Crashs dans les dossiers, drwtsn32.exe

Merci pour votre assistance, j'ai fais toutes les étapes comme vous m'avez demandé, et voici le rapport:



-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Version 6.00 R1.04.2451.A2
USER : OACA ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090127-0] 4.8.1296 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:44 Go (Free:10 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 28/01/2009|10:02 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\NonWDfhk.ini
C:\WINDOWS\system32\NonWDfhk.ini2
[b]==> VUNDO <==/b

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]




1 - "C:\ToolBar SD\TB_1.txt" - 28/01/2009| 9:50 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/01/2009|10:00 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 28/01/2009|10:02 - Option : [1]

-----------\\ Fin du rapport a 10:02:40,57

Salut;

j'ai fais tous ce que vous m'avez demandé mais dés que j'exécute ComboFix une fenêtre apparaît dont inscrit le message ci-dessous:

----------------------------------------------------------------------------------------------------------------------------
ComboFix a détecté que le(s) scanneur(s) en temps réel suivant(s) est (sont) actif(s):

* Antivirus Trend Micro OfficeScan

On sait que ..........
Veuillez désactiver ces scanneurs avant de cliquer sur ok

----------------------------------------------------------------------------------------------------------------------------

j'ai pas bien compris ce message, par contre Avast est inactif ainsi que malwarebytes, je sait pas d'où vient ce scanneur et comment le désactiver il n'apparaît pas dans le gestionnaire des tâches.

Alors j'ai appuyé sur OK un autre msg apparaît:


----------------------------------------------------------------------------------------------------------------------------
* Antivirus Trend Micro Officescan
le scanneur en temps réel ci-dessus est toujours actif mais combofix va continuer à s'exécuter. veuillez noter que c'est à vos risques et périls
----------------------------------------------------------------------------------------------------------------------------

Alors à ce stade j'ai annulé le travail et j'ai arrêté combofix pour demander votre conseil
que doit je faire?? je avec combofix??
merci pour votre patience et votre aide précieuse.

re,
Rapport findykill


###################### [ FindyKill V4.714 ]

# User : OACA - TWR1
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 11:25:54 le 28/01/2009
# Windows XP - Internet Explorer 8.0.6001.18241

# [ FindyKill V4.714 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\OACA\Application Data ]


################## [ C:\DOCUME~1\OACA\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
L07FXLRD_262991437="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Malwarebytes' Anti-Malware="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1


\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////




\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - # Type de démarrage = 3

Ip6Fw - # Type de démarrage = 2

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe

D: - Lecteur fixe


# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.714 ! ]

re

comme demandé voici les rapports:

rapport RSIT après l'utilisation de flash desinfector avec le branchement du flash disque que j'utilise et de mon portable nokia6300 que je le connecte fréquement à mon PC:

Logfile of random's system information tool 1.05 (written by random/random)
Run by OACA at 2009-01-28 14:51:16
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 10 GB (32%) free of 31 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:21, on 28/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\OACA\Bureau\RSIT.exe
C:\Documents and Settings\OACA\Mes documents\HiJackThis\OACA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L07FXLRD_262991437] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &3D Satellite Search - res://C:\Documents and Settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&earchSave Web Search - res://C:\Documents and Settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

re,
voici le rapport de Toolscleaner2

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\OACA\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\OACA\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\OACA\Bureau\TB.txt: trouvé !
C:\Documents and Settings\OACA\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\OACA\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\OACA\Mes documents\HijackThis: trouvé !
C:\Documents and Settings\OACA\Mes documents\HiJackThis\HijackThis.exe: trouvé !
C:\Documents and Settings\OACA\Mes documents\HiJackThis\hijackthis.log: trouvé !
C:\Documents and Settings\OACA\Recent\HijackThis.lnk: trouvé !
C:\Program Files\FindyKill: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\OACA\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\OACA\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\OACA\Mes documents\HiJackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\OACA\Recent\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\OACA\Bureau\TB.txt: supprimé !
C:\Documents and Settings\OACA\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\OACA\Mes documents\HiJackThis\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\OACA\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Documents and Settings\OACA\Mes documents\HijackThis: supprimé !
C:\Program Files\FindyKill: supprimé !

et voici le rapport de combofix:

ComboFix 09-01-21.04 - OACA 2009-01-28 11:00:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.546 [GMT 1:00]
Lancé depuis: c:\documents and settings\OACA\Bureau\ComboFix.exe
AV: Antivirus Trend Micro OfficeScan *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\OACA\Application Data\.#
c:\documents and settings\OACA\Application Data\Adobe\crc.dat
c:\documents and settings\OACA\Application Data\Adobe\Player.exe.bak
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\system32\jklavcmm.ini
c:\windows\system32\jrncfhrx.ini
c:\windows\system32\krkonurb.ini
c:\windows\system32\ktkgtbfl.ini
c:\windows\system32\NonWDfhk.ini
c:\windows\system32\NonWDfhk.ini2
c:\windows\system32\scuwnstt.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.

