Ouverture intempestive de fp pc

Ronan13 -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

j'ai vu que beaucoup de personnes avait le même problème que moi alors si quelqu'un peut m'aider. J'ai des fen^tre qui s'ouvre automatiquement surtout fp pc.
En suivant les conseils d'autres post j'ai fait un scan avec hijack dont voici le rapport.

Merci d'avance car cela fait 1 mois que ça dure et j'en peux plus. Pour information j'ai vista.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:14, on 03/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\fnac\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.football365.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67E52A0A-F792-4A38-97F6-4DFF84909A3C} - C:\Windows\system32\geBuSljh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Media Codec - {8B580E40-6B46-44C8-9E80-A5AD6E1D1035} - C:\Windows\kiasys.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxywXNHb.dll,#1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10640 bytes
Configuration: Windows Vista
Firefox 2.0.0.12

7 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut

    passe ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    post egalement un nouveau rapport hijack this stp

    @+
    0
    1. Ronan13
       
      Merci pour ta réponse,

      en premier le rapport de combo fix :

      ComboFix 08-04-03.3 - fnac 2008-04-03 22:37:33.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.952 [GMT 2:00]
      Endroit: C:\Users\fnac\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\d.exe
      c:\Users\fnac\AppData\Local\qkimovwir.dat
      C:\Users\fnac\AppData\Local\qkimovwir.exe
      c:\Users\fnac\AppData\Local\qkimovwir_nav.dat
      c:\Users\fnac\AppData\Local\qkimovwir_navps.dat
      C:\Windows\autorun.inf
      C:\Windows\System32\hjlSuBeg.ini
      C:\Windows\System32\hjlSuBeg.ini2
      C:\Windows\system32\nvs2.inf
      C:\Windows\system32\xxywXNHb.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 22:09 . 2008-04-03 22:09 <REP> d-------- C:\Program Files\K-Lite Codec Pack
      2008-04-03 22:09 . 2007-11-29 23:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
      2008-04-03 01:01 . 2008-04-03 01:01 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-03 01:01 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-03 01:01 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-03 01:01 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-03 01:01 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-03 01:01 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-03 01:01 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-03 01:01 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-04-03 01:01 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-04-03 00:44 . 2008-04-03 00:44 <REP> d-------- C:\Users\All Users\Avg7
      2008-04-03 00:44 . 2008-04-03 00:44 <REP> d-------- C:\ProgramData\Avg7
      2008-04-03 00:17 . 2008-04-03 00:17 203,264 --a------ C:\Windows\kiasys.dll
      2008-04-03 00:17 . 2008-04-03 00:17 59,392 --a------ C:\mxuxc.exe
      2008-04-03 00:17 . 2008-04-03 00:17 11,264 --a------ C:\vwhfxvxv.exe
      2008-04-03 00:17 . 2008-04-03 00:17 6,144 --a------ C:\kbvxxo.exe
      2008-04-03 00:17 . 2008-04-03 00:17 55 --a------ C:\smp.bat
      2008-04-03 00:17 . 2008-04-03 00:17 2 --a------ C:\680615819
      2008-04-03 00:09 . 2008-04-03 00:09 <REP> d-------- C:\Users\fnac\AppData\Roaming\PC Tools
      2008-04-03 00:09 . 2008-04-03 22:36 <REP> d-a------ C:\Users\All Users\TEMP
      2008-04-03 00:09 . 2008-04-03 22:36 <REP> d-a------ C:\ProgramData\TEMP
      2008-04-03 00:09 . 2008-04-03 21:32 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-04-03 00:09 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
      2008-04-03 00:09 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
      2008-04-03 00:09 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
      2008-04-03 00:09 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
      2008-04-02 23:10 . 2007-04-20 13:16 8,393 --a------ C:\Windows\System32\CTAPO32.cat
      2008-04-02 22:58 . 2008-04-02 22:40 152,576 --a------ C:\Windows\System32\SPWizUI.dll
      2008-04-02 22:58 . 2008-04-02 22:40 47,560 --a------ C:\Windows\System32\SPReview.exe
      2008-04-02 22:47 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
      2008-04-02 22:47 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
      2008-04-02 22:47 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
      2008-04-02 22:45 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
      2008-04-02 22:42 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
      2008-04-02 22:41 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
      2008-04-02 22:38 . 2008-04-02 22:59 196,608 --a------ C:\Windows\SPInstall.etl
      2008-03-25 21:33 . 2005-10-15 13:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
      2008-03-25 21:33 . 1998-06-24 01:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
      2008-03-25 21:33 . 1998-07-06 01:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
      2008-03-25 21:32 . 2008-03-25 21:33 <REP> d-------- C:\Program Files\PDFCreator
      2008-03-23 00:46 . 2008-03-23 00:46 <REP> d-------- C:\Program Files\FM Modifier 2.2
      2008-03-09 20:31 . 2008-04-02 23:52 <REP> d-------- C:\Poker
      2008-03-09 20:26 . 2008-04-02 23:59 <REP> d-------- C:\Program Files\Doom 3
      2008-03-09 16:40 . 2008-03-09 16:40 382 --a------ C:\Windows\ODBC.INI
      2008-03-09 16:38 . 2008-03-09 16:38 <REP> d-------- C:\Program Files\Microsoft.NET
      2008-03-09 16:36 . 2008-03-09 16:36 <REP> dr-h----- C:\MSOCache
      2008-03-09 15:24 . 2008-03-09 15:24 <REP> d-------- C:\Program Files\SmartGV
      2008-03-06 00:16 . 2008-04-02 23:53 <REP> d-------- C:\Program Files\WordBiz
      2008-03-04 21:32 . 2008-03-04 21:32 0 --a------ C:\Windows\Progs_.ini
      2008-03-04 20:40 . 2001-06-11 20:03 98,304 --a------ C:\Windows\System32\HLBButton6.ocx
      2008-03-04 20:40 . 2007-09-05 22:56 40,960 --a------ C:\Windows\System32\LedCommon.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-02 22:01 --------- d-----w C:\Program Files\Windows Live
      2008-04-02 22:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-02 21:55 --------- d-----w C:\Program Files\Game Graphic Studio
      2008-04-02 21:54 --------- d-----w C:\Users\fnac\AppData\Roaming\vlc
      2008-04-02 21:54 --------- d-----w C:\Program Files\adslTV
      2008-04-02 21:51 --------- d-----w C:\ProgramData\Logishrd
      2008-04-02 21:51 --------- d-----w C:\Program Files\Logitech
      2008-04-02 21:26 174 --sha-w C:\Program Files\desktop.ini
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Sidebar
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Photo Gallery
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Mail
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Journal
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Defender
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Collaboration
      2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Calendar
      2008-03-30 21:59 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-29 13:28 --------- d-----w C:\Program Files\Google
      2008-03-25 07:36 --------- d-----w C:\ProgramData\Roxio
      2008-03-23 19:00 --------- d-----w C:\Users\fnac\AppData\Roaming\Roxio
      2008-03-20 20:12 --------- d-----w C:\Program Files\OFFICE ONE 7.0
      2008-03-20 19:13 --------- d-----w C:\Program Files\Free Audio Pack
      2008-03-13 19:09 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
      2008-03-04 19:33 --------- d-----w C:\Program Files\AIDA32 - Personal System Information
      2008-03-04 19:21 --------- d-----w C:\Program Files\DAEMON Tools
      2008-03-03 19:19 --------- d-----w C:\Program Files\RegCleaner
      2008-03-02 19:40 --------- d-----w C:\Users\fnac\AppData\Roaming\eMule
      2008-03-02 19:40 --------- d-----w C:\ProgramData\eMule
      2008-03-02 19:40 --------- d-----w C:\Program Files\eMule
      2008-03-02 17:53 --------- d-----w C:\Users\fnac\AppData\Roaming\OFFICEOne7
      2008-02-27 22:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys
      2008-02-24 18:14 --------- d-----w C:\Program Files\SopCast
      2008-02-24 18:03 --------- d-----w C:\Program Files\Yahoo!
      2008-02-22 20:58 --------- d-----w C:\ProgramData\Lavasoft
      2008-02-20 20:40 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-18 20:27 --------- d-----w C:\Users\fnac\AppData\Roaming\ArcSoft
      2008-02-18 20:27 --------- d-----w C:\Program Files\Philips
      2008-02-18 20:27 --------- d-----w C:\Program Files\Common Files\ArcSoft
      2008-02-18 19:14 --------- d-----w C:\Program Files\DIFX
      2008-02-18 19:13 --------- d-----w C:\Users\fnac\AppData\Roaming\InstallShield
      2008-02-18 19:13 --------- d-----w C:\Program Files\Common Files\Philips SPC520NC Webcam
      2008-02-13 23:08 --------- d-----w C:\Program Files\Ant Movie Catalog
      2008-02-12 22:09 --------- d-----w C:\Program Files\TagRename
      2008-02-12 21:17 --------- d-----w C:\Program Files\MyVideoSoft
      2008-02-11 00:08 --------- d-----w C:\Users\fnac\AppData\Roaming\XnView
      2008-02-09 14:33 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
      2008-02-04 20:10 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-03 21:28 --------- d-----w C:\ProgramData\Yahoo!
      2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
      2008-01-18 21:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-01-18 21:33 58,880 ----a-w C:\Windows\bfsvc.exe
      2008-01-18 21:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-18 21:33 498,176 ----a-w C:\Windows\HelpPane.exe
      2008-01-18 21:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-18 21:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
      2008-01-18 21:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
      2008-01-18 21:33 2,927,104 ----a-w C:\Windows\explorer.exe
      2008-01-18 21:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-18 21:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-18 21:33 151,040 ----a-w C:\Windows\notepad.exe
      2008-01-18 21:33 134,656 ----a-w C:\Windows\regedit.exe
      2008-01-18 21:33 13,312 ----a-w C:\Windows\fveupdate.exe
      2007-05-12 15:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007051220070513\index.dat
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67E52A0A-F792-4A38-97F6-4DFF84909A3C}]
      C:\Windows\system32\geBuSljh.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B580E40-6B46-44C8-9E80-A5AD6E1D1035}]
      2008-04-03 00:17 203264 --a------ C:\Windows\kiasys.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 09:56 278528]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 12:58 213936]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
      "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
      "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ]
      "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
      "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 18:50 180224]
      "P17RunE"="P17RunE.dll" [2007-04-09 03:40 14848 C:\Windows\System32\P17RunE.dll]
      "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
      "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 12:58 213936]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 12:58 86960]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 12:58 213936]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\Windows\system32\xxywXNHb.dll [ ]

