Maj impossible

le rapport "combofix"
ComboFix 09-08-29.01 - christophe 30/08/2009 17:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1791.991 [GMT 2:00]
Running from: c:\users\christophe\Desktop\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: AntiVirus Firewall 7.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: AntiVirus Firewall 7.00 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-665427846-4257316974-4283011488-500
c:\users\christophe\AppData\Local\bdhtwcf.dat
c:\users\christophe\AppData\Local\bdhtwcf.exe
c:\users\christophe\AppData\Local\bdhtwcf_nav.dat
c:\users\christophe\AppData\Local\bdhtwcf_navps.dat
c:\windows\1003spyz95e1003.ocx
c:\windows\10527worm794z.cpl
c:\windows\10563worm9bz.ocx
c:\windows\10584hac9toz54c.ocx
c:\windows\105c9zyware69.exe
c:\windows\10908trojzee5.bin
c:\windows\109575pz596.exe
c:\windows\11235wz9m7b.exe
c:\windows\11465vi9us5abz.dll
c:\windows\1151szywar91177.ocx
c:\windows\11585v9rus360z.ocx
c:\windows\11999not-a-vzr5s71a.cpl
c:\windows\11d3threa910752z.dll
c:\windows\11zdow9loader3056.exe
c:\windows\12294spam9ot5z1.cpl
c:\windows\124589ozm7af.bin
c:\windows\1264bz9kdoor5525.ocx
c:\windows\12769spam5otzbf.ocx
c:\windows\12770z9rus7ea5.dll
c:\windows\127bdownlozde92591.cpl
c:\windows\13906vizu52c9.exe
c:\windows\139zdownloader5498.bin
c:\windows\13f95pyzare2479.bin
c:\windows\14295spa9bzt7955.cpl
c:\windows\14445hackto5l49z.exe
c:\windows\14532wzrm599.exe
c:\windows\14571not-a-virus7ez9.exe
c:\windows\1460zh5e91550.bin
c:\windows\14715spam9otbz.bin
c:\windows\149239ac5toolz05.bin
c:\windows\1513zparse2197.cpl
c:\windows\151825ot-a9virzs23d.ocx
c:\windows\1521thze9t24292.exe
c:\windows\15294zroj5b5.exe
c:\windows\1557zspy90d.exe
c:\windows\155dszarse931.cpl
c:\windows\15984spambot49fz.ocx
c:\windows\159addwar51549z.exe
c:\windows\15adthief97z.cpl
c:\windows\15zbsp9rse215.exe
c:\windows\16030no5-a-9irus47z.ocx
c:\windows\16632z9oj575.cpl
c:\windows\16895not-9zvir5s8.ocx
c:\windows\16940troj59z9.bin
c:\windows\17096zacktool65e.bin
c:\windows\17554zroj569.dll
c:\windows\1758downzo9der2716.exe
c:\windows\17975wzrm115.exe
c:\windows\17f5sparze21965.dll
c:\windows\18359viruz11b.bin
c:\windows\18630s5zm9ot78.ocx
c:\windows\18a8vi59786z.cpl
c:\windows\18cszar5e1597.dll
c:\windows\19326viruz52.exe
c:\windows\193cba9kdooz625.cpl
c:\windows\19565tr9z351.cpl
c:\windows\19577noz-a-virus7569.ocx
c:\windows\1957downloadzr1823.bin
c:\windows\1957zs9y5f4.cpl
c:\windows\1984thi5f145z.dll
c:\windows\19aaspzwar53017.exe
c:\windows\19c3z5dware2099.ocx
c:\windows\19z06w5rm1fa.dll
c:\windows\19zea5dware364.dll
c:\windows\1acf5ownl9zder2752.cpl
c:\windows\1ba3spz9se715.exe
c:\windows\1d9b5hrez928859.cpl
c:\windows\1f77zhrea549909.cpl
c:\windows\1ff5thre9z1591.ocx
c:\windows\1z029s9y4e25.dll
c:\windows\1z520not-a-v9rus50e.dll
c:\windows\1z5855pam9otce.ocx
c:\windows\1z599spy3eb.bin
c:\windows\208zs954e6.exe
c:\windows\209169ot-a-virus2e5z.dll
c:\windows\20f9stz5l2267.dll
c:\windows\21098troj52z.cpl
c:\windows\21435vi9us5z65.exe
c:\windows\2252znot-a-virus9fb.exe
c:\windows\22920hackt9zl165.dll
c:\windows\23795troj5z0.bin
c:\windows\241969pyz55.cpl
c:\windows\243z5parse2729.exe
c:\windows\2456s9eal1z90.dll
c:\windows\24829spamzo935a.bin
c:\windows\2482zvirus9d5.exe
c:\windows\24z39par5e161.bin
c:\windows\2509notz5-viru9339.cpl
c:\windows\25158hackto9568z.cpl
c:\windows\252zhacktoold9.bin
c:\windows\25568w9rm2z9.dll
c:\windows\256995zrus561.ocx
c:\windows\257z6s5ambo9502.ocx
c:\windows\25905spzm9ot46.exe
c:\windows\25z55virus9d4.dll
c:\windows\25z76not-a-viru91e5.cpl
c:\windows\25z99v5rus78.ocx
c:\windows\26411vi5uszb89.ocx
c:\windows\266zddwa592994.dll
c:\windows\27081z9y795.bin
c:\windows\271965pz98e.ocx
c:\windows\27913haz5tool325.ocx
c:\windows\27z10not-59virus72d.ocx
c:\windows\28279not9a-viru5z27.cpl
c:\windows\283z3vir5s394.bin
c:\windows\28959hreat11883z.bin
c:\windows\28977not5a-virus3z9.exe
c:\windows\29234notza-vir596a3.exe
c:\windows\292f5parse919z.bin
c:\windows\29471hackt5oz429.ocx
c:\windows\294z8sp5df9.cpl
c:\windows\29515zor914b.cpl
c:\windows\29527trzj20a9.dll
c:\windows\29592virusz2c.bin
c:\windows\2967backdo5r114z.exe
c:\windows\296z7worm465.bin
c:\windows\297985pambot31cz.dll
c:\windows\299et5iez2131.bin
c:\windows\2b6spa9sz2657.cpl
c:\windows\2bzste9l3254.exe
c:\windows\2d4fspzrs51179.dll
c:\windows\2d5zd5wnloade92712.dll
c:\windows\2f49downloaz9r725.bin
c:\windows\2f9azteal16605.ocx
c:\windows\2f9ba5dwarz908.exe
c:\windows\2z589s9y39f.cpl
c:\windows\2z6659ack5ool468.cpl
c:\windows\30420hack5oolf9z.cpl
c:\windows\3059spar9e19z1.exe
c:\windows\30z9addwar52748.cpl
c:\windows\3173zt5oj599.dll
c:\windows\31846hackto5l492z.ocx
c:\windows\31944zirus3b5.ocx
c:\windows\32036z5rm499.exe
c:\windows\32119tealz765.dll
c:\windows\32375ha9ktozle05.cpl
c:\windows\32453nzt-a-v95us5a9.exe
c:\windows\329f9ir5z6.ocx
c:\windows\350489iruszc2.bin
c:\windows\351adownlozder95195.cpl
c:\windows\3535threat19z199.exe
c:\windows\35380spam9zt2f8.exe
c:\windows\35e6stea9z975.ocx