2009-01-28 11:03 . 2009-01-28 11:03 16,384 --a----t- c:\temp\Perflib_Perfdata_5a8.dat
2009-01-28 09:48 . 2009-01-28 10:02 <REP> d-------- C:\ToolBar SD
2009-01-23 14:31 . 2009-01-23 14:31 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-23 14:31 . 2009-01-23 14:31 1,409 --a------ c:\windows\QTFont.for
2009-01-23 13:43 . 2009-01-23 14:45 <REP> d-------- c:\program files\Gabest
2009-01-23 10:07 . 2009-01-23 10:07 <REP> d-------- c:\documents and settings\OACA\Application Data\Jasc
2009-01-19 14:51 . 2009-01-23 08:40 <REP> d-------- c:\documents and settings\OACA\Application Data\Metacafe
2009-01-19 14:51 . 2009-01-19 14:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Metacafe
2009-01-19 09:41 . 2009-01-19 15:08 <REP> d-------- c:\program files\OJOsoft
2009-01-19 09:41 . 2009-01-19 09:41 <REP> d-------- c:\program files\Fichiers communs\Common Share
2009-01-16 15:31 . 2009-01-16 15:31 34 --ah----- c:\windows\system32\VideoConverter_sysquict.dat
2009-01-16 15:09 . 2009-01-16 15:10 <REP> d-------- c:\program files\Metacafe
2009-01-16 14:02 . 2009-01-16 14:02 <REP> d-------- c:\documents and settings\OACA\Application Data\FDRLab
2009-01-16 10:41 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-16 10:41 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-16 10:41 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-16 09:27 . 2009-01-16 09:27 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-16 09:27 . 2009-01-16 09:27 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-16 09:26 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-16 09:25 . 2009-01-16 09:25 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-01-16 09:22 . 2009-01-16 09:22 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-16 08:52 . 2009-01-16 08:52 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-14 13:24 . 2009-01-14 13:24 18 --a------ c:\windows\Expire.dat
2009-01-08 09:00 . 2009-01-23 15:56 <REP> d-------- c:\program files\eMule
2009-01-06 12:44 . 2009-01-07 12:45 <REP> d-------- c:\program files\RM to MP3 Converter
2009-01-02 12:39 . 2009-01-02 12:39 <REP> d-------- c:\windows\Diego Dinosaur Rescue
2008-12-31 14:27 . 2008-12-31 14:27 16 --a------ c:\windows\popcinfo.dat
2008-12-31 14:18 . 2008-10-05 05:24 36,864 --a------ c:\windows\system32\Power.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 08:59 --------- d-----w c:\documents and settings\OACA\Application Data\Camfrog
2009-01-28 08:59 --------- d-----w c:\documents and settings\OACA\Application Data\Azureus
2009-01-27 15:15 --------- d-----w c:\program files\Azureus
2009-01-17 08:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-16 13:02 --------- d-----w c:\program files\FDRLab
2009-01-16 08:27 --------- d-----w c:\program files\Microsoft
2009-01-16 08:26 --------- d-----w c:\program files\Windows Live
2009-01-15 10:03 --------- d-----w c:\documents and settings\OACA\Application Data\Skype
2009-01-15 09:50 --------- d-----w c:\documents and settings\OACA\Application Data\skypePM
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-09 07:57 --------- d-----w c:\program files\FlashGet
2009-01-09 07:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 08:07 --------- d-----w c:\documents and settings\OACA\Application Data\Auslogics
2008-12-26 14:17 --------- d-----w c:\program files\Google
2008-12-23 15:34 --------- d-----w c:\program files\Jasc Software Inc
2008-12-22 13:38 --------- d-----w c:\program files\Auslogics
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-03 10:31 --------- d-----w c:\program files\TechSmith
2008-12-03 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-12-03 10:29 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-01 14:41 --------- d-----w c:\program files\ALWARED
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-06-05 09:30 104,480 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-06-05 09:30 14,368 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"L07FXLRD_262991437"="c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-26 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^OACA^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbyssmoClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ac3f3e32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdvancedCleaner Free
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Calendar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chiCkie
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java Runtime Enviornment
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcp0wj0ev4n
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Player
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premium Clock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s9201
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhct0wj0ev4n
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuarder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UADCFR_1983294103
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UADCFR_2459970356
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusRanger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 01:08 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-05-28 15:40 1197296 c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 13:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2008-12-08 17:01 453984 c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-05 13:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 13:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 15:34 213936 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_10816984]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_116994375]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_17235671]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_189562]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_1903796]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_206906]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_262398531]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_268962031]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3008015]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3118015]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_344164171]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_347968]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_46446140]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_499958609]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_5994843]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_63944468]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_67579296]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_7107234]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_83543140]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_93968]
--a------ 2006-06-13 17:11 351000 c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO38]
--a------ 2006-05-08 14:43 252416 c:\program files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 06:32 5537792 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-02-24 06:32 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 2008-09-14 10:27 14174000 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 08:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-14 15:18 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 13:11 21738792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 02:10 49263 c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2005-03-14 00:37 1057280 c:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-26 09:04 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2006-05-04 15:26 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 06:32 1495040 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--a--c--- 2005-01-07 16:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2008-04-10 15:52 16861184 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 17:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TmProxy"=3 (0x3)
"tmlisten"=2 (0x2)
"ntrtscan"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=2 (0x2)
"SeaPort"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Avitech\\AFTN Station\\TCP\\AFTN_TCP_O.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranFilterEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranDictionaryManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
"42148:TCP"= 42148:TCP:Trend Micro OfficeScan Listener
"37676:TCP"= 37676:TCP:*:Disabled:TCP port 37676 ooVoo
"37676:UDP"= 37676:UDP:*:Disabled:UDP port 37676 ooVoo
"37677:UDP"= 37677:UDP:*:Disabled:UDP port 37677 ooVoo