      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
      path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
      backup=C:\Windows\pss\OFFICE One Startup v7.lnk.CommonStartup
      backupExtension=.CommonStartup

      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
      path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
      backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
      backupExtension=.CommonStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
      C:\Program Files\Logitech\QuickCam\Quickcam.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlvmfodimu]
      c:\users\fnac\appdata\local\nlvmfodimu.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2008-02-28 23:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
      --a------ 2007-01-10 11:00 18944 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{F89EC001-CB5C-49DD-BD46-D230242C557D}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
      "{27AD424B-CE13-4781-91D1-1C3CD15CFF8B}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
      "{CCDC8325-4946-41A5-B58F-676B4C5DDE20}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
      "{9939F947-8F5B-4E3F-BBC9-BE1CEF8A6894}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
      "{2E2BF257-E1FD-436B-8DDC-BF9577F58EAA}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
      "{2CE441DE-E1F2-494C-828B-FF12C2AD7F95}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
      "{353BD5A9-78E6-414B-8917-1B51EE563A55}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
      "{A4AA0981-A67C-48A0-927A-DAA3A9F825A1}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
      "{D6075648-8579-4198-90BB-5F4DC493357F}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
      "{13797D9E-BF5B-475E-B402-3ED917780FA5}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
      "{A6933CB6-1486-4A09-A6B0-6E8C8E09492F}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
      "{7B7A2817-022A-41E1-AE0D-6055C44A2738}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
      "TCP Query User{EB899073-D812-4650-B2EB-DFF99C64EB84}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
      "UDP Query User{696191CC-0F4D-4399-8684-D4A5E695E3C8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
      "{9F3EF101-EB25-4771-9C4C-047B8928DB72}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "TCP Query User{7FDE36AA-5E50-46DB-B8C2-41E6C0B4F1A2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
      "UDP Query User{6E977137-3D8D-4095-99B6-6327B410F70D}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
      "TCP Query User{3A1CF355-C023-4CA3-A196-1656E0A8E51C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{9E8CE037-A806-4D31-81B3-FA21C6C3ED1A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
      "{9CBD18C2-B8E3-4458-A962-B2D11E2B9D60}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "{122CAE3E-8CBC-4345-8BC1-DE931FB54D55}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
      "{B97D8B29-9BF3-4CAA-9AE0-F0121EB0861E}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
      "{5F703458-D6A4-499F-970F-375298ACC4FF}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
      "{83225138-0E9F-4135-851D-90E5597C0CCD}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
      "{72227842-3D03-4A65-AA12-2286B00DF32B}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "TCP Query User{D4CDBE86-A3F5-4FAE-B900-60836FAE1ED8}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
      "UDP Query User{60F124FC-12C9-41FB-9E08-89EBC216A766}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
      "TCP Query User{013BE244-552A-4E2A-93C3-082C60D2CBAC}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
      "UDP Query User{3FF0E3D7-C7BC-4B53-9DFC-77EF611C77C6}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
      "TCP Query User{F2122E9A-840A-4749-9A04-01C8B543836B}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
      "UDP Query User{BDE40BC5-60C2-4275-83C3-27F73F01BFF3}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
      "TCP Query User{0722296A-422B-4BDA-96C7-FD1197DF8726}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
      "UDP Query User{46931A8E-AFEF-49F5-BCE2-52567ED50CE9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
      "TCP Query User{42D8494E-F8FB-4FCB-BA0D-97842F5EFD7E}C:\\users\\fnac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\fnac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
      "UDP Query User{187D05BB-F531-4D3A-8C8C-F9CFA38F3291}C:\\users\\fnac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\fnac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
      "TCP Query User{BF2BC4E7-2DF6-4ED6-A79F-BBBA064CF629}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{802E69AC-3414-4E16-BE9A-35D082B19655}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "TCP Query User{F513BBC5-3825-4949-A4AD-44F4C78897ED}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
      "UDP Query User{F4F58395-ADDC-4A73-82DD-FB38F85B53F2}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
      "TCP Query User{D3FEB820-3190-4501-B63B-3957A85D9A25}C:\\program files\\adsltv\\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
      "UDP Query User{AC2208FB-22C0-4C2B-A19D-3998166BA0A3}C:\\program files\\adsltv\\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
      "TCP Query User{AC416F1C-94B0-448B-B7C2-64FFD60ECD29}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player
      "UDP Query User{5FA76323-98CB-4F08-B730-844050A35A37}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player
      "{8335E9B8-6BCA-4023-8945-33726D94987F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{C7C61B18-3187-45B1-8D59-0E56E5B60AC5}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{3922F7FF-3034-47FF-9C39-8BC239F4E5D3}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{4A2AFCDA-619B-4444-8476-E6709D8C3D4D}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{4DF32F08-B11C-4E5D-A4BE-EC38F9088C14}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
      "TCP Query User{CF4F1D0B-3A03-48E9-A42C-38891AEE87C0}C:\\program files\\odebit multimédia\\v3\\odebit.exe"= UDP:C:\program files\odebit multimédia\v3\odebit.exe:Odébit Multimédia
      "UDP Query User{2A4B801E-C238-4D02-8C80-B2DF44952EDE}C:\\program files\\odebit multimédia\\v3\\odebit.exe"= TCP:C:\program files\odebit multimédia\v3\odebit.exe:Odébit Multimédia
      "TCP Query User{2EF3A0E5-2FB9-4935-BE83-747E186418F5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
      "UDP Query User{DCE8B5C9-8B2C-45F3-8A6D-BCCE9A528327}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
      "{08AA5C8F-F6CA-487D-9735-5FC3E8B377DA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{CFBCDD97-8639-46C8-9D6A-CA4A34934E5E}"= UDP:C:\Program Files\KONAMI 2008\Pro Evolution Soccer\PES2008.exe:Pro Evolution Soccer 2008
      "{8A44914E-6878-411B-82FC-101A3C996844}"= TCP:C:\Program Files\KONAMI 2008\Pro Evolution Soccer\PES2008.exe:Pro Evolution Soccer 2008
      "TCP Query User{58652EF0-F4B8-4212-A5FA-AA8C019B934F}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
      "UDP Query User{9CB5DCB9-1340-4C6B-81F4-6230D7F657E0}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
      "{1E769F75-73EF-44C8-ACA3-EAF5B16E3469}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
      "{1C75E960-1CBE-40C4-A9DA-31891D5F2FDD}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
      "{97BD2B22-2A86-46B2-88AF-61B60BBE21C5}"= UDP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{13294606-8701-4EC4-A2AA-23D5012E9741}"= TCP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
      "TCP Query User{42162185-5E3F-48BB-8A72-C583F87A2F2B}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
      "UDP Query User{B23DE245-57F8-44C7-A24F-42F6DC936727}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
      "TCP Query User{5FF74E05-43D4-465A-9778-1035486E1C36}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
      "UDP Query User{7C7A9716-5FC9-4E7E-ACF7-8A89469F82C9}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
      "{A0687220-75C4-4557-B270-33B379B7BF73}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "{3A164E4F-FE9B-4A47-BBEA-D8908AB50989}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
      "{48CF7DB7-6BA9-4EFB-8C43-8A75BA70E1BB}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
      "{31AEE1E2-CA4B-45B0-8EA9-BD803A99EA4B}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
      "{99453DC6-A62C-43AF-BC42-A1D4214437E9}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
      "{8A0778D3-B993-4133-8D54-878219D79AE7}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "{336B3EDC-1D98-4B2E-AF28-9EE8285BA721}"= UDP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{D94A3E79-EB71-49D2-B4F6-610CC7B80F8D}"= TCP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
      "{789F05EF-F283-4398-9074-D42FAA2AFBD2}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "{DC62DC83-5404-4F21-8181-1066DB396DC6}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
      "{9B31F5E0-A0DB-4396-934C-8A53CF920CD2}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
      "{E62B5E8F-2C55-47F5-8680-66045E865BDD}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
      "{3F12376D-7F5F-44B6-9AAB-5F1B083E29EC}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
      "{0FFFF404-5E5F-4412-AC0A-F5D1155A248F}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "TCP Query User{BCE09F6E-ECF4-4DC0-80DC-A4539F5B65B6}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
      "UDP Query User{1CC669FE-F24F-4F2A-8C14-85A6137B8CD1}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
      "{87ADA631-4D5D-48DA-8D7A-EC820F0BBEC8}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "{0049AB4C-4219-4F51-A9B9-F8B87FAE924B}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "{97267845-D4A1-4D6F-8453-E5566DA36574}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
      "TCP Query User{154C6AE1-2CB0-48CE-84AD-B233AD393C56}C:\\program files\\adsltv\\adsltv.exe"= Disabled:UDP:C:\program files\adsltv\adsltv.exe:adsltv
      "UDP Query User{F91D8EFF-5DD2-477F-B949-029D81CA0D2E}C:\\program files\\adsltv\\adsltv.exe"= Disabled:TCP:C:\program files\adsltv\adsltv.exe:adsltv
      "TCP Query User{55CDC68B-543A-4B4E-A9F5-C77E534314A5}C:\\program files\\bittorrent\\bittorrent.exe"= Disabled:UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
      "UDP Query User{CBF6917C-34C7-41B2-B0CC-ADD6F7CB6063}C:\\program files\\bittorrent\\bittorrent.exe"= Disabled:TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
      "{FBEDF4CA-6A82-49B6-B7D8-50925D721C0D}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "{B29FC893-8FFD-4CC4-B305-9561727A45B5}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "{D6B41DA7-23EA-4463-88BC-0DBCD64DDCD0}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "{4A0B0971-125C-4DFF-958E-FE89A7534118}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
      "TCP Query User{9EE51B31-727E-4A14-8743-029A52A0B4BF}C:\\program files\\eurosport\\eurosport player\\consoles.eurosport.exe"= Disabled:UDP:C:\program files\eurosport\eurosport player\consoles.eurosport.exe:Consoles.Eurosport
      "UDP Query User{8C40F038-48DC-4B1D-8191-A1D3BE5A4B80}C:\\program files\\eurosport\\eurosport player\\consoles.eurosport.exe"= Disabled:TCP:C:\program files\eurosport\eurosport player\consoles.eurosport.exe:Consoles.Eurosport
      "TCP Query User{758A46F3-689C-4261-9B3C-E37B1D64D919}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= Disabled:UDP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
      "UDP Query User{AB1F62E6-AB47-421A-A14C-FA4FDB850310}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= Disabled:TCP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
      "TCP Query User{428767F8-5D2A-4646-9AD0-86B49A3FC6E1}C:\\program files\\emule\\emule.exe"= Disabled:UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{D4070A8B-0DA5-4D5D-A6C9-7233D3833447}C:\\program files\\emule\\emule.exe"= Disabled:TCP:C:\program files\emule\emule.exe:eMule
      "TCP Query User{61189CAF-F36B-4FC9-AF86-B34FD6FC7ABF}C:\\users\\fnac\\desktop\\emule\\emule.exe"= Disabled:UDP:C:\users\fnac\desktop\emule\emule.exe:emule.exe
      "UDP Query User{869FBA16-728F-401C-A5EA-3E8A8E0DFCDB}C:\\users\\fnac\\desktop\\emule\\emule.exe"= Disabled:TCP:C:\users\fnac\desktop\emule\emule.exe:emule.exe
      "TCP Query User{8E6DD853-4D89-45A1-9979-728BD40D47F1}C:\\users\\fnac\\appdata\\local\\temp\\rar$ex01.203\\emule.exe"= Disabled:UDP:C:\users\fnac\appdata\local\temp\rar$ex01.203\emule.exe:emule.exe
      "UDP Query User{7955363D-7C21-47B3-8510-700D78AB12D5}C:\\users\\fnac\\appdata\\local\\temp\\rar$ex01.203\\emule.exe"= Disabled:TCP:C:\users\fnac\appdata\local\temp\rar$ex01.203\emule.exe:emule.exe
      "TCP Query User{699861F5-7D00-4C67-9A0F-8D5BAA1BA1F6}C:\\program files\\peertv\\peercast.exe"= Disabled:UDP:C:\program files\peertv\peercast.exe:PeerCast
      "UDP Query User{5DCB1DEC-4D4F-416D-8A00-BAAC8530BF6E}C:\\program files\\peertv\\peercast.exe"= Disabled:TCP:C:\program files\peertv\peercast.exe:PeerCast
      "TCP Query User{B80F80E9-E4A1-44B4-80E7-100EB20738A8}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
      "UDP Query User{7B08274F-FEFB-49D4-A893-4B55F975217A}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
      "{C66728D1-DAEC-415B-9070-A0092226AB08}"= Disabled:UDP:C:\Program Files\PPLive\PPLive.exe:PPLive
      "{47E7DB14-E7A5-4136-9942-26FB21F56B8E}"= Disabled:TCP:C:\Program Files\PPLive\PPLive.exe:PPLive
      "TCP Query User{F34BAEF9-C572-40EF-AF53-496DED1A7A8D}C:\\program files\\ppmate\\ppamnet.exe"= Disabled:UDP:C:\program files\ppmate\ppamnet.exe:ppmnet Module
      "UDP Query User{65EDA166-96FE-4174-BEBA-B24D000ED33B}C:\\program files\\ppmate\\ppamnet.exe"= Disabled:TCP:C:\program files\ppmate\ppamnet.exe:ppmnet Module
      "TCP Query User{F6CCE462-E696-495F-8C7C-D363C6BF0A0E}C:\\program files\\ppstream\\ppstream.exe"= Disabled:UDP:C:\program files\ppstream\ppstream.exe:PPS????
      "UDP Query User{60A28FF1-B1E2-4318-81B1-33771721150E}C:\\program files\\ppstream\\ppstream.exe"= Disabled:TCP:C:\program files\ppstream\ppstream.exe:PPS????
      "{E5CC6C83-724C-4EFD-84C1-582FEE83D7CA}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
      "{F8C5EDD8-F661-4523-8BEA-3A5B75AF4EAB}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
      "{C7351DE2-B31E-422C-BA54-BB8D3D3ADF87}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
      "{AB690862-3E87-4AE2-8495-96BC8ABEE50A}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
      "{D0C091C5-99E0-4040-9F1D-00CD6C54C659}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
      "C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream
      "C:\\Program Files\\PPMate\\ppmate.exe"= C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
      "C:\\Program Files\\PPMate\\ppamnet.exe"= C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]
      R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 15:44]
      R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
      S1 hidfltr;HID Filter Driver;C:\Windows\system32\drivers\MWhid.sys [2004-11-03 06:20]
      S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
      S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\Windows\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
      S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      bthsvcs REG_MULTI_SZ BthServ