c:\windows\3742bac5door286z9.exe
c:\windows\375aa9dwaze2482.cpl
c:\windows\382hzckt9ol85.bin
c:\windows\3901hzcktoo554.ocx
c:\windows\390at5rez94380.ocx
c:\windows\39372vz5us679.dll
c:\windows\3944spambo5z81.cpl
c:\windows\3957zh9ef106.dll
c:\windows\3988thr5at13265z.ocx
c:\windows\39a9t5z9at31970.bin
c:\windows\39d8azdwa5e1166.exe
c:\windows\39fbt5ief1236z.ocx
c:\windows\3ba59py5aze784.cpl
c:\windows\3bf2addwa9e551z.ocx
c:\windows\3c2zbac9door1005.ocx
c:\windows\3cd4downlo9der5z6.cpl
c:\windows\3d039hrea51z533.bin
c:\windows\3e62s9ar5ez411.cpl
c:\windows\3f1d5hre9t242z3.exe
c:\windows\3z234wo5m94e.dll
c:\windows\3z7f5i9826.bin
c:\windows\3z85spa5se2559.bin
c:\windows\4033spyw5ze3911.dll
c:\windows\40zf5pywa9e822.bin
c:\windows\41c0z9reat59013.cpl
c:\windows\42act5reat453z9.bin
c:\windows\44b79aczdoor5814.cpl
c:\windows\45305roj9b4z.exe
c:\windows\4562wo5z299.dll
c:\windows\45c1sp9rze3269.exe
c:\windows\45z5spy9are929.cpl
c:\windows\49179zywar51990.cpl
c:\windows\496zte5l671.ocx
c:\windows\49f5zackdoor2053.exe
c:\windows\4bz9downloade52810.ocx
c:\windows\4deathre9tz5568.bin
c:\windows\4fd29ac5door1956z.dll
c:\windows\4z03not-a-9iru5b6.dll
c:\windows\4z65addwa9e1511.cpl
c:\windows\50830tzoj5a9.exe
c:\windows\50zdth5eat3795.exe
c:\windows\51185z9rm374.exe
c:\windows\51dfa9dwzr51981.exe
c:\windows\5252v9r974z.exe
c:\windows\5359hzcktool72d5.dll
c:\windows\535eadzw9re2657.bin
c:\windows\541aspar9z2552.bin
c:\windows\549cthief53z.exe
c:\windows\54a5downlz9der2988.cpl
c:\windows\54z08s9y582.bin
c:\windows\55139spy62z9.ocx
c:\windows\55534zpambo9176.exe
c:\windows\5562zhi9f5837.exe
c:\windows\5591sp9z45.dll
c:\windows\5595ztro94cf.exe
c:\windows\55eeaddwaze299.bin
c:\windows\55zf5i91521.cpl
c:\windows\565fdownlo9der2z80.cpl
c:\windows\56622troj190z.cpl
c:\windows\572znot-a-vi9us6bd5.ocx
c:\windows\5751z5wnloader18119.bin
c:\windows\575etzr9at130655.dll
c:\windows\58915virzs43d.ocx
c:\windows\589cvir169z.dll
c:\windows\58dfbackdoor269z.bin
c:\windows\59222worz5fa.exe
c:\windows\593avi59z.cpl
c:\windows\593e5irz668.bin
c:\windows\59579zpambot287.dll
c:\windows\5958vi580z.ocx
c:\windows\5997spambzt5a29.exe
c:\windows\59d3thiefz268.cpl
c:\windows\59d7downloa5er676z.exe
c:\windows\59d9spywarez36.ocx
c:\windows\59e7b9ckdooz2013.bin
c:\windows\5a1zsteal39.ocx
c:\windows\5a83baczdo95599.exe
c:\windows\5az3d9wnloader993.exe
c:\windows\5b7395ckzoor529.ocx
c:\windows\5b8ft5ief907z.exe
c:\windows\5d6zaddw9re2858.ocx
c:\windows\5d95stzal740.cpl
c:\windows\5e2d9wnloaderz5115.cpl
c:\windows\5e76ste5l3z59.ocx
c:\windows\5ecabac9zoor405.cpl
c:\windows\5f59t95ez958.ocx
c:\windows\5z13wor951b.ocx
c:\windows\5z77worm190.exe
c:\windows\5z7es5ar9e531.cpl
c:\windows\5z909spy2c4.ocx
c:\windows\5zaath5ef1914.bin
c:\windows\5zd6sparse9479.exe
c:\windows\604fvir958z.cpl
c:\windows\62325pamb9z744.cpl
c:\windows\628zwo5m959.bin
c:\windows\62955owzloader2688.exe
c:\windows\62za9ddwar5462.ocx
c:\windows\6394thief508z.ocx
c:\windows\6459downloaderz599.cpl
c:\windows\64bbbac5doz91228.cpl
c:\windows\6513zack9ool38c.ocx
c:\windows\6549addw9ze2843.exe
c:\windows\6594sparz52361.ocx
c:\windows\659atzief1098.exe
c:\windows\65bcstea9281z.ocx
c:\windows\65d9downloader31z9.cpl
c:\windows\65fbthre9t29z52.cpl
c:\windows\669dthzef24959.dll
c:\windows\674b9hief2504z.ocx
c:\windows\689cz5r1937.bin
c:\windows\6909sp59se2364z.dll
c:\windows\695c9ir3z99.bin
c:\windows\69aaadz59re542.cpl
c:\windows\69c9thi5f110z.dll
c:\windows\69et5reat14z29.ocx
c:\windows\6b9zdownload592893.exe
c:\windows\6z08backdoor17539.ocx
c:\windows\6z40s95al3270.dll
c:\windows\713cspywa5e9113z.exe
c:\windows\716zsp95se3040.bin
c:\windows\7190vir18z85.cpl
c:\windows\71c5spzrs92316.exe
c:\windows\72d5tzief928.ocx
c:\windows\7436spyzar5949.ocx
c:\windows\74z2downloa9er2590.bin
c:\windows\7613thz9at15086.bin
c:\windows\7653not9a-virus30z.cpl
c:\windows\7679worz957.cpl
c:\windows\76z9threa519354.exe
c:\windows\772zviru94885.dll
c:\windows\7875troz199.ocx
c:\windows\7928s9ambot5z5.exe
c:\windows\7935spamboz541.cpl
c:\windows\79adsp5wz9e605.ocx
c:\windows\79z5spambotf75.ocx
c:\windows\7czevi53259.cpl
c:\windows\7e9fs5ezl902.dll
c:\windows\7z19addw9r53111.cpl
c:\windows\8297not-5-viruz3d9.cpl
c:\windows\86z5hacktoo959a.exe
c:\windows\8783spambot359z.cpl
c:\windows\8966spyz905.dll
c:\windows\8a59ackdoor170z.cpl
c:\windows\8zeaddware32459.bin
c:\windows\90515spz553.bin
c:\windows\908z1tr5j49.ocx
c:\windows\915fv5r285z.bin
c:\windows\915zorm69b.cpl
c:\windows\91650spy1dz.dll
c:\windows\9180wo5m5e9z.ocx
c:\windows\92052spambot105z.exe
c:\windows\92243not-a-virus64z5.bin
c:\windows\9236addwa5e1383z.bin
c:\windows\9264troz295.exe
c:\windows\93z1spy29a5.exe
c:\windows\93z35ir173.cpl
c:\windows\9465tzreat26068.dll
c:\windows\94892v5ruz642.cpl
c:\windows\951z5roj51c.exe
c:\windows\95z61spy35a.bin
c:\windows\963z5ownloader1555.dll
c:\windows\9679ha5kzool319.bin
c:\windows\96b2threa56789z.ocx
c:\windows\97ca5hreat28794z.bin
c:\windows\97dbthief2655z.exe
c:\windows\9834spyzare2805.ocx
c:\windows\9842t5ief1439z.exe