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-12-15 3456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-09 111184]
R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [2007-01-11 72192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-12 15504]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-09 20560]
R4 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-10-31 941784]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-16 55136]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-12 170640]
S4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a16b15-9c29-11dd-af43-003005e3f55f}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a16b16-9c29-11dd-af43-003005e3f55f}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{675bc5b8-a404-11dd-af46-003005e3f55f}]
\Shell\AutoRun\command - F:\2fiji.com
\Shell\explore\Command - F:\2fiji.com
\Shell\open\Command - F:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc18ba1-0d22-11dd-ae88-003005e3f55f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e70a89a-ea8d-11dc-ae71-cb2534e3c158}]
\Shell\AutoRun\command - F:\d.com
\Shell\explore\Command - F:\d.com
\Shell\open\Command - F:\d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{756822da-aa68-11dd-af4b-003005e3f55f}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d36f3a-8ee3-11dd-af3f-003005e3f55f}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db558809-c893-11db-ad59-003005e3f55f}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-28 c:\windows\Tasks\Malwarebytes' Scheduled Scan for OACA.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 16:11]

2009-01-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for OACA.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 16:11]

2009-01-28 c:\windows\Tasks\User_Feed_Synchronization-{8EF12F81-AC7B-4F23-9996-F2784C7ED52F}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{f592709f-ff4a-4862-b659-4afabda56312} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SSODL-TtdlMGqqAig-{AC3F3E9E-0695-9434-88F2-999C9FB5A221} - (no file)
Notify-ssqRJBrp - ssqRJBrp.dll
MSConfigStartUp-Auslogics BoostSpeed 4 - c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
MSConfigStartUp-german - (no file)
MSConfigStartUp-Microsoft Update Machine - yprwfc.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: &3D Satellite Search - c:\documents and settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&earchSave Web Search - c:\documents and settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
FF - ProfilePath - c:\documents and settings\OACA\Application Data\Mozilla\Firefox\Profiles\7sp6q7wj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 11:04:39
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Heure de fin: 2009-01-28 11:06:59 - La machine a redémarré [OACA]
ComboFix-quarantined-files.txt 2009-01-28 10:06:56

Avant-CF: 8,857,575,424 octets libres
Après-CF: 8,778,485,760 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

419 --- E O F --- 2009-01-14 00:02:11



NB: (le crash insiste encore)

et voila,

log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by OACA at 2009-01-28 11:58:55
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 10 GB (32%) free of 31 GB
Total RAM: 1022 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:00, on 28/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\OACA\Bureau\RSIT.exe
C:\Documents and Settings\OACA\Mes documents\HiJackThis\OACA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L07FXLRD_262991437] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &3D Satellite Search - res://C:\Documents and Settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&earchSave Web Search - res://C:\Documents and Settings\OACA\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

re,
J'ai fais comme demandé mais aucun signe de ses fichier:

2fiji.com
LaunchU3.exe
d.com
taipingtianguov1.exe
Wsript.exe./.vbs