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee31327-4d5f-11dc-b167-00146c3a00b4}]
      \shell\AutoRun\command - K:\Setup\rsrc\Autorun.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4559029-f556-11db-81e9-806e6f6e6963}]
      \shell\AutoRun\command - D:\autorun.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f600735f-28ca-11dc-a892-00146c3a00b4}]
      \shell\AutoRun\command - I:\Setup\rsrc\Autorun.exe
      \shell\dinstall\command - I:\Directx\dxsetup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6007368-28ca-11dc-a892-00146c3a00b4}]
      \shell\AutoRun\command - J:\Setup\rsrc\Autorun.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-04-03 20:30:00 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-04-03 20:45:12 C:\Windows\Tasks\User_Feed_Synchronization-{CFE347B2-4805-40C1-A896-D4C97D4CE8CF}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 22:44:19
      Windows 6.0.6001 Service Pack 1 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      C:\Windows\WindowsMobile\wmdc.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 22:47:36 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-03 20:47:28
      Pre-Run: 135,822,172,160 octets libres
      Post-Run: 135,975,907,328 octets libres
      .
      2008-03-25 18:50:06 --- E O F ---




      Et le nouveau rapport de hijack this :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:48:53, on 03/04/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Windows\WindowsMobile\wmdc.exe
      C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Microsoft IntelliType Pro\itype.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Windows\System32\mobsync.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\Explorer.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Users\fnac\Desktop\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.football365.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {67E52A0A-F792-4A38-97F6-4DFF84909A3C} - C:\Windows\system32\geBuSljh.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Media Codec - {8B580E40-6B46-44C8-9E80-A5AD6E1D1035} - C:\Windows\kiasys.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
      O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
      O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
      O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    merci de rien

    la suite :

    Copie le texte ci-dessous :

    File::
    C:\Windows\system32\xxywXNHb.dll
    C:\Windows\kiasys.dll
    c:\users\fnac\appdata\local\nlvmfodimu.exe
    C:\mxuxc.exe
    C:\vwhfxvxv.exe
    C:\kbvxxo.exe
    C:\smp.bat
    C:\680615819

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67E52A0A-F792-4A38-97F6-4DFF84909A3C}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B580E40-6B46-44C8-9E80-A5AD6E1D1035}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlvmfodimu]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  3. Ronan13
     
    Ok tout s'est bien passé pas de redémarrage mais bon en 1er le rapport combifix et apres celui de hijack this :