c:\windows\9849thzea52697.ocx
c:\windows\9856hackt9ol7z3.cpl
c:\windows\994cs5eaz3257.dll
c:\windows\9966threzt5842.bin
c:\windows\9995spy485z.ocx
c:\windows\99z3wor56b3.bin
c:\windows\9a8ddown5oader325z.cpl
c:\windows\9af05teal75z.dll
c:\windows\9c29steaz45.exe
c:\windows\9d78backdzor2745.dll
c:\windows\9dethre5z29594.bin
c:\windows\9fe8downloadez518.exe
c:\windows\9fz7spyware56.cpl
c:\windows\9z225acktool170.dll
c:\windows\9z97troj375.exe
c:\windows\b54spywarz29559.bin
c:\windows\b92back9zor32285.cpl
c:\windows\bd1s5ywa9e21z3.bin
c:\windows\bdebac9dzo5992.bin
c:\windows\fbddowzload5981.dll
c:\windows\system32\103419acktoo571z.ocx
c:\windows\system32\106345irus92dz.exe
c:\windows\system32\10758not-a-v5rus97z.bin
c:\windows\system32\10759szy664.bin
c:\windows\system32\11058szambota09.dll
c:\windows\system32\1109zre5t9658.bin
c:\windows\system32\11198vi5z97f1.cpl
c:\windows\system32\1145zspy390.cpl
c:\windows\system32\11592not-a-v59us44cz.dll
c:\windows\system32\12621s5zmbot90b.cpl
c:\windows\system32\12682not-a-vi9us591z.bin
c:\windows\system32\12az5ir26579.bin
c:\windows\system32\13442noz-a-vir9s357.bin
c:\windows\system32\13458s9amz5t299.bin
c:\windows\system32\13599hackzool59b.ocx
c:\windows\system32\13efthi9f5z08.exe
c:\windows\system32\14041hacktz953d0.exe
c:\windows\system32\141645ozm294.cpl
c:\windows\system32\1426spam9ot3z5.dll
c:\windows\system32\1455thrzat118939.bin
c:\windows\system32\14czspy9are5959.dll
c:\windows\system32\1519859y36z.cpl
c:\windows\system32\15354spam5o9z9b.bin
c:\windows\system32\15388not-a-9irus55z.ocx
c:\windows\system32\15460s9amzot6c45.dll
c:\windows\system32\15605hzckto9l197.dll
c:\windows\system32\1560zwor5293.ocx
c:\windows\system32\15954spambot43z.dll
c:\windows\system32\15z819py4bb.cpl
c:\windows\system32\16013zor57009.cpl
c:\windows\system32\1638doz95oader1464.bin
c:\windows\system32\1700dow5l9ader141z.ocx
c:\windows\system32\1722s9yzare2615.exe
c:\windows\system32\1745addware942z.cpl
c:\windows\system32\17519szy6d4.ocx
c:\windows\system32\17584not-a-5irus38z9.ocx
c:\windows\system32\17599hzc5tool729.exe
c:\windows\system32\18641z9c5tool8c.ocx
c:\windows\system32\188fdzwnloader1591.cpl
c:\windows\system32\18z9not-a-virus5775.bin
c:\windows\system32\19338zp59bot6a0.exe
c:\windows\system32\194v9r2z35.exe
c:\windows\system32\1959viz2239.dll
c:\windows\system32\197195py92z.ocx
c:\windows\system32\197cz5arse368.bin
c:\windows\system32\198z5s9y320.bin
c:\windows\system32\19910trzj55e.exe
c:\windows\system32\19965sp949z5.ocx
c:\windows\system32\19z565pambot721.cpl
c:\windows\system32\1a17downlozde91505.exe
c:\windows\system32\1f57steal799z.bin
c:\windows\system32\1f5avi9612z.exe
c:\windows\system32\1z569troj2905.cpl
c:\windows\system32\1z59spy795.dll
c:\windows\system32\1zb5thie95985.cpl
c:\windows\system32\2039z5roj7a5.bin
c:\windows\system32\20559s9yz5.ocx
c:\windows\system32\20706wo592z3.exe
c:\windows\system32\20953spam5otzc.bin
c:\windows\system32\21031nzt-a-vi9us4ea5.dll
c:\windows\system32\216159zoj6105.cpl
c:\windows\system32\21cz5parse9293.ocx
c:\windows\system32\22156sp9mbotzb7.cpl
c:\windows\system32\22299sp9zc85.ocx
c:\windows\system32\22z57tr5j69.cpl
c:\windows\system32\233z1h9cktool3b55.bin
c:\windows\system32\24095s5y69z.bin
c:\windows\system32\24195pazbot3119.cpl
c:\windows\system32\24355hacktzol938.dll
c:\windows\system32\2455zspy597.bin
c:\windows\system32\24951hzcktool2c9.exe
c:\windows\system32\2502zpambot98e.bin
c:\windows\system32\25598trojz7.bin
c:\windows\system32\255ez9arse765.dll
c:\windows\system32\255z2troj9355.dll
c:\windows\system32\256f9ackdooz996.bin
c:\windows\system32\25961hacktzol614.ocx
c:\windows\system32\25a09owzloader2719.ocx
c:\windows\system32\25c1b9czdoor196.cpl
c:\windows\system32\25ddd9wzloader2556.ocx
c:\windows\system32\25e25zywar91206.exe
c:\windows\system32\25f4steal9z4.cpl
c:\windows\system32\25faddw9ze1331.exe
c:\windows\system32\25z8vi59283.ocx
c:\windows\system32\26579hiefz456.dll
c:\windows\system32\26854szambo965c.bin
c:\windows\system32\26980vir5z341.dll
c:\windows\system32\26zthief9365.ocx
c:\windows\system32\27274not-a-viru9ze5.exe
c:\windows\system32\27499sp95zf.exe
c:\windows\system32\2749ot-a-vir5s4z1.dll
c:\windows\system32\2889hz5ktool452.bin
c:\windows\system32\2894zt5o915d.dll
c:\windows\system32\29093v5rzs3b2.cpl
c:\windows\system32\293zthreat19805.exe
c:\windows\system32\29419s5z186.cpl
c:\windows\system32\294599ackzool568.exe
c:\windows\system32\29459spz5e6.bin
c:\windows\system32\294955roj59ez.cpl
c:\windows\system32\2959backdooz2438.cpl
c:\windows\system32\295z0worm4a35.cpl
c:\windows\system32\295z3hacktool1b55.cpl
c:\windows\system32\2967zvirus9a25.ocx
c:\windows\system32\29855sp591z.ocx
c:\windows\system32\29993w5rm95z.bin
c:\windows\system32\29c9ba9kz5or2322.ocx
c:\windows\system32\2a01s5eal2396z.cpl
c:\windows\system32\2b24addwarz53089.dll
c:\windows\system32\2b97d9wzloa5er845.exe
c:\windows\system32\2be2ad9ware3z5.exe
c:\windows\system32\2d4bb9ckzoor10445.exe
c:\windows\system32\2d9zaddw9re5905.dll
