/30/2006, 22:11:12] - Disabling Automatic Shell Restart
[08/30/2006, 22:11:12] - Terminating Process: EXPLORER.EXE
[08/30/2006, 22:11:12] - Suspending the NT Session Manager System Service
[08/30/2006, 22:11:12] - Terminating Windows NT Logon/Logoff Manager
[08/30/2006, 22:11:12] - Re-enabling Automatic Shell Restart
[08/30/2006, 22:11:12] - File to disable: E:\WINNT\system32\nnlji.dll
[08/30/2006, 22:11:12] - Renaming E:\WINNT\system32\nnlji.dll -> E:\WINNT\system32\nnlji.dll.vir
[08/30/2006, 22:11:12] - ! File rename was unsucessful.
[08/30/2006, 22:11:12] - Attempting to Deny Access to E:\WINNT\system32\nnlji.dll
[08/30/2006, 22:11:13] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[08/30/2006, 22:11:13] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[08/30/2006, 22:11:13] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[08/30/2006, 22:11:13] - Removing HKLM\...\Browser Helper Objects\{A893C6FD-ED46-4023-AECF-E720143FEFBA}
[08/30/2006, 22:11:13] - Removing HKCR\CLSID\{A893C6FD-ED46-4023-AECF-E720143FEFBA}
[08/30/2006, 22:11:13] - Adding Kill Bit for ActiveX for GUID: {A893C6FD-ED46-4023-AECF-E720143FEFBA}
[08/30/2006, 22:11:13] - Deleting ATLEvents/MSEvents Registry entries
[08/30/2006, 22:11:13] - Removing HKLM\...\Winlogon\Notify\nnlji
[08/30/2006, 22:11:13] - Searching for Browser Helper Objects:
[08/30/2006, 22:11:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/30/2006, 22:11:13] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/30/2006, 22:11:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2006, 22:11:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/30/2006, 22:11:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/30/2006, 22:11:13] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2006, 22:11:13] - Finished Searching Browser Helper Objects
[08/30/2006, 22:11:13] - Finishing up...
[08/30/2006, 22:11:13] - A restart is needed.
[08/30/2006, 22:11:30] - Attempting to Restart via STOP error (Blue Screen!)

[08/30/2006, 22:14:10] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[08/30/2006, 22:14:14] - Detected System Information:
[08/30/2006, 22:14:14] - Windows Version: 5.0.2195, Service Pack 4
[08/30/2006, 22:14:14] - Current Username: Administrateur (Admin)
[08/30/2006, 22:14:14] - Windows is in NORMAL mode.
[08/30/2006, 22:14:14] - Searching for Browser Helper Objects:
[08/30/2006, 22:14:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/30/2006, 22:14:14] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/30/2006, 22:14:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2006, 22:14:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/30/2006, 22:14:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/30/2006, 22:14:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2006, 22:14:15] - Finished Searching Browser Helper Objects
[08/30/2006, 22:14:15] - Finishing up...
[08/30/2006, 22:14:15] - Nothing found! Exiting...


@ Green Day: Je croyais avoir enlevé Wareout avec FixWareout il y a deux semaines ! Bon, je vais recommencer, alors ...

Merci pour vos conseils, en tout cas !