    ComboFix 08-04-03.3 - fnac 2008-04-03 23:17:38.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.990 [GMT 2:00]
    Endroit: C:\Users\fnac\Desktop\ComboFix.exe
    Command switches used :: C:\Users\fnac\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\680615819
    C:\kbvxxo.exe
    C:\mxuxc.exe
    C:\smp.bat
    c:\users\fnac\appdata\local\nlvmfodimu.exe
    C:\vwhfxvxv.exe
    C:\Windows\kiasys.dll
    C:\Windows\system32\xxywXNHb.dll
    .
    TimedOut: Windir.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\680615819
    C:\kbvxxo.exe
    C:\mxuxc.exe
    C:\smp.bat
    C:\vwhfxvxv.exe
    C:\Windows\kiasys.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-03 23:03 . 2008-04-03 23:03 54,156 --ah----- C:\Windows\QTFont.qfn
    2008-04-03 23:03 . 2008-04-03 23:03 1,409 --a------ C:\Windows\QTFont.for
    2008-04-03 23:01 . 2008-04-03 23:01 <REP> d-------- C:\Users\fnac\AppData\Roaming\Apple Computer
    2008-04-03 23:00 . 2008-04-03 23:01 <REP> d-------- C:\Program Files\iTunes
    2008-04-03 23:00 . 2008-04-03 23:00 <REP> d-------- C:\Program Files\iPod
    2008-04-03 23:00 . 2008-04-03 23:00 <REP> d-------- C:\Program Files\Bonjour
    2008-04-03 22:59 . 2008-04-03 23:00 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-04-03 22:59 . 2008-04-03 23:00 <REP> d-------- C:\ProgramData\Apple Computer
    2008-04-03 22:59 . 2008-04-03 23:00 <REP> d-------- C:\Program Files\QuickTime
    2008-04-03 22:56 . 2008-04-03 22:56 <REP> d-------- C:\Windows\LastGood
    2008-04-03 22:56 . 2008-04-03 22:56 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-03 22:55 . 2008-04-03 22:55 <REP> d-------- C:\Users\All Users\Apple
    2008-04-03 22:55 . 2008-04-03 22:55 <REP> d-------- C:\ProgramData\Apple
    2008-04-03 22:55 . 2008-04-03 22:55 <REP> d-------- C:\Program Files\Common Files\Apple
    2008-04-03 22:09 . 2008-04-03 22:09 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-03 01:01 . 2008-04-03 01:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-03 01:01 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
    2008-04-03 01:01 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-04-03 01:01 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-04-03 01:01 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-03 01:01 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-04-03 01:01 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-04-03 01:01 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-04-03 01:01 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-04-03 00:44 . 2008-04-03 00:44 <REP> d-------- C:\Users\All Users\Avg7
    2008-04-03 00:44 . 2008-04-03 00:44 <REP> d-------- C:\ProgramData\Avg7
    2008-04-03 00:09 . 2008-04-03 00:09 <REP> d-------- C:\Users\fnac\AppData\Roaming\PC Tools
    2008-04-03 00:09 . 2008-04-03 22:36 <REP> d-a------ C:\Users\All Users\TEMP
    2008-04-03 00:09 . 2008-04-03 22:36 <REP> d-a------ C:\ProgramData\TEMP
    2008-04-03 00:09 . 2008-04-03 21:32 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-03 00:09 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-04-03 00:09 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-04-03 00:09 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-04-03 00:09 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-04-02 23:10 . 2007-04-20 13:16 8,393 --a------ C:\Windows\System32\CTAPO32.cat
    2008-04-02 22:58 . 2008-04-02 22:40 152,576 --a------ C:\Windows\System32\SPWizUI.dll
    2008-04-02 22:58 . 2008-04-02 22:40 47,560 --a------ C:\Windows\System32\SPReview.exe
    2008-04-02 22:47 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-04-02 22:47 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
    2008-04-02 22:47 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
    2008-04-02 22:45 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-04-02 22:42 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
    2008-04-02 22:41 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
    2008-04-02 22:38 . 2008-04-02 22:59 196,608 --a------ C:\Windows\SPInstall.etl
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-03-25 21:33 . 2005-10-15 13:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
    2008-03-25 21:33 . 1998-06-24 01:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
    2008-03-25 21:33 . 1998-07-06 01:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
    2008-03-25 21:32 . 2008-03-25 21:33 <REP> d-------- C:\Program Files\PDFCreator
    2008-03-23 00:46 . 2008-03-23 00:46 <REP> d-------- C:\Program Files\FM Modifier 2.2
    2008-03-09 20:31 . 2008-04-02 23:52 <REP> d-------- C:\Poker
    2008-03-09 20:26 . 2008-04-02 23:59 <REP> d-------- C:\Program Files\Doom 3
    2008-03-09 16:40 . 2008-03-09 16:40 382 --a------ C:\Windows\ODBC.INI
    2008-03-09 16:38 . 2008-03-09 16:38 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-09 16:36 . 2008-03-09 16:36 <REP> dr-h----- C:\MSOCache
    2008-03-09 15:24 . 2008-03-09 15:24 <REP> d-------- C:\Program Files\SmartGV
    2008-03-06 00:16 . 2008-04-02 23:53 <REP> d-------- C:\Program Files\WordBiz
    2008-03-04 21:32 . 2008-03-04 21:32 0 --a------ C:\Windows\Progs_.ini
    2008-03-04 20:40 . 2001-06-11 20:03 98,304 --a------ C:\Windows\System32\HLBButton6.ocx
    2008-03-04 20:40 . 2007-09-05 22:56 40,960 --a------ C:\Windows\System32\LedCommon.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-02 22:01 --------- d-----w C:\Program Files\Windows Live
    2008-04-02 22:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-02 21:55 --------- d-----w C:\Program Files\Game Graphic Studio
    2008-04-02 21:54 --------- d-----w C:\Users\fnac\AppData\Roaming\vlc
    2008-04-02 21:54 --------- d-----w C:\Program Files\adslTV
    2008-04-02 21:51 --------- d-----w C:\ProgramData\Logishrd
    2008-04-02 21:51 --------- d-----w C:\Program Files\Logitech
    2008-04-02 21:26 174 --sha-w C:\Program Files\desktop.ini
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Mail
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Journal
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Defender
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Collaboration
    2008-04-02 21:19 --------- d-----w C:\Program Files\Windows Calendar
    2008-04-02 21:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-04-02 21:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-03-30 21:59 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-29 13:28 --------- d-----w C:\Program Files\Google
    2008-03-25 07:36 --------- d-----w C:\ProgramData\Roxio
    2008-03-23 19:00 --------- d-----w C:\Users\fnac\AppData\Roaming\Roxio
    2008-03-22 16:30 2,085,376 ----a-w C:\Windows\System32\x264vfw.dll
    2008-03-20 20:12 --------- d-----w C:\Program Files\OFFICE ONE 7.0
    2008-03-20 19:13 --------- d-----w C:\Program Files\Free Audio Pack
    2008-03-13 19:09 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
    2008-03-04 19:33 --------- d-----w C:\Program Files\AIDA32 - Personal System Information
    2008-03-04 19:21 --------- d-----w C:\Program Files\DAEMON Tools
    2008-03-04 10:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
    2008-03-03 19:19 --------- d-----w C:\Program Files\RegCleaner
    2008-03-02 19:40 --------- d-----w C:\Users\fnac\AppData\Roaming\eMule
    2008-03-02 19:40 --------- d-----w C:\ProgramData\eMule
    2008-03-02 19:40 --------- d-----w C:\Program Files\eMule
    2008-03-02 17:53 --------- d-----w C:\Users\fnac\AppData\Roaming\OFFICEOne7
    2008-02-27 22:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-02-26 04:54 43,520 ----a-w C:\Windows\system32\drivers\fetnd5bv.sys
    2008-02-24 18:14 --------- d-----w C:\Program Files\SopCast
    2008-02-24 18:03 --------- d-----w C:\Program Files\Yahoo!
    2008-02-22 20:58 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-20 20:40 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-18 20:27 --------- d-----w C:\Users\fnac\AppData\Roaming\ArcSoft
    2008-02-18 20:27 --------- d-----w C:\Program Files\Philips