c:\windows\system32\2dd4thie9z857.ocx
c:\windows\system32\2f50ste9lz855.ocx
c:\windows\system32\2fe8add5a9z1532.cpl
c:\windows\system32\2fz9steal1015.ocx
c:\windows\system32\2z0bspy59re938.bin
c:\windows\system32\2z46downl5ader3099.dll
c:\windows\system32\2z7cspyw5re31939.bin
c:\windows\system32\30051trojz559.ocx
c:\windows\system32\30374not-azv9rus589.cpl
c:\windows\system32\30875zirus4979.ocx
c:\windows\system32\30z05s5929c.bin
c:\windows\system32\31152t9oj82z.cpl
c:\windows\system32\313195ir9s4z5.bin
c:\windows\system32\31409not-9-virus7zd5.ocx
c:\windows\system32\3141addware53z99.dll
c:\windows\system32\31855hacktozl259.exe
c:\windows\system32\320459rzj69a5.ocx
c:\windows\system32\3219395cktozl74b.exe
c:\windows\system32\330z9ownloa5er2519.exe
c:\windows\system32\347z5te9l2141.cpl
c:\windows\system32\34ecs59zse666.cpl
c:\windows\system32\354thiefz989.ocx
c:\windows\system32\35927spz2e4.bin
c:\windows\system32\3593wzrm5f.ocx
c:\windows\system32\3802spz599.cpl
c:\windows\system32\39098w5rm49z.exe
c:\windows\system32\39459pyz75.bin
c:\windows\system32\3abdsz5wa9e1681.ocx
c:\windows\system32\3b4za5dwar91506.bin
c:\windows\system32\3b59zddware1039.dll
c:\windows\system32\3d985zarse508.exe
c:\windows\system32\3ddaspywz5e17529.ocx
c:\windows\system32\3eebvir93z45.bin
c:\windows\system32\3z73359rm279.ocx
c:\windows\system32\3z7cth5eat15094.exe
c:\windows\system32\3z84not-a-95rus167.exe
c:\windows\system32\3z953hacktool597.bin
c:\windows\system32\4178zackto9l795.dll
c:\windows\system32\4226vizus5a59.ocx
c:\windows\system32\429tro5zce9.cpl
c:\windows\system32\43c99own5oader1z35.exe
c:\windows\system32\43z29ot-a-5irus5a6.dll
c:\windows\system32\44055ackdoor955z.bin
c:\windows\system32\442edo9nloader539z.dll
c:\windows\system32\4497addwarz98655.dll
c:\windows\system32\45439zt-a-virus3d3.ocx
c:\windows\system32\455z9ief1529.bin
c:\windows\system32\459bspywarz4055.cpl
c:\windows\system32\46225ddwaz91261.exe
c:\windows\system32\4690b5ckdooz1997.bin
c:\windows\system32\46995tezl900.ocx
c:\windows\system32\4745s5yz0d9.ocx
c:\windows\system32\4799st5zl362.bin
c:\windows\system32\47bedow9lzader305.dll
c:\windows\system32\496ds9ywarz2357.dll
c:\windows\system32\49zed5wnload9r191.bin
c:\windows\system32\4d55spyware319z.bin
c:\windows\system32\4ddezddwar530259.dll
c:\windows\system32\4z73b5ckd9or1763.ocx
c:\windows\system32\502sp9r5e51z.ocx
c:\windows\system32\50638troj691z.ocx
c:\windows\system32\5072t9zeat31611.ocx
c:\windows\system32\50ezvir3945.cpl
c:\windows\system32\51229vzrusa8.ocx
c:\windows\system32\513699orm200z.exe
c:\windows\system32\51579hiez2353.bin
c:\windows\system32\5355z9arse860.exe
c:\windows\system32\5496zot-a-5irus3009.ocx
c:\windows\system32\54z48n9t-a-virus221.exe
c:\windows\system32\556259acktool12z.exe
c:\windows\system32\5577sparse1z94.dll
c:\windows\system32\55z3spyware9899.exe
c:\windows\system32\55z5bac9door549.cpl
c:\windows\system32\56296spy7zf.cpl
c:\windows\system32\562995amboz50e.exe
c:\windows\system32\5655sparse3z92.ocx
c:\windows\system32\5699zpambo95b7.cpl
c:\windows\system32\56azvir920.ocx
c:\windows\system32\56dct9reatz6846.cpl
c:\windows\system32\57356spy49ez.cpl
c:\windows\system32\577bback5oz92195.dll
c:\windows\system32\578vzru55719.exe
c:\windows\system32\578zpywa9e2215.bin
c:\windows\system32\5795not-a-virus1e1z.dll
c:\windows\system32\5795steal118z.ocx
c:\windows\system32\5795zirus95c.bin
c:\windows\system32\579thzef3269.bin
c:\windows\system32\57b9stezl22259.dll
c:\windows\system32\58499spy246z.exe
c:\windows\system32\5869pambot45dz.dll
c:\windows\system32\5875thre9t188z1.ocx
c:\windows\system32\5893zhie51293.exe
c:\windows\system32\589dvzr2115.cpl
c:\windows\system32\59059hacktozl54d.cpl
c:\windows\system32\5905zir538.dll
c:\windows\system32\59091hazktool4d8.exe
c:\windows\system32\5927zirus5679.ocx
c:\windows\system32\593z6spambot794.dll
c:\windows\system32\5944spyw5re495z.bin
c:\windows\system32\59481not-a-vi9us5z0.bin
c:\windows\system32\5954viruz559.exe
c:\windows\system32\5994bzc9doo52353.bin
c:\windows\system32\5998steaz1450.ocx
c:\windows\system32\59a2sp95se12z1.exe
c:\windows\system32\5a125ddzare1190.ocx
c:\windows\system32\5a9faddwzre98.exe
c:\windows\system32\5ad19ir351z.ocx
c:\windows\system32\5b51spywarz1309.exe
c:\windows\system32\5be4bac9dooz1735.cpl
c:\windows\system32\5c5zsteal3789.ocx
c:\windows\system32\5cdethr9at55z8.bin
c:\windows\system32\5e03thre9593z9.ocx
c:\windows\system32\5e7dadd5z9e3141.ocx
c:\windows\system32\5eb5thief25z79.bin
c:\windows\system32\5f13download9r24z.bin
c:\windows\system32\5fe1ad9ware2480z.dll
c:\windows\system32\5z865i9456.cpl
c:\windows\system32\6050sp9mbzt30c.dll
c:\windows\system32\60z3ste59988.exe
c:\windows\system32\60z5b9ckdoor1627.dll
c:\windows\system32\6234a9dw5re7z2.dll
c:\windows\system32\6284spzmb9t1dd5.bin
c:\windows\system32\63479o5mz0.cpl
c:\windows\system32\636spyzare2459.ocx
c:\windows\system32\63eazte5l1919.bin
c:\windows\system32\63z9spyw5re958.dll
c:\windows\system32\6472sp5zare1998.cpl
c:\windows\system32\653a5tzal2938.dll
c:\windows\system32\6563spywa9e259z.ocx
c:\windows\system32\6598zp559f.cpl
c:\windows\system32\6650down9zade51882.ocx
c:\windows\system32\6757ba9kdooz1283.bin
c:\windows\system32\6795sp9598z.cpl
c:\windows\system32\6804spy95z5.cpl
c:\windows\system32\683zaddwa95559.ocx
c:\windows\system32\690zaddware5422.dll
c:\windows\system32\692zv5r2152.exe
c:\windows\system32\693bzhief525.dll
c:\windows\system32\69z5spyware9887.ocx
c:\windows\system32\6a3z9ief5600.ocx
c:\windows\system32\6b05p9zare2018.cpl
c:\windows\system32\6c79spa5se2406z.bin
c:\windows\system32\6c89a5zw9re1529.exe
c:\windows\system32\6d41s59al1z69.dll
c:\windows\system32\6e55addwa9e25z5.cpl
c:\windows\system32\6ecas5arsez2009.dll
c:\windows\system32\6f569ackdoor1593z.ocx
c:\windows\system32\6z95parse1581.cpl
c:\windows\system32\6zd55teal9517.ocx
c:\windows\system32\7029not-azviru5569.exe
c:\windows\system32\7159downlo95er3024z.dll
c:\windows\system32\742zd5wnl9ader1205.cpl
c:\windows\system32\7541spyw9ze1165.dll
c:\windows\system32\75a5add95rz2051.cpl
c:\windows\system32\75c9sparze5629.exe
c:\windows\system32\7754zhi9f2114.ocx
c:\windows\system32\778bdo5nzoad9r961.cpl
c:\windows\system32\7844threa950608z.bin
c:\windows\system32\78549zeal576.bin
c:\windows\system32\7959back5ozr1392.ocx
c:\windows\system32\795steal1z54.exe
c:\windows\system32\79c9thizf2854.cpl
c:\windows\system32\7a6abackdooz94085.ocx
c:\windows\system32\7aazspars916955.dll
c:\windows\system32\7b9bdow5load9rz61.exe
c:\windows\system32\7bz9downl5ader564.ocx
c:\windows\system32\7c95spywaze3189.bin
c:\windows\system32\7c99zpa5se952.dll
c:\windows\system32\7ca9do5nloadzr616.dll
c:\windows\system32\8324virus5z9.exe
c:\windows\system32\8550h9cktool43z.ocx
c:\windows\system32\88165iruz9df.ocx
c:\windows\system32\8d7downlozd9r1502.dll
c:\windows\system32\8estezl5925.bin
c:\windows\system32\8f7vi5z3949.bin
c:\windows\system32\9045vzrus3f2.bin
c:\windows\system32\91fbvir52z.cpl
c:\windows\system32\92755hazktool6f.dll
c:\windows\system32\9295hacktooz752.bin
c:\windows\system32\93853not-a-zirus7c4.cpl
c:\windows\system32\94083spamb5t5ez.bin
c:\windows\system32\943795pazbot6f3.ocx
c:\windows\system32\9504zpy465.ocx
c:\windows\system32\951zspy119.dll
c:\windows\system32\95536hazkto5l9b.ocx
c:\windows\system32\9574worm4z5.dll
c:\windows\system32\95905pambzt5959.ocx
c:\windows\system32\95z9ackdoor528.ocx
c:\windows\system32\9699sz5ware3065.ocx
c:\windows\system32\96d6steal2z625.bin
c:\windows\system32\972z8hacktoold5.exe
c:\windows\system32\9762back5zor1121.ocx
c:\windows\system32\9885vir9s5ze.dll
c:\windows\system32\989troj29z5.exe
c:\windows\system32\98z985roj1d3.ocx
c:\windows\system32\9920vzrus6a5.exe
c:\windows\system32\9935steaz1329.ocx
c:\windows\system32\99995wzrm235.bin
c:\windows\system32\99ebzddw5re2337.ocx
c:\windows\system32\9caddow5loadzr375.ocx
c:\windows\system32\9d82download5rz431.cpl
c:\windows\system32\9dbfs5eal152z.ocx
c:\windows\system32\9f9aadd5arz2434.dll
c:\windows\system32\9z295not-a-virus60e.ocx
c:\windows\system32\9za5spyware2602.bin
c:\windows\system32\9zb5threat3545.ocx
c:\windows\system32\a35do9nzoader2624.bin
c:\windows\system32\a5vzr16629.bin
c:\windows\system32\c6azi599.dll
c:\windows\system32\cb7spywarz9835.cpl
c:\windows\system32\cdt5iez18699.exe
c:\windows\system32\e5zaddwa5e893.exe
c:\windows\system32\z03179py5c6.cpl
c:\windows\system32\z0591tr9j53.ocx
c:\windows\system32\z18919ot-a-v5rus42.bin
c:\windows\system32\z1bb5p9ware2280.bin
c:\windows\system32\z223thi9f5319.bin
c:\windows\system32\z2445ot-a-9irus416.bin
c:\windows\system32\z365sp925b.cpl
c:\windows\system32\z517wor5329.dll
c:\windows\system32\z520steal790.cpl
c:\windows\system32\z521vi9us3a3.cpl
c:\windows\system32\z532worm9fc5.cpl
c:\windows\system32\z59d5ir444.exe
c:\windows\system32\z7584troj4195.bin
c:\windows\system32\z94v591242.dll
c:\windows\system32\z9534s9y1f9.dll
c:\windows\system32\z994hacktool759.bin
c:\windows\system32\z9967tro54ac.ocx
c:\windows\system32\zada5parse296.dll
c:\windows\system32\zb3d5pars92.exe
c:\windows\system32\zba6vir32995.cpl
c:\windows\system32\zda1st95l685.cpl
c:\windows\z0345hackto9l456.cpl
c:\windows\z0993worm7a95.cpl
c:\windows\z0d75i9679.cpl
c:\windows\z166steal1659.dll
c:\windows\z2957virus925.exe
c:\windows\z3690ha5ktool1d0.bin
c:\windows\z3b9d9wnloader541.cpl
c:\windows\z45299i5us30a.bin
c:\windows\z4899or579.ocx
c:\windows\z556stea9338.bin
c:\windows\z56fstea519109.bin
c:\windows\z58cbackdo9r5560.dll
c:\windows\z6551troj98b.exe
c:\windows\z658th5e91454.exe
c:\windows\z677spy5are1975.dll
c:\windows\z79285roj40a.cpl
c:\windows\z7999spy5ac.cpl
c:\windows\z8049roj5b3.ocx
c:\windows\z8225s9y2a1.cpl
c:\windows\z853downloader28669.bin
c:\windows\z86bspywa9e1553.bin
c:\windows\z920thief23465.exe
c:\windows\z9293worm25b5.dll
c:\windows\z99edownloa5er2653.bin
c:\windows\z9c9sp5wa9e657.dll
c:\windows\zb35spy5ar91728.bin
c:\windows\zbd5t59ef515.ocx
c:\windows\zd50spyw9re852.exe
c:\windows\zddspa9se5917.ocx
c:\windows\ze9spywar58109.cpl
c:\windows\zf56th9ef2080.cpl