    2008-02-18 20:27 --------- d-----w C:\Program Files\Common Files\ArcSoft
    2008-02-18 19:14 --------- d-----w C:\Program Files\DIFX
    2008-02-18 19:13 --------- d-----w C:\Users\fnac\AppData\Roaming\InstallShield
    2008-02-18 19:13 --------- d-----w C:\Program Files\Common Files\Philips SPC520NC Webcam
    2008-02-14 06:59 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-13 23:08 --------- d-----w C:\Program Files\Ant Movie Catalog
    2008-02-12 22:09 --------- d-----w C:\Program Files\TagRename
    2008-02-12 21:17 --------- d-----w C:\Program Files\MyVideoSoft
    2008-02-11 00:08 --------- d-----w C:\Users\fnac\AppData\Roaming\XnView
    2008-02-09 14:33 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-02-04 20:10 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-03 21:28 --------- d-----w C:\ProgramData\Yahoo!
    2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
    2008-01-18 21:44 986,680 ----a-w C:\Windows\System32\winload.exe
    2008-01-18 21:44 926,776 ----a-w C:\Windows\System32\winresume.exe
    2008-01-18 21:43 614,968 ----a-w C:\Windows\System32\ci.dll
    2008-01-18 21:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-01-18 21:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-18 21:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-18 21:43 247,352 ----a-w C:\Windows\System32\clfs.sys
    2008-01-18 21:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
    2008-01-18 21:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
    2008-01-18 21:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
    2008-01-18 21:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
    2008-01-18 21:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
    2008-01-18 21:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
    2008-01-18 21:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
    2008-01-18 21:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
    2008-01-18 21:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
    2008-01-18 21:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
    2008-01-18 21:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
    2008-01-18 21:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
    2008-01-18 21:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
    2008-01-18 21:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
    2008-01-18 21:36 99,840 ----a-w C:\Windows\System32\ulib.dll
    2008-01-18 21:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
    2008-01-18 21:34 98,816 ----a-w C:\Windows\System32\mfps.dll
    2008-01-18 21:33 98,304 ----a-w C:\Windows\System32\makecab.exe
    2008-01-18 21:32 258,048 ----a-w C:\Windows\System32\winspool.drv
    2008-01-18 21:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
    2008-01-18 21:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
    2008-01-18 21:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
    2008-01-18 21:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
    2008-01-18 21:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
    2008-01-18 21:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
    2008-01-18 21:30 17,920 ----a-w C:\Windows\System32\netevent.dll
    2008-01-18 21:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
    2008-01-18 21:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
    2008-01-18 21:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-01-18 21:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-01-18 20:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-18 20:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
    2008-01-18 20:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
    2008-01-18 19:52 56,320 ----a-w C:\Windows\System32\vga256.dll
    2008-01-18 19:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
    2008-01-18 19:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
    2008-01-18 19:52 10,752 ----a-w C:\Windows\System32\vga.dll
    2008-01-18 19:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
    2007-05-12 15:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007051220070513\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-03_22.47.13.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-02 21:56:17 51,200 ----a-w C:\Windows\inf\infpub.dat
    + 2008-04-03 20:56:46 51,200 ----a-w C:\Windows\inf\infpub.dat
    - 2008-04-02 21:56:17 86,016 ----a-w C:\Windows\inf\infstor.dat
    + 2008-04-03 20:56:45 86,016 ----a-w C:\Windows\inf\infstor.dat
    - 2008-04-02 21:56:17 143,360 ----a-w C:\Windows\inf\infstrng.dat
    + 2008-04-03 20:56:45 143,360 ----a-w C:\Windows\inf\infstrng.dat
    + 2008-04-03 21:00:34 86,016 ----a-r C:\Windows\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
    + 2008-04-03 21:01:44 102,400 ----a-r C:\Windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
    + 2008-04-03 20:57:09 27,136 ----a-r C:\Windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
    - 2008-04-03 20:24:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-03 20:58:52 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-03 20:43:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-04-03 20:45:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-04-03 20:45:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-04-03 20:36:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-03 21:17:02 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-03 20:43:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-04-03 20:45:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-04-03 20:45:42 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-04-03 20:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-04-03 20:45:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-04-03 20:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-03 20:45:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-03 20:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-04-03 20:45:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-07-24 13:17:08 81,920 ----a-w C:\Windows\System32\dns-sd.exe
    + 2007-07-24 13:17:08 61,440 ----a-w C:\Windows\System32\dnssd.dll
    + 2008-01-29 10:01:28 16,168 ----a-w C:\Windows\System32\drivers\GEARAspiWDM.sys
    + 2008-02-18 09:16:24 30,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_f458dbf2\usbaapl.sys
    - 2008-04-03 19:13:51 105,586 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-04-03 20:50:07 105,586 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-04-03 19:13:51 128,676 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-04-03 20:50:07 128,676 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-04-03 19:13:51 598,212 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-04-03 20:50:07 598,212 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-04-03 19:13:51 681,486 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-04-03 20:50:07 681,486 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-04-02 23:24:25 11,450 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1110089862-3033038582-1897887496-1002_UserData.bin
    + 2008-04-03 20:45:02 11,716 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1110089862-3033038582-1897887496-1002_UserData.bin
    - 2008-04-02 23:24:25 88,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-04-03 20:45:02 88,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 09:56 278528]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 12:58 213936]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
    "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
    "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 18:50 180224]
    "P17RunE"="P17RunE.dll" [2007-04-09 03:40 14848 C:\Windows\System32\P17RunE.dll]
    "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 12:58 213936]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 12:58 86960]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 12:58 213936]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
    backup=C:\Windows\pss\OFFICE One Startup v7.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
    backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-02-28 23:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    --a------ 2007-01-10 11:00 18944 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F89EC001-CB5C-49DD-BD46-D230242C557D}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{27AD424B-CE13-4781-91D1-1C3CD15CFF8B}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{CCDC8325-4946-41A5-B58F-676B4C5DDE20}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{9939F947-8F5B-4E3F-BBC9-BE1CEF8A6894}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{2E2BF257-E1FD-436B-8DDC-BF9577F58EAA}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{2CE441DE-E1F2-494C-828B-FF12C2AD7F95}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{353BD5A9-78E6-414B-8917-1B51EE563A55}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{A4AA0981-A67C-48A0-927A-DAA3A9F825A1}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{D6075648-8579-4198-90BB-5F4DC493357F}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{13797D9E-BF5B-475E-B402-3ED917780FA5}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{A6933CB6-1486-4A09-A6B0-6E8C8E09492F}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{7B7A2817-022A-41E1-AE0D-6055C44A2738}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "TCP Query User{EB899073-D812-4650-B2EB-DFF99C64EB84}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "UDP Query User{696191CC-0F4D-4399-8684-D4A5E695E3C8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "{9F3EF101-EB25-4771-9C4C-047B8928DB72}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "TCP Query User{7FDE36AA-5E50-46DB-B8C2-41E6C0B4F1A2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "UDP Query User{6E977137-3D8D-4095-99B6-6327B410F70D}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "TCP Query User{3A1CF355-C023-4CA3-A196-1656E0A8E51C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9E8CE037-A806-4D31-81B3-FA21C6C3ED1A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{9CBD18C2-B8E3-4458-A962-B2D11E2B9D60}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "{122CAE3E-8CBC-4345-8BC1-DE931FB54D55}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
    "{B97D8B29-9BF3-4CAA-9AE0-F0121EB0861E}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
    "{5F703458-D6A4-499F-970F-375298ACC4FF}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
    "{83225138-0E9F-4135-851D-90E5597C0CCD}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
    "{72227842-3D03-4A65-AA12-2286B00DF32B}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "TCP Query User{D4CDBE86-A3F5-4FAE-B900-60836FAE1ED8}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{60F124FC-12C9-41FB-9E08-89EBC216A766}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{013BE244-552A-4E2A-93C3-082C60D2CBAC}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{3FF0E3D7-C7BC-4B53-9DFC-77EF611C77C6}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "TCP Query User{F2122E9A-840A-4749-9A04-01C8B543836B}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{BDE40BC5-60C2-4275-83C3-27F73F01BFF3}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
    "TCP Query User{0722296A-422B-4BDA-96C7-FD1197DF8726}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{46931A8E-AFEF-49F5-BCE2-52567ED50CE9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
    "TCP Query User{42D8494E-F8FB-4FCB-BA0D-97842F5EFD7E}C:\\users\\fnac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\fnac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "UDP Query User{187D05BB-F531-4D3A-8C8C-F9CFA38F3291}C:\\users\\fnac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\fnac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "TCP Query User{BF2BC4E7-2DF6-4ED6-A79F-BBBA064CF629}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{802E69AC-3414-4E16-BE9A-35D082B19655}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{F513BBC5-3825-4949-A4AD-44F4C78897ED}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{F4F58395-ADDC-4A73-82DD-FB38F85B53F2}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{D3FEB820-3190-4501-B63B-3957A85D9A25}C:\\program files\\adsltv\\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
    "UDP Query User{AC2208FB-22C0-4C2B-A19D-3998166BA0A3}C:\\program files\\adsltv\\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
    "TCP Query User{AC416F1C-94B0-448B-B7C2-64FFD60ECD29}C:\\program files\\peertv\\vlc\\vlc.exe"= UDP:C:\program files\peertv\vlc\vlc.exe:VLC media player
    "UDP Query User{5FA76323-98CB-4F08-B730-844050A35A37}C:\\program files\\peertv\\vlc\\vlc.exe"= TCP:C:\program files\peertv\vlc\vlc.exe:VLC media player
    "{8335E9B8-6BCA-4023-8945-33726D94987F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C7C61B18-3187-45B1-8D59-0E56E5B60AC5}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{3922F7FF-3034-47FF-9C39-8BC239F4E5D3}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{4A2AFCDA-619B-4444-8476-E6709D8C3D4D}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{4DF32F08-B11C-4E5D-A4BE-EC38F9088C14}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "TCP Query User{CF4F1D0B-3A03-48E9-A42C-38891AEE87C0}C:\\program files\\odebit multimédia\\v3\\odebit.exe"= UDP:C:\program files\odebit multimédia\v3\odebit.exe:Odébit Multimédia
    "UDP Query User{2A4B801E-C238-4D02-8C80-B2DF44952EDE}C:\\program files\\odebit multimédia\\v3\\odebit.exe"= TCP:C:\program files\odebit multimédia\v3\odebit.exe:Odébit Multimédia
    "TCP Query User{2EF3A0E5-2FB9-4935-BE83-747E186418F5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{DCE8B5C9-8B2C-45F3-8A6D-BCCE9A528327}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "{08AA5C8F-F6CA-487D-9735-5FC3E8B377DA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CFBCDD97-8639-46C8-9D6A-CA4A34934E5E}"= UDP:C:\Program Files\KONAMI 2008\Pro Evolution Soccer\PES2008.exe:Pro Evolution Soccer 2008
    "{8A44914E-6878-411B-82FC-101A3C996844}"= TCP:C:\Program Files\KONAMI 2008\Pro Evolution Soccer\PES2008.exe:Pro Evolution Soccer 2008
    "TCP Query User{58652EF0-F4B8-4212-A5FA-AA8C019B934F}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{9CB5DCB9-1340-4C6B-81F4-6230D7F657E0}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "{1E769F75-73EF-44C8-ACA3-EAF5B16E3469}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{1C75E960-1CBE-40C4-A9DA-31891D5F2FDD}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{97BD2B22-2A86-46B2-88AF-61B60BBE21C5}"= UDP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{13294606-8701-4EC4-A2AA-23D5012E9741}"= TCP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
    "TCP Query User{42162185-5E3F-48BB-8A72-C583F87A2F2B}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{B23DE245-57F8-44C7-A24F-42F6DC936727}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "TCP Query User{5FF74E05-43D4-465A-9778-1035486E1C36}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{7C7A9716-5FC9-4E7E-ACF7-8A89469F82C9}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{A0687220-75C4-4557-B270-33B379B7BF73}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "{3A164E4F-FE9B-4A47-BBEA-D8908AB50989}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
    "{48CF7DB7-6BA9-4EFB-8C43-8A75BA70E1BB}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
    "{31AEE1E2-CA4B-45B0-8EA9-BD803A99EA4B}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
    "{99453DC6-A62C-43AF-BC42-A1D4214437E9}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
    "{8A0778D3-B993-4133-8D54-878219D79AE7}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "{336B3EDC-1D98-4B2E-AF28-9EE8285BA721}"= UDP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{D94A3E79-EB71-49D2-B4F6-610CC7B80F8D}"= TCP:C:\Program Files\KONAMI 08\PES 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{789F05EF-F283-4398-9074-D42FAA2AFBD2}"= UDP:Profile=Public|5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "{DC62DC83-5404-4F21-8181-1066DB396DC6}"= UDP:1034:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
    "{9B31F5E0-A0DB-4396-934C-8A53CF920CD2}"= UDP:5678:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
    "{E62B5E8F-2C55-47F5-8680-66045E865BDD}"= UDP:999:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
    "{3F12376D-7F5F-44B6-9AAB-5F1B083E29EC}"= UDP:26675:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
    "{0FFFF404-5E5F-4412-AC0A-F5D1155A248F}"= UDP:Profile=Public|990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "TCP Query User{BCE09F6E-ECF4-4DC0-80DC-A4539F5B65B6}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
    "UDP Query User{1CC669FE-F24F-4F2A-8C14-85A6137B8CD1}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
    "{87ADA631-4D5D-48DA-8D7A-EC820F0BBEC8}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "{0049AB4C-4219-4F51-A9B9-F8B87FAE924B}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "{97267845-D4A1-4D6F-8453-E5566DA36574}"= Disabled:UDP:5721:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}:Accès réseau Windows Mobile
    "TCP Query User{154C6AE1-2CB0-48CE-84AD-B233AD393C56}C:\\program files\\adsltv\\adsltv.exe"= Disabled:UDP:C:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{F91D8EFF-5DD2-477F-B949-029D81CA0D2E}C:\\program files\\adsltv\\adsltv.exe"= Disabled:TCP:C:\program files\adsltv\adsltv.exe:adsltv
    "TCP Query User{55CDC68B-543A-4B4E-A9F5-C77E534314A5}C:\\program files\\bittorrent\\bittorrent.exe"= Disabled:UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{CBF6917C-34C7-41B2-B0CC-ADD6F7CB6063}C:\\program files\\bittorrent\\bittorrent.exe"= Disabled:TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{FBEDF4CA-6A82-49B6-B7D8-50925D721C0D}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "{B29FC893-8FFD-4CC4-B305-9561727A45B5}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "{D6B41DA7-23EA-4463-88BC-0DBCD64DDCD0}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "{4A0B0971-125C-4DFF-958E-FE89A7534118}"= Disabled:UDP:990:LocalSubnet:LocalSubnet|IF={80E5B370-9612-46FC-8C1D-CFBB913B1738}|C:\Windows\system32\svchost.exe|Svc=rapimgr:Connectivité de l'appareil Windows Mobile
    "TCP Query User{9EE51B31-727E-4A14-8743-029A52A0B4BF}C:\\program files\\eurosport\\eurosport player\\consoles.eurosport.exe"= Disabled:UDP:C:\program files\eurosport\eurosport player\consoles.eurosport.exe:Consoles.Eurosport
    "UDP Query User{8C40F038-48DC-4B1D-8191-A1D3BE5A4B80}C:\\program files\\eurosport\\eurosport player\\consoles.eurosport.exe"= Disabled:TCP:C:\program files\eurosport\eurosport player\consoles.eurosport.exe:Consoles.Eurosport
    "TCP Query User{758A46F3-689C-4261-9B3C-E37B1D64D919}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= Disabled:UDP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{AB1F62E6-AB47-421A-A14C-FA4FDB850310}C:\\users\\fnac\\program files\\bittorrent_dna\\dna.exe"= Disabled:TCP:C:\users\fnac\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{428767F8-5D2A-4646-9AD0-86B49A3FC6E1}C:\\program files\\emule\\emule.exe"= Disabled:UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{D4070A8B-0DA5-4D5D-A6C9-7233D3833447}C:\\program files\\emule\\emule.exe"= Disabled:TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{61189CAF-F36B-4FC9-AF86-B34FD6FC7ABF}C:\\users\\fnac\\desktop\\emule\\emule.exe"= Disabled:UDP:C:\users\fnac\desktop\emule\emule.exe:emule.exe
    "UDP Query User{869FBA16-728F-401C-A5EA-3E8A8E0DFCDB}C:\\users\\fnac\\desktop\\emule\\emule.exe"= Disabled:TCP:C:\users\fnac\desktop\emule\emule.exe:emule.exe
    "TCP Query User{8E6DD853-4D89-45A1-9979-728BD40D47F1}C:\\users\\fnac\\appdata\\local\\temp\\rar$ex01.203\\emule.exe"= Disabled:UDP:C:\users\fnac\appdata\local\temp\rar$ex01.203\emule.exe:emule.exe
    "UDP Query User{7955363D-7C21-47B3-8510-700D78AB12D5}C:\\users\\fnac\\appdata\\local\\temp\\rar$ex01.203\\emule.exe"= Disabled:TCP:C:\users\fnac\appdata\local\temp\rar$ex01.203\emule.exe:emule.exe
    "TCP Query User{699861F5-7D00-4C67-9A0F-8D5BAA1BA1F6}C:\\program files\\peertv\\peercast.exe"= Disabled:UDP:C:\program files\peertv\peercast.exe:PeerCast
    "UDP Query User{5DCB1DEC-4D4F-416D-8A00-BAAC8530BF6E}C:\\program files\\peertv\\peercast.exe"= Disabled:TCP:C:\program files\peertv\peercast.exe:PeerCast
    "TCP Query User{B80F80E9-E4A1-44B4-80E7-100EB20738A8}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "UDP Query User{7B08274F-FEFB-49D4-A893-4B55F975217A}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "{C66728D1-DAEC-415B-9070-A0092226AB08}"= Disabled:UDP:C:\Program Files\PPLive\PPLive.exe:PPLive
    "{47E7DB14-E7A5-4136-9942-26FB21F56B8E}"= Disabled:TCP:C:\Program Files\PPLive\PPLive.exe:PPLive
    "TCP Query User{F34BAEF9-C572-40EF-AF53-496DED1A7A8D}C:\\program files\\ppmate\\ppamnet.exe"= Disabled:UDP:C:\program files\ppmate\ppamnet.exe:ppmnet Module
    "UDP Query User{65EDA166-96FE-4174-BEBA-B24D000ED33B}C:\\program files\\ppmate\\ppamnet.exe"= Disabled:TCP:C:\program files\ppmate\ppamnet.exe:ppmnet Module
    "TCP Query User{F6CCE462-E696-495F-8C7C-D363C6BF0A0E}C:\\program files\\ppstream\\ppstream.exe"= Disabled:UDP:C:\program files\ppstream\ppstream.exe:PPS????
    "UDP Query User{60A28FF1-B1E2-4318-81B1-33771721150E}C:\\program files\\ppstream\\ppstream.exe"= Disabled:TCP:C:\program files\ppstream\ppstream.exe:PPS????
    "{E5CC6C83-724C-4EFD-84C1-582FEE83D7CA}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{F8C5EDD8-F661-4523-8BEA-3A5B75AF4EAB}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{C7351DE2-B31E-422C-BA54-BB8D3D3ADF87}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{AB690862-3E87-4AE2-8495-96BC8ABEE50A}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{D0C091C5-99E0-4040-9F1D-00CD6C54C659}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9154CBF0-489F-48D1-B745-314C218B255D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9475E59C-F6CA-4D50-91C2-7D455C5447DF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{039D6BF6-9D98-4D62-A18A-AF4B0A34FAB1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{BBC8C456-59E8-43F7-8642-A66E0DBA0B60}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream
    "C:\\Program Files\\PPMate\\ppmate.exe"= C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
    "C:\\Program Files\\PPMate\\ppamnet.exe"= C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
    R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]
    R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 15:44]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
    S1 hidfltr;HID Filter Driver;C:\Windows\system32\drivers\MWhid.sys [2004-11-03 06:20]
    S2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\Windows\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 05:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee31327-4d5f-11dc-b167-00146c3a00b4}]
    \shell\AutoRun\command - K:\Setup\rsrc\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4559029-f556-11db-81e9-806e6f6e6963}]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f600735f-28ca-11dc-a892-00146c3a00b4}]
    \shell\AutoRun\command - I:\Setup\rsrc\Autorun.exe
    \shell\dinstall\command - I:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6007368-28ca-11dc-a892-00146c3a00b4}]
    \shell\AutoRun\command - J:\Setup\rsrc\Autorun.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-03 21:00:00 C:\Windows\Tasks\Extension de garantie.job"
    - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
    "2008-04-03 21:20:12 C:\Windows\Tasks\User_Feed_Synchronization-{CFE347B2-4805-40C1-A896-D4C97D4CE8CF}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-03 23:22:30
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-03 23:23:20
    ComboFix-quarantined-files.txt 2008-04-03 21:23:16
    ComboFix2.txt 2008-04-03 20:47:37
    Pre-Run: 134,565,568,512 octets libres
    Post-Run: 134,509,608,960 octets libres
    .
    2008-03-25 18:50:06 --- E O F ---

    HIJACK THIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:25:55, on 03/04/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\System32\mobsync.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\fnac\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.football365.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    tu as encore des pubs ?

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ronan13
     
    A priori nan c'est trop bien je te remercie mille fois vraiment trop bien, tu es mon sauveur !!! ;)
    Tu sais de quoi ça vient histoire de pas refaire la meme betise si c'est le cas
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    ca vient du faite que tu n´as pas de par feu et qu´avast n´est pas terrible en plus tu utilise internet explorer...

    mais bon c´est pas fini :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
    1. Ronan13
       
      Salut,

      Merci beaucoup rien à redire sinon encore merci.

      Par contre sur le rapport ci-dessous il me parle encore de petit truc faut t-il que je les supprime ?

      Malwarebytes' Anti-Malware 1.10
      Version de la base de données: 587

      Type de recherche: Examen complet (C:\|F:\|G:\|H:\|M:\|)
      Eléments examinés: 185762
      Temps écoulé: 1 hour(s), 12 minute(s), 50 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 5
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 5

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\kiasys.video (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\AppID\{8b580e40-6b46-44c8-9e80-a5ad6e1d1035} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\kiasys.dll (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kiasys.video (Trojan.FakeAlert) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\QooBox\Quarantine\C\d.exe.vir (Spyware.Delf) -> No action taken.
      C:\QooBox\Quarantine\C\kbvxxo.exe.vir (Trojan.Downloader) -> No action taken.
      C:\QooBox\Quarantine\C\mxuxc.exe.vir (Trojan.Clicker) -> No action taken.
      C:\QooBox\Quarantine\C\Windows\kiasys.dll.vir (Trojan.Agent) -> No action taken.
      C:\QooBox\Quarantine\C\Windows\System32\xxywXNHb.dll.vir (Trojan.Vundo) -> No action taken.
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    de rien ;-)

    oui supprime tout

    puis

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    en mode sans echec :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    bonne nuit ;-)

    @+
    0