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 15:10 . 2009-08-30 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-30 14:06 . 2009-08-30 14:07 -------- d-----w- C:\rsit
2009-08-30 12:06 . 2009-08-30 12:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-30 11:01 . 2009-08-30 11:01 -------- d-----w- c:\program files\Trend Micro
2009-08-29 15:43 . 2009-08-29 15:43 -------- d-----w- c:\programdata\Malwarebytes
2009-08-29 15:42 . 2009-08-29 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 15:42 . 2008-06-10 17:02 34296 ----a-w- c:\windows\system32\drivers\mbamcatchme.sys
2009-08-29 15:42 . 2008-06-10 17:02 15864 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 15:12 . 2009-08-29 15:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-29 13:50 . 2009-08-29 14:57 -------- d-----w- c:\program files\a-squared Free
2009-08-29 11:19 . 2008-03-30 16:55 1213784 ----a-w- c:\users\christophe\AppData\Roaming\HouseCall 6.6\vsapi32.dll
2009-08-29 11:19 . 2006-11-22 15:48 91744 ----a-w- c:\users\christophe\AppData\Roaming\HouseCall 6.6\BPMNT.dll
2009-08-29 11:19 . 2007-12-24 15:37 138384 ----a-w- c:\users\christophe\AppData\Roaming\HouseCall 6.6\tmcomm.sys
2009-08-29 11:19 . 2006-07-07 14:29 1197584 ----a-w- c:\users\christophe\AppData\Roaming\HouseCall 6.6\ssapi32.dll
2009-08-29 11:18 . 2009-03-27 15:38 366344 ----a-w- c:\users\christophe\AppData\Roaming\HouseCall 6.6\tsc.exe
2009-08-29 11:17 . 2009-08-29 12:31 -------- d-----w- c:\users\christophe\AppData\Roaming\HouseCall 6.6
2009-08-29 11:10 . 2009-08-29 11:10 -------- d-----w- c:\programdata\NtiDvdCopy
2009-08-29 10:05 . 2009-08-30 14:55 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 10:04 . 2009-08-30 14:55 -------- d-----w- c:\programdata\Lavasoft
2009-08-29 09:41 . 2009-08-30 14:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-28 16:43 . 2009-08-28 16:43 -------- d-----w- c:\programdata\Grisoft
2009-08-28 15:20 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-28 15:19 . 2009-08-28 15:19 -------- d-----w- c:\program files\Panda Security
2009-08-28 15:16 . 2009-08-30 10:53 -------- d-----w- c:\users\christophe\.housecall6.6
2009-08-28 15:11 . 2009-08-28 15:11 -------- d-----w- c:\users\christophe\AppData\Local\Mozilla
2009-08-28 15:04 . 2009-08-28 15:04 -------- d-----w- c:\windows\BDOSCAN8
2009-08-28 14:36 . 2009-08-28 14:37 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-28 11:45 . 2009-08-28 11:45 -------- d-----w- c:\users\christophe\AppData\Roaming\Malwarebytes
2009-08-28 09:41 . 2009-08-28 09:41 -------- d-----w- c:\program files\CCleaner
2009-08-28 09:06 . 2009-08-30 12:04 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-08-28 09:05 . 2009-08-28 09:14 -------- d-----w- c:\programdata\Hitman Pro
2009-08-28 09:05 . 2009-08-28 09:05 -------- d-----w- c:\program files\Hitman Pro 3.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 15:06 . 2006-11-02 15:48 697284 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-30 15:06 . 2006-11-02 15:48 120350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-29 15:04 . 2007-12-15 20:08 -------- d-----w- c:\program files\MemoireDefenseur
2009-08-28 18:25 . 2007-12-15 20:08 -------- d-----w- c:\program files\Common Files\MemoireDefenseur
2009-08-27 16:43 . 2009-01-20 15:21 95 ----a-w- c:\users\christophe\AppData\Local\oeyyamo.bat
2009-08-07 05:20 . 2007-12-08 16:31 -------- d-----w- c:\program files\Lx_cats
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-06-12 94208]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\christophe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sommaire de OneNote.onetoc2 [2007-12-26 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-6 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^christophe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\christophe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{D57423FE-6233-4D83-BCE9-C99F0C94FAC7}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{78CA7DFD-3BF5-4AEE-A337-83FEE3E65713}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{78544601-2EB8-4E24-BF5F-B9E0366CE8E5}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{9DAD4CEA-837D-45F0-8FEA-EF73A7FF4A77}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{71B7AC69-57C1-430E-B5F1-6671DF7EABF5}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{237A754A-E60D-4216-92EB-58F957A4FE4A}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{D4A5695F-F6CF-42B3-981E-C6A66CAC0A90}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{CA13F914-574D-4FE3-8E36-CF209D5803FF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{F2B1D4F9-7494-4A6F-90BB-5AC5D786D8AA}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{974F2A79-CE24-4CFA-BA10-12AF1072AA8A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{CFCDC820-3942-43A3-BD4E-51247C5697A9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1E922576-2F40-4B76-8CF7-58A4B71D392B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{007FFFEF-E320-42A2-BC32-7C1AAFB37551}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{83664B28-154B-4D10-AA66-BF5F36EFCF0B}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6AD3F3BF-91F3-462C-8E8F-759AEE532611}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{22D4490F-5091-4EF8-8BDA-756BA4094039}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BABEEDE-1281-4374-A9DE-D630B53145E6}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{B046A40C-C6A7-419D-B46A-1DB098A10320}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{02596A6D-E3CC-4678-96C5-6C6E8A0321DF}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{6B95EC68-B766-41B1-926C-2E788218D25D}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {6B12E118-712F-4701-ABB6-CB4B9D84D29D},{F822DA11-2DD3-4621-BFD2-7D3257EFE2D9}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [28/08/2009 17:20 28544]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [09/01/2008 18:51 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [09/01/2008 18:52 28000]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [09/01/2008 18:52 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [09/01/2008 18:50 6144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/05/2007 11:41 99248]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30/08/2009 14:06 1153368]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [09/01/2008 18:50 77824]
S3 ovt530;Hercules Webcam Classic;c:\windows\System32\drivers\ov530vid.sys [05/01/2008 19:44 161792]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [12/12/2007 19:04 28224]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [09/01/2008 18:50 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [09/01/2008 18:50 18432]
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{9124E563-FD70-4388-9581-AC0B29E4DB8B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.orange.fr
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\christophe\AppData\Roaming\Mozilla\Firefox\Profiles\h2w1qmz5.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 17:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-30 17:11
ComboFix-quarantined-files.txt 2009-08-30 15:11

Pre-Run: 85 398 794 240 octets libres
Post-Run: 85 366 804 480 octets libres

956 --- E O F --- 2008-02-16 07:01

merci de repondre si rapidement je joins les logs
Logfile of random's system information tool 1.06 (written by random/random)
Run by christophe at 2009-08-30 16:06:59
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 81 GB (71%) free of 114 GB
Total RAM: 1791 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:12, on 30/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\christophe\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\christophe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Sommaire de OneNote.onetoc2
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B12E118-712F-4701-ABB6-CB4B9D84D29D}: NameServer = 85.255.115.101,85.255.112.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

Bonjour, désolé pour le retaed je rembaucais aujourd'hui , je colle les rapports que tu demandes et en + les rapports de scans fait hier soir avec spybot et malwarebyte.
1Spybot d'hier

--- Report generated: 2009-08-30 21:05 ---

eGroup.InstantAccess: [SBI $3346D5A0] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-665427846-4257316974-4283011488-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A

Fraud.WiniShield: [SBI $0AECCA30] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-665427846-4257316974-4283011488-1000\Software\WiniShield

HotTV: [SBI $F7525EB3] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-665427846-4257316974-4283011488-1000\Software\Hot-TV

HotTV: [SBI $37F7BB60] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Hot-TV

Live-Player: [SBI $71EC3D46] Réglages (Clé du registre, fixed)
HKEY_USERS\S-1-5-21-665427846-4257316974-4283011488-1000\Software\OOO\Live-Player

Live-Player: [SBI $932D89C2] Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\OOO\Live-Player

Live-Player: [SBI $C0AB2B25] Dossier Programme (Répertoire, fixed)
C:\Users\christophe\AppData\Local\live-player\

Live-Player: [SBI $9199E7DD] Donnée (Fichier, fixed)
C:\Users\christophe\AppData\Local\live-player\flv.swf
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-08-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

puis Malwarebyte d'hier soir
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2719
Windows 6.0.6000

30/08/2009 23:09:40
mbam-log-2009-08-30 (23-09-40).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 178857
Temps écoulé: 42 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6b12e118-712f-4701-abb6-cb4b9d84d29d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.101,85.255.112.68 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
puis cleanavi
Fix Navipromo version 4.0.2 commencé le 31/08/2009 17:05:50,22

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : christophe ( Administrator )
BOOT : Normal boot

Antivirus : AntiVirus Firewall 7.00 7.00 (Not Activated)
Firewall : AntiVirus Firewall 7.00 7.00 (Not Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:77 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:111 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur




Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\CHRIST~1\AppData\Local\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat OOO-Favorit supprimé !





*** Scan terminé 31/08/2009 17:18:12,47 ***

puis malbyte d'aujourd'hui
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2721
Windows 6.0.6000

31/08/2009 17:36:45
mbam-log-2009-08-31 (17-36-45).txt

Type de recherche: Examen rapide
Eléments examinés: 83297
Temps écoulé: 5 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Bon courage et merci encore

Bonjour merci d'etre toujours là :) je colle le compte rendu bitdefender
BitDefender Online Scanner - Real Time Virus Report







Generated at: Tue, Sep 01, 2009 - 19:05:57









Scan Info







Scanned Files


302164

Infected Files


0















Virus Detected







No virus found.

























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Voici les rapports
info.txt logfile of random's system information tool 1.06 2009-09-01 19:35:45

======Uninstall list======

-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
AntiVirus Firewall-->"C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hercules Classic Webcam Drivers-->C:\Program Files\InstallShield Installation Information\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}\setup.exe -runfromtemp -l0x040c -removeonly
Hercules WebCam Station-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}\Setup.exe" -l0x40c
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HouseCall 6.6-->"C:\Users\christophe\AppData\Roaming\HouseCall 6.6\uninstaller.exe"
IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Logiciel de Synchronisation Orange-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}\setup.exe" -l0x40c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVirus Firewall 7.00 (disabled)
FW: AntiVirus Firewall 7.00 (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: AVG Anti-Spyware (disabled)
AS: Windows Defender
AS: AntiVirus Firewall 7.00 (disabled)

======System event log======

Computer Name: PC-de-christoph
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {268CC9FB-F633-49C0-8281-1621540F65F4}
Utilisateur : PC-de-christoph\christophe
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 87839
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090901133037.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-christoph
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {6ACD9F05-E529-4B29-B2DB-4C3A9AA4C48A}
Utilisateur : PC-de-christoph\christophe
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 87840
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090901133037.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-christoph
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {73DB70EE-B3F7-4859-A617-464E168453A8}
Utilisateur : PC-de-christoph\christophe
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : service:PROCEXP90
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 87847
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090901133115.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-christoph
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {C6F54F48-543F-477B-9F84-062881263C7F}
Utilisateur : PC-de-christoph\christophe
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : driver:PROCEXP90
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 87848
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090901133115.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-christoph
Event Code: 6
Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 7, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.
Record Number: 87880
Source Name: ACPI
Time Written: 20090901133604.921202-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-christoph
Event Code: 103
Message: 1 2009-09-01 16:31:10+02:00 pc-de-christoph PC-de-christoph\christophe F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\IIRSP.INF_65B7B7A5\IIRSP.SYS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Record Number: 27577
Source Name: F-Secure Anti-Virus
Time Written: 20090901143111.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-christoph
Event Code: 103
Message: 2 2009-09-01 16:55:28+02:00 pc-de-christoph PC-de-christoph\christophe F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\CHRISTOPHE\APPDATA\LOCAL\MICROSOFT\WINDOWS SIDEBAR\SETTINGS.INI was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Record Number: 27578
Source Name: F-Secure Anti-Virus
Time Written: 20090901145528.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-christoph
Event Code: 11
Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Données non valides.
.
Record Number: 27579
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090901150757.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-christoph
Event Code: 11
Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Données non valides.
.
Record Number: 27580
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090901150800.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-christoph
Event Code: 103
Message: 3 2009-09-01 17:27:58+02:00 pc-de-christoph PC-de-christoph\christophe F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NFRD960.SYS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Record Number: 27592
Source Name: F-Secure Anti-Virus
Time Written: 20090901152759.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-christoph
Event Code: 4616
Message: L’heure du système a été modifiée.

Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e5

Informations sur le processus :
ID du processus : 0x554
Nom : C:\Windows\System32\svchost.exe

Heure précédente : 17:49:13 09/10/2008
Nouvelle heure : 17:49:13 09/10/2008

Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
Record Number: 36893
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081009154913.267000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-christoph
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x223ad

Type d’ouverture de session : 3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 36894
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081009154913.407400-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-christoph
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 36895
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011062837.550909-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-christoph
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x4
Nom du processus :

Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : -
Package d’authentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 36896
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011062837.566509-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-christoph
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0
ID de la stratégie : 0x10a44
Record Number: 36897
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011062837.816111-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
et le second
Logfile of random's system information tool 1.06 (written by random/random)
Run by christophe at 2009-09-01 19:35:30
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 79 GB (69%) free of 114 GB
Total RAM: 1791 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:42, on 01/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\Users\christophe\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\christophe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Startup: Sommaire de OneNote.onetoc2
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

j'ai installé toolscleaner2 il a fait son boulot mais le rapport est vide
je crois qu'il a supprimé les prog téléchargé sur le bureau ????

j'ai mis a jour adobe
et java
puis java ra.exe
le rapport suit





le rapport JavaRa.exe
JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Sep 01 20:37:28 2009

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Users\christophe\AppData\LocalLow\Sun\Java\jre1.6.0_11

Found and removed: C:\Users\christophe\AppData\LocalLow\Sun\Java\jre1.6.0_14

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Sep 01 20:39:15 2009

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Sep 01 20:48:22 2009

------------------------------------

Finished reporting.

J'ai passé ccleaner nettoyage
puis sur le registre une fois a suffit pour nettoyer toutes les entrées la 2eme 0 erreur

Pour désinstaller les barres d'outils et changer l'antivirus, (sur mon pc perso est installé avira le top il est parfait) je demanderai la permission a mon beauf (c'est sa machine) mais je lui conseillerai fortement de le faire.
Le pc a retrouvé des ailes il fonctionne parfaitement bien et ne parait plus malade
Les mises a jour auto sont desactivées et elles n'ont pas été faites depuis ~18 mois sont elles indispensables et doit on les faires ???????
Encore merci de t'occuper de mon cas, de ta patience et me faire profiter de tes compétences ;)

Bonjour, voici le rapport OTM.exe

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmacc.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaco.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaga.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaiv.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaql.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmatr.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaxf.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmazy.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbbb.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbdm.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbfz.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbhc.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmboi.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbsk.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbta.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbyb.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmccp.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcef.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcgb.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmchh.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcjx.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcld.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmclp.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcmr.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcrd.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcrp.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmcsd.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmctn.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdbl.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdcx.tmp][-software\microsoft\shared tools\msconfig\startupreg\dmdgb.tmp\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdgn.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdhj.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdie.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdih.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdmp.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmdps.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmerd.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmeun.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmevh.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfba.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfcs.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfez.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfhq.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfjv.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfjx.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfjz.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfla.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfnu.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfou.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfqh.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfwf.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfwv.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfxi.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgby.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgej.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgfm.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgio.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgos.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgqd.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgvr.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgwc.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgzr.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhcd.tmp][-software\microsoft\shared tools\msconfig\startupreg\dmhhk.tmp\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhhw.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhhx.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhjf.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhky.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhna.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhnp.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhpi.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhpy.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhqb.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhuw.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhwa.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhym.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmiaa.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmibh.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmigr.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmimd.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmims.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmini.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dminu.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmiom.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmiun.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmjfz.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmjht.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkar.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkcu.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkdt.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkeq.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkez.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkiu.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkpl.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmktf.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkvn.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmkxu.tmp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaoh.tmp\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: christophe
->Temp folder emptied: 445319 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 17748993 bytes
->FireFox cache emptied: 36701644 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 14816 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52,37 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09022009_165037

Files moved on Reboot...

Registry entries deleted on Reboot...

Rebonjour, ouf j'ai eu peur après avoir redemarré le pc plus rien ne marchais les icones du bureau du lancement rapide et du menu demarrer n'ouvraient plus rien j'ai juste réussi a ouvrir l'explorateur windows mais la fenètre restait blanche. j'ai redemarre une fois , meme chose puis une seconde, et miracle, tout remarche
j'ai passé ccleaner (nettoyeur et registre puis RSIT et voila les rapports

Logfile of random's system information tool 1.06 (written by random/random)
Run by christophe at 2009-09-02 18:13:30
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 79 GB (69%) free of 114 GB
Total RAM: 1791 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:08, on 02/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\christophe\Desktop\RSIT.exe
C:\Program Files\trend micro\christophe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Startup: Sommaire de OneNote.onetoc2
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe