Votre question

PC infecté et désinfection impossible ...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Juin 2008 16:46:13

Bonjour,

Je suis sous Windows Vista SP1 et j'ai été infecté par (apparemment) plusieurs infections. L'une d'entre elle est MSServer mais celle-ci semble corrigée. J'avais pleins d'alertes de sécurité affiché par un programme qui copiait l'interface du centre de sécurité.

En fait Ad-Aware 2008 m'a désinfecte plusieurs choses mais depuis cela (et même pendant l'infection), pleins de programmes refuse simplement de se lancer. Aucun message d'erreur, le néant.

Firefox ne se lance plus
Tous les programmes contenant un taskmanager non plus.
Firefox idem
notepad se lance mais part en opération non conforme avant d'afficher quoi que ce soit (même sa barre de menu reste vierge).
Et surement bien d'autres que je n'ai pas essayé de peur d'étendre l'infection.

Mon fichier hosts est sain (il ne contient que les "patchs" de Spybot) et pourtant je suis redirigé vers une IP sur chaque site de sécurité (donc impossible de mettre à jour mes definitions de tous mes logiciels de sécurité.

Voilà mon rapport hijackthis en espérant avoir de l'aide, cela fait des jours que je cherche une solution.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:59, on 10/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\taskeng.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Windows\RtHDVCpl.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Serveur\EasyPHP.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\CyberLink\PowerCinema\PCMService.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Windows\system32\wbem\unsecapp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\uTorrent\utorrent.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Serveur\Apache\bin\apache.exe
E:\Windows\System32\rundll32.exe
C:\Documents and Settings\NY152\Mes documents\Mes Devellopements\ALT+CTRL+END\CtrlAltEnd.exe
E:\Serveur\MySql\bin\mysqld.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
E:\Serveur\Apache\bin\apache.exe
E:\Windows\Explorer.exe
E:\secur\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - E:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EasyPHP] "E:\Serveur\EasyPHP.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Ai Quicker Help] "E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE E:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCMService] "E:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Orb] "E:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RamBoostXp] E:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - E:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - E:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hMailServer - hMailServer - E:\Program Files\hMailServer\Bin\hMailServer.exe
O23 - Service: hMailServerMySQL - Unknown owner - E:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - E:\Windows\system32\libusbd-nt.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - E:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVersityMediaServer - Unknown owner - E:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: UnrealIRCd - none - E:\Program Files\Unreal3.2\wircd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 13151 bytes

D'avance, merci

Autres pages sur : infecte desinfection impossible

a b 8 Sécurité
10 Juin 2008 17:14:33

Bonjour,

Apparemment propre.

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
10 Juin 2008 18:21:05

Ce programme ne se lance pas :( 
Contenus similaires
a b 8 Sécurité
10 Juin 2008 18:26:34

Une erreur ?
a b 8 Sécurité
11 Juin 2008 12:29:59

Tu peux m'expliquer cette histoire de redirection ?
11 Juin 2008 15:25:38

exemple quand tu entre l'adresse http://www.safer-networking.org/ (celle de Spybot y en a des tonnes comme ça), tu es redirigé vers ton IP loacal ce qui donne htt://127.0.0.1/
a b 8 Sécurité
11 Juin 2008 16:13:28

Bizarre.

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
11 Juin 2008 16:26:34

Incompatible j'ai une boite de dialogue qui me dit : "Windows 9x, Me, NT, 2000, 2003, XP requis."

Je sens le problème insoluble ...
11 Juin 2008 16:33:46

Pour rappelle j'avais expliqué dans mon post de départ que le fichier host était sain. Seuls les entrées de Spybot s'y trouve. J'ai même poussé mes recherches en vidant ce fichier pour tester (j'ai tout remis depuis) cela ne changeait rien les sites était quand même redirigés. Il doit y avoir soit un programme qui détourne la chose ou alors le soucis est dans la base de registre.
a b 8 Sécurité
11 Juin 2008 16:47:51

Tu es derrière un proxy ?
11 Juin 2008 17:02:28

non aucun
a b 8 Sécurité
11 Juin 2008 17:37:16

Fix cette ligne avec Hijackthis :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://*;*.local
11 Juin 2008 17:54:49

ah ... en fait maintenant c'est pire je suis redirigé vers des sites au lieu de 127.0.0.1 ....
11 Juin 2008 17:58:53

complément d'information : quand je tapait l'url de Spybot j'étais redirigé vers 127.0.0.1 maintenant je suis redirigé vers google avec l'adresse en recherche et quand je clique sur le site de Spybot je suis redirigé vers des sites qui n'ont pas de domaine voire vers des sites de recherche très douteux.
a b 8 Sécurité
11 Juin 2008 18:45:38

On va tenter quelque chose.

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
**Si le lien ne fonctionne pas, clique [#ff0000]ici
**

Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
12 Juin 2008 01:12:15

En fait entre temps j'ai tenté un scan avec Malwarebytes Anti-Malware (le seul logiciel qui a bien voulu s'installer et surtout se mettre à jour). Le résultat est pour le moins alarmant. Je poste le log afin qu'on me disent si je peux tout fixer ou si certains éléments font partie du système (je n"aimerais avoir à réinstaller mon système)

Le log :

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 849

01:05:34 12/06/2008
mbam-log-6-12-2008 (01-04-39).txt

Type de recherche: Examen rapide
Eléments examinés: 41677
Temps écoulé: 25 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 53

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
E:\Windows\System32\vntiho06 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
E:\Windows\explore.exe (Trojan.Agent) -> No action taken.
E:\Windows\x.exe (Trojan.Agent) -> No action taken.
E:\Windows\y.exe (Trojan.Agent) -> No action taken.
E:\Windows\xxxvideo.hta (Trojan.Agent) -> No action taken.
E:\Windows\default.htm (Trojan.Agent) -> No action taken.
E:\Windows\loader.exe (Trojan.Agent) -> No action taken.
E:\Windows\internet.exe (Trojan.Agent) -> No action taken.
E:\Windows\accesss.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
E:\Windows\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\cpan.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\directx32.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\editpad.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\explorer32.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\funniest.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\funny.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\iedll.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\msspi.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\quicken.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\system32\clbdll.dll (Trojan.Agent) -> No action taken.
E:\Windows\System32\pac.txt (Malware.Trace) -> No action taken.
E:\Windows\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\searchword.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\sistem.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\systeem.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\time.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\users32.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\waol.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\win32e.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\win64.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\window.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
E:\Windows\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
E:\Windows\System32\drivers\clbdriver.sys (Rootkit.Agent) -> No action taken.
a b 8 Sécurité
12 Juin 2008 13:38:36

Tu peux tout supprimer.
12 Juin 2008 13:48:09

Je viens de le faire et voilà le résultat (pour information le bloc-notes a pu s'ouvrir à la fin de la réparation pour m'afficher le log. Bon point :) 

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 849

13:43:48 12/06/2008
mbam-log-6-12-2008 (13-43-48).txt

Type de recherche: Examen rapide
Eléments examinés: 41677
Temps écoulé: 25 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 53

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
E:\Windows\System32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
E:\Windows\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Windows\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
E:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
E:\Windows\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Windows\System32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Je redémarre et je refais un scan pour vérification.
a b 8 Sécurité
12 Juin 2008 13:52:50

Fais ce que j'ai dit avec FixWareout :) 
12 Juin 2008 14:20:34

ton programme m'ouvre un code VBS avec le bloc-notes c'est tout
a b 8 Sécurité
12 Juin 2008 15:45:22

Tu as encore le même problème ?
12 Juin 2008 16:21:43

en fait c'est mes fichiers BAT qui sont associés au notepad (je n'ai jamais fais cette association bizarre). Je l'ai lancé depuis un invite de commande et retour à la case départ : Unsupported version pour Windows .... Une autre piste ?
a b 8 Sécurité
12 Juin 2008 18:02:50

Oui mais tu as toujours ce problème de redirection ?
12 Juin 2008 20:34:07

oui
a b 8 Sécurité
13 Juin 2008 11:44:40

Pour les fichiers Bat, tu fais clic droit / Propriétés pour changer le programme assigné à celui-ci.
13 Juin 2008 12:59:22

Ca ne marche pas. Je préfère me concentrer sur la sécurité du système avant.
a b 8 Sécurité
13 Juin 2008 15:35:03

Je ne vois pas comment s'occuper de ton infection :/ 

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    14 Juin 2008 04:18:34

    après 3 heures, le programme a enfin terminé et le résultat est pour le moins catastrophique. Je n'ai plus aucunes icône affichées dans mes répertoires. Seuls le nom des dossiers et fichiers apparaissent. C'est pire que mieux en fait. Je pense que ce programme (même si il ne l'indique pas) est TOTALEMENT incompatible avec Vista et a touché à des éléments du système qu'il n'aurait pas du. Pour ce qui est du log, il ne l'a tout simplement pas créé (j'ai fait une recherche).
    a b 8 Sécurité
    14 Juin 2008 11:09:36

    Re,

    Ce programme est totalement compatible avec Vista. Il a été testé sur des centaines de cas, et si ça peut te faire plaisir, sur mon pc également.
    Tu as le cd de Windows ?
    15 Juin 2008 01:12:18

    bien sur
    a b 8 Sécurité
    15 Juin 2008 12:32:28

    Tu as testé la réparation avec le cd ?
    15 Juin 2008 23:38:50

    non (il me semble que la réparation ne corrige que les boot non ?) et quand bien même à chaque fois que j'ai eu recours à cette options sous XP, le formatage était jamais loin après à cause de conflit de versions en tout genre donc ...)

    J'ai conçu un petit logiciel permettant de rechercher des fichiers selon des critères diverses et variés (le moteur de recherche de fichier de Vista étant un bug à lui seul (il avait rien trouvé. Mon programme lui a trouvé le log finalement il s'appelait autrement que combofix.txt bref le voici :

    ComboFix 08-06-12.2 - NY152 2008-06-14 1:35:38.1 - NTFSx86
    Endroit: \\Ny-152\tmp\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\Windows\Fonts\CALIBRIB.TTF
    E:\Windows\mainms.vpi
    E:\Windows\megavid.cdt
    E:\Windows\muotr.so
    E:\Windows\System32\5753\22122.dll
    E:\Windows\system32\Cfx32.lic
    E:\Windows\system32\cfx32.ocx
    E:\Windows\system32\hljwugsf.bin
    E:\Windows\system32\instsrv.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER
    -------\Legacy_MSSECURITY1.209.4
    -------\Service_clbdriver
    -------\Service_iprip


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Modèles
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Menu Démarrer
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Favoris
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Bureau
    2099-04-20 19:06 --------- d-sh--w E:\Program Files\Fichiers communs
    2008-06-14 01:32 34,660,896 -csha-w E:\Windows\system32\drivers\fidbox.dat
    2008-06-14 01:30 --------- dc----w E:\Program Files\Winamp Remote
    2008-06-14 01:26 354,388 -c-ha-w E:\Windows\system32\drivers\vsconfig.xml
    2008-06-14 01:20 483,836 -csha-w E:\Windows\system32\drivers\fidbox.idx
    2008-06-13 01:08 --------- dc----w E:\ProgramData\Google Updater
    2008-06-12 23:25 --------- dc----w E:\Program Files\Windows Mail
    2008-06-12 15:11 --------- dc----w E:\Program Files\OfflineList 0.7.2
    2008-06-11 22:31 --------- dc----w E:\ProgramData\Malwarebytes
    2008-06-11 22:31 --------- dc----w E:\Program Files\Malwarebytes' Anti-Malware
    2008-06-10 17:02 34,296 -c--a-w E:\Windows\system32\drivers\mbamcatchme.sys
    2008-06-10 17:02 15,864 -c--a-w E:\Windows\system32\drivers\mbam.sys
    2008-06-10 14:01 --------- dc----w E:\Program Files\Symantec
    2008-06-10 12:39 --------- dc----w E:\ProgramData\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Common Files\Wise Installation Wizard
    2008-06-10 10:30 --------- dc----w E:\Program Files\Windows Live Safety Center
    2008-06-07 01:24 --------- dc----w E:\Program Files\Glary Utilities
    2008-06-05 13:58 --------- dc----w E:\Program Files\Zone Labs
    2008-06-04 02:59 --------- dc----w E:\Program Files\Chaos Shredder2.3FR
    2008-06-04 01:38 --------- dc----w E:\Program Files\RamBoost XP
    2008-06-04 01:03 --------- dc----w E:\ProgramData\Spybot - Search & Destroy
    2008-06-04 00:26 806 -c--a-w E:\Windows\system32\drivers\SYMEVENT.INF
    2008-06-04 00:26 123,952 -c--a-w E:\Windows\system32\drivers\SYMEVENT.SYS
    2008-06-04 00:26 10,652 -c--a-w E:\Windows\system32\drivers\SYMEVENT.CAT
    2008-06-04 00:26 --------- dc----w E:\ProgramData\Symantec
    2008-06-04 00:26 --------- dc----w E:\Program Files\Common Files\Symantec Shared
    2008-06-04 00:25 --------- dc----w E:\Program Files\Norton AntiVirus
    2008-06-03 22:02 --------- dc----w E:\Program Files\Security Task Manager
    2008-06-03 21:55 --------- dc----w E:\ProgramData\SecTaskMan
    2008-06-03 11:14 --------- dc----w E:\Program Files\CCleaner
    2008-05-30 01:21 --------- dc----w E:\Program Files\MeuhMeuhTV
    2008-05-29 10:41 --------- dc----w E:\ProgramData\eMule
    2008-05-29 10:39 --------- dc----w E:\Program Files\eMule
    2008-05-28 09:38 --------- dc----w E:\ProgramData\ma-config.com
    2008-05-28 09:35 --------- dc----w E:\Program Files\ma-config.com
    2008-05-28 00:27 --------- dc----w E:\Program Files\Common Files\TerraTec
    2008-05-27 23:59 --------- dc----w E:\ProgramData\VMware
    2008-05-27 23:59 --------- dc----w E:\Program Files\VMware
    2008-05-27 23:34 --------- dc----w E:\Program Files\TerraTec
    2008-05-27 23:23 --------- dc----w E:\ProgramData\TerraTec
    2008-05-27 21:26 319,456 -c--a-w E:\Windows\DIFxAPI.dll
    2008-05-27 21:26 --------- dc----w E:\Program Files\Realtek
    2008-05-27 20:48 --------- dc----w E:\Program Files\Intel
    2008-05-26 11:45 --------- dc----w E:\Program Files\NewsSearcher
    2008-05-26 11:26 --------- dc----w E:\Program Files\NewsLeecher
    2008-05-23 02:49 --------- dc----w E:\Program Files\mIRC
    2008-05-22 00:15 --------- dc----w E:\Program Files\Notepad++
    2008-05-21 15:09 --------- dc----w E:\Program Files\DivX
    2008-05-21 02:04 --------- dc----w E:\ProgramData\CyberLink
    2008-05-21 01:48 --------- dc-h--w E:\Program Files\InstallShield Installation Information
    2008-05-21 01:48 --------- dc----w E:\Program Files\CyberLink
    2008-05-20 23:57 --------- dc----w E:\Program Files\MeuhMeuhTV Alpha
    2008-05-20 21:06 --------- dc----w E:\Program Files\ASUS
    2008-05-20 09:59 --------- dc----w E:\Program Files\Microsoft Silverlight
    2008-05-19 09:50 --------- dc----w E:\Program Files\K!TV
    2008-05-10 01:33 113,664 -c--a-w E:\Windows\system32\drivers\rmcast.sys
    2008-05-09 10:55 --------- dc----w E:\Program Files\The GodFather
    2008-05-08 02:33 --------- dc----w E:\Program Files\WinAce
    2008-05-07 12:00 --------- dc----w E:\Program Files\nxtvepg
    2008-04-29 09:20 15,648 -c--a-w E:\Windows\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 -c--a-w E:\Windows\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 -c--a-w E:\Windows\system32\drivers\Awrtpd.sys
    2008-04-27 23:20 --------- dc----w E:\Program Files\Smart Projects
    2008-04-22 09:59 --------- dc----w E:\Program Files\uTorrent
    2008-04-19 02:50 --------- dc----w E:\ProgramData\NVIDIA
    2008-04-15 02:18 0 -c-ha-w E:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-04-14 00:16 --------- dc----w E:\Program Files\Tomb Raider - Legend
    2008-04-12 01:17 174 --sha-w E:\Program Files\desktop.ini
    2008-04-06 23:35 32 -c--a-w E:\Users\All Users\ezsid.dat
    2008-04-06 23:35 32 -c--a-w E:\ProgramData\ezsid.dat
    2008-01-03 01:38 357 -c--a-w E:\Users\NY152\.cb_layout.bin
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-01-26 00:17 32,768 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a--c--- E:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "E:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]
    "swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 15:25 68856]
    "DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
    "uTorrent"="E:\Program Files\uTorrent\utorrent.exe" [2008-05-28 02:41 578864]
    "Orb"="E:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
    "Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Sidebar"="E:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "RamBoostXp"="E:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 22:48 1542144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
    "LanguageShortcut"="E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 19:11 4317184 E:\Windows\RtHDVCpl.exe]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "EasyPHP"="E:\Serveur\EasyPHP.exe" [2006-11-19 22:16 176128]
    "NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
    "WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
    "Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
    "Ai Quicker Help"="E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
    "NvSvc"="E:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
    "NvCplDaemon"="E:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
    "NvMediaCenter"="E:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
    "PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-12-27 14:59 151552]
    "ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
    "ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
    "@"="" []
    "combofix"="E:\Windows\system32\CF8088.exe" [2008-01-18 23:33 318976]

    E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

    E:\Users\NY152\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    CtrlAltEnd.lnk - C:\Documents and Settings\NY152\Mes documents\Mes Devellopements\ALT+CTRL+END\CtrlAltEnd.exe [2007-03-28 03:38:02 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableTaskMgr"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\787a3f10]
    E:\Users\NY152\AppData\Local\Temp\chphmkqm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc7cf3cef]
    E:\Users\NY152\AppData\Local\Temp\vdsyjmoe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
    E:\Users\NY152\AppData\Local\Temp\wvUnNhIc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
    E:\Users\NY152\AppData\Local\Temp\opnkkiHa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{BF108482-0EB1-489F-AADE-CF21E799BA35}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{5E2EA2AB-B51D-4901-808D-0188B094A0D2}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{6036C27F-2C69-4F0E-9467-9A7B4F094AB6}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{CDB1F895-43F9-4ADD-BA71-00CFFD204578}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{77B9CF9A-6195-4421-A6BE-E969B6AEBBA8}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{E35343D7-CA6B-4389-B3AB-60DDAA10B783}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{8121849D-149D-4F9B-BB61-4908B0C95A44}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{7C36667E-CC0A-45F1-9776-0668F1A8F5CA}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{3BF24B7E-BB90-4BEA-B366-81D75FBEB5D5}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{F7E930A0-C155-418D-97F0-7A3332E431CD}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{C89B7A1A-FEBE-4DFC-BA74-3953CCC598C7}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{E746E21C-0D38-4F58-B369-2C3BA817124F}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1BAC5483-03F4-4DEA-92D6-D79F38756751}E:\\program files\\unreal3.2\\wircd.exe"= UDP:E:\program files\unreal3.2\wircd.exe:wircd
    "UDP Query User{206347B2-86CF-4BF7-BDCA-6F10433F1E35}E:\\program files\\unreal3.2\\wircd.exe"= TCP:E:\program files\unreal3.2\wircd.exe:wircd
    "TCP Query User{7ABC444F-F385-4284-AC2A-62AEE8A5D32B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{C62DF5AE-83AA-4D73-9CD6-30C7302DF98F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1D77F2CA-5AB8-4D0B-9A81-76CE0BB5C840}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= UDP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{525AFBAD-CA53-453C-8458-9EE4D2938EEA}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= TCP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{E51E01AC-7DBB-4E80-83E4-20F2F617CAB6}E:\\users\\ny152\\desktop\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{B3A6761A-94CC-46C1-B379-14FD63C68FF0}E:\\users\\ny152\\desktop\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{62D1AE42-A86A-4B27-B564-E217B496CC60}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{D574DCFD-D4F9-4059-8E0D-B80C597F0C9F}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{30AA0849-56B8-414F-BF4A-A3F6256958F3}E:\\program files\\videolan\\vlc\\vlc.exe"= UDP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{A012963E-3C1D-409A-9EF6-AEB22A004D52}E:\\program files\\videolan\\vlc\\vlc.exe"= TCP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "{57281467-B851-4673-9267-CB11E511A877}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{F3E67344-4E87-48F8-910D-A8A16B66A19D}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{9A7B2ACF-0C12-457C-B338-36C445B78B7D}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{9F1AA51F-D75E-4564-9C81-130E05D0F20C}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{7361A0E7-FA1B-44D7-95A4-D662A1253220}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{3884E9E7-0625-48E9-80AE-3D2C723FADA1}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "TCP Query User{CE8A7024-6A04-4901-AE8A-192492F4880B}E:\\program files\\internet explorer\\iexplore.exe"= UDP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{343FEF9F-755B-4C26-A7F4-C2B693E5A092}E:\\program files\\internet explorer\\iexplore.exe"= TCP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{535A3916-9E01-4EC4-87CD-09076A9F6CBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7248E649-C78C-42A1-B2BE-EC2151F0774E}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{12EF46FB-B19C-402B-879C-12A681012303}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4DAF6DCC-763C-4BE0-820E-C0B8171091F5}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{97FEE673-E995-4430-91F2-721C820C4F84}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{3690E3C0-88BB-4515-9660-49415A3912B6}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= UDP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "UDP Query User{8C5409D3-3360-4217-82BB-9ECBED307AA1}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= TCP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "{8C34C0E7-1434-4A56-A687-29DA492F432D}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{48E4740F-D961-4B70-9217-76A67F4D517D}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{23A0E2C6-FFAE-4A51-A876-1BC0A5885620}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{DE5769B6-FDC1-42E1-9EE2-9B5155195DAC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{ED8DB0BA-2580-4247-8FE4-165719244164}"= Disabled:UDP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "{BEA63001-DEB8-4A91-9A7D-57C32E98E942}"= Disabled:TCP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "TCP Query User{BF4160A8-1F42-4F8D-9B9E-905606878940}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{61952E4E-2E7D-4872-9151-3A7758E92DD1}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{4C7020A9-5D11-47D7-931B-613D100638FE}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{4055A7AB-D721-473C-9907-CDB3C8B71E01}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "{033FD465-402E-4E79-B9F3-22A63EA418DA}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{0425EAEE-64CC-446F-92F3-36ECA5CEB4B8}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{97FAA0C1-A1E2-4B8D-B209-B0F63B382DBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{6091B6EC-4000-4408-AD08-1283F8BAE28E}E:\\serveur\\apache2.2\\bin\\httpd.exe"= UDP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "UDP Query User{57E0CA7F-C04A-4D9E-B22C-B7DF0D3654EC}E:\\serveur\\apache2.2\\bin\\httpd.exe"= TCP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "TCP Query User{C1352992-04C7-4671-9A9D-56E04C74502E}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{AC233DCD-27C1-4D5C-BC02-AF552515FB62}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "{1B62CF7C-7848-4A19-9AD5-07997FA782A0}"= UDP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3C5685E5-F81B-4FE4-B64B-34DEDB9472D6}"= TCP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3B85895E-52DE-4DB6-B75E-7C39BB71B876}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{3B9A2DCE-B8F1-4E3B-A966-CD366DD55576}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{52B1C107-FCD7-4284-9D4D-0840CFD28004}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{F1F60DCE-8C96-4733-B0A0-C91D0F351197}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{B877EB90-2DC7-4245-AC6D-23E7375261E8}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{B1984769-D95C-47BB-B6DC-99E78CFE4910}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{EF04462F-7644-4150-BFCF-01959EADFFAD}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{398AFF56-31A0-4305-9F3F-457719EF4588}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "TCP Query User{F93088E5-D9CC-47EC-8ADA-98DC0B754A77}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{A16B396C-3E93-4C56-AF6D-E489FC1F34CF}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "TCP Query User{263D8921-BF49-40CD-A97D-92F88DE5DCB2}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{01333779-E687-44DD-8F77-30ABC03108C3}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{5D856332-1710-4495-9BBE-C6A573C135EF}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{A355CB1C-B6D4-4D5A-AF94-808770A35EC2}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{1F9ADF6A-38C0-41C0-8813-5E2FEB5E090F}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= UDP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "UDP Query User{C31033FA-3A31-4651-842A-BB89E424FFCF}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= TCP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "{E990B999-A5F1-4CEE-AF35-77E920031EAD}"= UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{29421688-02DF-4D2C-80F3-B14A6D02CEBF}"= TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{BAF1C9A1-0DD4-4E61-91D9-8A9E18078177}"= UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{A4C8553C-F26A-42A6-B6F4-D13591ADD17B}"= TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{1A364CE3-2EFC-4FBD-8E17-9FA95FC20DFD}"= UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{DCB1D536-574A-4CCA-94C1-6F609C9E4C68}"= TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "TCP Query User{1CFC8655-E452-4BB6-8F96-E30137A1DF6C}E:\\eduke32\\eduke32.exe"= UDP:E:\eduke32\eduke32.exe:eduke32
    "UDP Query User{FFEE7B37-C254-4F63-A6FD-B7484A3F18A6}E:\\eduke32\\eduke32.exe"= TCP:E:\eduke32\eduke32.exe:eduke32
    "TCP Query User{E7F1BC1D-C519-47E0-8D35-71BF7FCA5CB3}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= UDP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "UDP Query User{0C77D81D-EC4C-4ACB-97D5-D6D1C657BCF1}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= TCP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "TCP Query User{87606A35-95F5-430C-B88B-11EC44394F08}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= UDP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "UDP Query User{3C52B43C-4AD8-47F9-A5F9-0688C11515F2}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= TCP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "TCP Query User{E34BE81F-25B0-4BAE-B2A9-A5FC8EA59523}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= UDP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "UDP Query User{79042002-884D-423C-BC23-661570F8C127}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= TCP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "TCP Query User{D195EEAF-AC90-4A2E-87AE-ACF73B7B08EF}E:\\windows\\system32\\qpsvoo.exe"= UDP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "UDP Query User{E7AAD6C5-8A7C-44E7-AC3F-325E41BD34D1}E:\\windows\\system32\\qpsvoo.exe"= TCP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "TCP Query User{2332811E-5B4E-4FF5-A244-7163C6AB0DC3}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= UDP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "UDP Query User{30BAE46F-1FF7-4EF4-B0E3-0709937A03F4}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= TCP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "TCP Query User{3E75310D-B195-40F0-B66B-D653EE9DCA8E}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{BFEB257D-F580-463B-B24C-D81CED128C11}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{285D087E-7B68-49F9-BC47-1D8E5FBD5B84}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= UDP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "UDP Query User{582D5485-5042-4A48-B2A7-043B53882F65}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= TCP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "TCP Query User{9AC8D1FE-AFBE-4553-A03C-382AEF14C965}E:\\mercury\\mercury.exe"= UDP:E:\mercury\mercury.exe:Mercury
    "UDP Query User{F78C7F63-A1EB-4AD6-95D2-6622239E6EC7}E:\\mercury\\mercury.exe"= TCP:E:\mercury\mercury.exe:Mercury
    "{A47892DC-A151-432B-9C37-8BF6EDD4CAC1}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{289172A3-A9FA-4420-BD6D-85E44316330E}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{5550D1B8-1431-49C1-9079-57B20A438653}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{2F1C87B5-7D9C-4EB1-9371-868201F57C80}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{6BBE53F7-34CE-4B41-B2BF-78BB67B7193B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{9D62AE26-7919-4921-9CF4-A9E3F0EEEC4D}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{52BECF7C-5431-497C-92ED-BB128872392B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{D495DF5D-8320-48E9-B1E0-1601941E8261}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{772B2805-038A-44AD-B4B2-592C4A8CA178}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{DA4537A3-1256-4D19-ACBA-9B92825216E7}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{63DED16A-31F5-4D2F-8D52-2AB8731BE3C9}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
    "{A9E5BE9B-7ADC-49AA-BE3D-F889FAD14197}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
    "{C28AB1B6-0864-44A1-90A7-DBFEC37090A3}"= UDP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{9F5F419B-FF86-4AE7-A39B-A6513A718112}"= TCP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{37BE5547-6AEE-4C1E-A6D0-10484950E172}"= E:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
    "{EFA3DF9B-160B-4553-8E18-C916714D010B}"= UDP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{4BFA3486-4957-4FBF-BA4F-B6E2885BDB54}"= TCP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{5C5AFEC0-FB88-4F88-80BD-CF4F0B161D06}"= UDP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{043283F1-31A1-4526-AF5B-5F610121E88E}"= TCP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{8F9AE586-E1D8-41E6-88E0-29E58DE73970}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{C602A709-0DC3-4085-A2FE-18F5456E41AC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{8139EE5A-37D7-4BAE-9B86-468672149B59}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{51A1743A-F55F-4E5C-A6B9-954845920D06}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{11A3D272-C452-4C7E-98AF-31F726DDDBF4}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{33F1C391-9B29-4217-BAE9-6966EC403252}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{D504C1F7-7975-4D9F-AD45-CA141961BC61}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{69C21C20-7131-40F2-BD2B-E4A08B740EAB}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{FD8A2F82-924D-4816-B34F-C76C8AB546DF}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{9075CCCC-E727-42D9-B75B-CE876D313912}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{FFF69D78-9A32-479D-ADA4-D9A99381276E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{7DDCFB4D-D006-46D6-91DB-3ABE6E8B8F87}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{D57A05DC-E1BF-4E18-BBFB-AD42D3EC6A96}"= UDP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{08FB3232-1500-42A4-BB22-4DFF89D8F90C}"= TCP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{9B98C63D-2569-4752-BB90-076A040395B3}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{1AD1D7BF-E96F-4AE2-81EA-C528B6A4D016}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
    "Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 hotcore3;hotcore3;E:\Windows\system32\drivers\hotcore3.sys [2007-03-07 14:27]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
    R2 EAPPkt;Realtek EAPPkt Protocol;E:\Windows\system32\DRIVERS\EAPPkt.sys [2007-03-09 15:29]
    R2 hMailServer;hMailServer;E:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
    R2 hMailServerMySQL;hMailServerMySQL;"E:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=E:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
    R2 NfsClnt;Client pour NFS;E:\Windows\system32\nfsclnt.exe [2008-01-18 23:33]
    R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 UxTuneUp;TuneUp Extension de thème;E:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;E:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 NfsRdr;Redirecteur du service Client pour NFS;E:\Windows\system32\drivers\nfsrdr.sys [2008-01-18 21:28]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;E:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
    R3 PsxDrv;PsxDrv;E:\Windows\system32\drivers\psxdrv.sys [2008-01-18 21:35]
    R3 RpcXdr;ONCRPC (Open RPC) du service Serveur pour NFS;E:\Windows\system32\drivers\rpcxdr.sys [2008-01-18 21:29]
    R3 vvftav;vvftav;E:\Windows\system32\drivers\vvftav.sys [2007-02-02 22:38]
    R3 xpvcom;XPVCOM Port;E:\Windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 03:00]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;E:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    R3 ZSMC0305;USB PC Camera VC305;E:\Windows\system32\Drivers\usbVM305.sys [2007-03-08 20:05]
    S0 OemBiosDevice;Royalty OEM Bios Extension;E:\Windows\system32\drivers\royal.sys [2007-12-21 02:11]
    S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);E:\Windows\system32\Drivers\ezusb.sys [2003-04-04 03:53]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezusb2.sys);E:\Windows\system32\Drivers\ezusb2.sys [2003-04-04 03:53]
    S3 3xHybrid;3xHybrid service;E:\Windows\system32\DRIVERS\3xHybrid.sys [2005-05-03 10:25]
    S3 maconfservice;Ma-Config Service;"E:\Program Files\ma-config.com\maconfservice.exe" [2008-05-23 18:37]
    S3 NPF;NetGroup Packet Filter Driver;E:\Windows\system32\drivers\npf.sys [2007-06-29 02:01]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;E:\Windows\system32\DRIVERS\RTL8187.sys [2007-03-13 12:20]
    S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);E:\Windows\system32\DRIVERS\tap0801co.sys [2006-08-31 02:47]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;E:\Windows\System32\TuneUpDefragService.exe [2008-03-27 11:47]
    S3 WMSvc;Service de gestion Web;E:\Windows\system32\inetsrv\wmsvc.exe [2008-01-18 23:33]
    S4 Anpe;FireDaemon Service: Anope;E:\Program Files\FireDaemon\FireDaemon.exe [2007-10-26 07:15]
    S4 NetMsmqActivator;Adaptateur d’écouteur Net.Msmq;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator []
    S4 NetPipeActivator;Adaptateur d’écouteur Net.Pipe;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]
    S4 NetTcpActivator;Adaptateur d’écouteur Net.Tcp;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LPDService REG_MULTI_SZ LPDSVC
    rsmsvcs REG_MULTI_SZ ntmssvc
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-14 01:28:46 E:\Windows\Tasks\GlaryInitialize.job"
    ??
    ? ??,\- E:\Program Files\Glary Utilities\initialize.exe
    "2008-06-14 02:00:00 E:\Windows\Tasks\Maintenance en 1 clic.job"
    - E:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    "2008-06-14 02:05:03 E:\Windows\Tasks\User_Feed_Synchronization-{A638CC2B-A99C-4834-89B0-DDEADE8E6FA6}.job"
    - E:\Windows\system32\msfeedssync.exe
    "2008-06-14 01:55:05 E:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    a b 8 Sécurité
    16 Juin 2008 11:01:29

    Tu peux me réexpliquer ton problème ? :/ 
    16 Juin 2008 13:20:27

    les icônes ne s'affichent plus dans l'explorateur (c'est totalement vide) y a que les noms qui apparaissent. De plus même avec ce problème généré par combfix, mon problème de spyware/virus n'est toujours pas corrigé ... Je commence vraiment à désespérer :( 
    a b 8 Sécurité
    16 Juin 2008 13:27:10

    Supprime ce fichier :
    E:\Windows\system32\CF8088.exe
    16 Juin 2008 14:48:07

    c'est tout ?
    a b 8 Sécurité
    16 Juin 2008 15:00:58

    Refais un scan Combofix, on va voir ce qu'il reste.
    17 Juin 2008 13:21:43

    ComboFix 08-06-12.2 - NY152 2008-06-16 15:13:42.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.998 [GMT 2:00]
    Endroit: E:\secur\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\Windows\Fonts\CALIBRIB.TTF
    H:\Autorun.inf
    .
    ---- Previous Run -------
    .
    E:\Windows\Fonts\CALIBRIB.TTF
    E:\Windows\mainms.vpi
    E:\Windows\megavid.cdt
    E:\Windows\muotr.so
    E:\Windows\System32\5753\22122.dll
    E:\Windows\system32\Cfx32.lic
    E:\Windows\system32\cfx32.ocx
    E:\Windows\system32\hljwugsf.bin
    E:\Windows\system32\instsrv.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER
    -------\Legacy_MSSECURITY1.209.4
    -------\Service_clbdriver
    -------\Service_iprip


    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Modèles
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Menu Démarrer
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Favoris
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Bureau
    2099-04-20 19:06 --------- d-sh--w E:\Program Files\Fichiers communs
    2008-06-16 13:13 39,038,752 -csha-w E:\Windows\system32\drivers\fidbox.dat
    2008-06-16 11:17 --------- dc----w E:\Program Files\Winamp Remote
    2008-06-16 04:09 --------- dc----w E:\ProgramData\Google Updater
    2008-06-16 02:28 354,388 -c-ha-w E:\Windows\system32\drivers\vsconfig.xml
    2008-06-16 02:23 545,948 -csha-w E:\Windows\system32\drivers\fidbox.idx
    2008-06-14 23:45 --------- dc----w E:\Program Files\OfflineList 0.7.2
    2008-06-14 02:50 --------- dc----w E:\Program Files\TuneUp Utilities 2008
    2008-06-14 02:49 354,560 -c--a-w E:\Windows\System32\TuneUpDefragService.exe
    2008-06-12 23:25 --------- dc----w E:\Program Files\Windows Mail
    2008-06-11 22:31 --------- dc----w E:\ProgramData\Malwarebytes
    2008-06-11 22:31 --------- dc----w E:\Program Files\Malwarebytes' Anti-Malware
    2008-06-10 17:02 34,296 -c--a-w E:\Windows\system32\drivers\mbamcatchme.sys
    2008-06-10 17:02 15,864 -c--a-w E:\Windows\system32\drivers\mbam.sys
    2008-06-10 14:01 --------- dc----w E:\Program Files\Symantec
    2008-06-10 12:39 --------- dc----w E:\ProgramData\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Common Files\Wise Installation Wizard
    2008-06-10 10:30 --------- dc----w E:\Program Files\Windows Live Safety Center
    2008-06-09 14:45 3,085,824 -c--a-w E:\Windows\Internet Logs\xDBA302.tmp
    2008-06-08 09:53 3,082,752 -c--a-w E:\Windows\Internet Logs\xDB8767.tmp
    2008-06-07 01:24 --------- dc----w E:\Program Files\Glary Utilities
    2008-06-05 13:58 --------- dc----w E:\Program Files\Zone Labs
    2008-06-04 02:59 --------- dc----w E:\Program Files\Chaos Shredder2.3FR
    2008-06-04 01:38 --------- dc----w E:\Program Files\RamBoost XP
    2008-06-04 01:03 --------- dc----w E:\ProgramData\Spybot - Search & Destroy
    2008-06-04 00:26 806 -c--a-w E:\Windows\system32\drivers\SYMEVENT.INF
    2008-06-04 00:26 123,952 -c--a-w E:\Windows\system32\drivers\SYMEVENT.SYS
    2008-06-04 00:26 10,652 -c--a-w E:\Windows\system32\drivers\SYMEVENT.CAT
    2008-06-04 00:26 --------- dc----w E:\ProgramData\Symantec
    2008-06-04 00:26 --------- dc----w E:\Program Files\Common Files\Symantec Shared
    2008-06-04 00:25 --------- dc----w E:\Program Files\Norton AntiVirus
    2008-06-03 22:02 --------- dc----w E:\Program Files\Security Task Manager
    2008-06-03 21:55 --------- dc----w E:\ProgramData\SecTaskMan
    2008-06-03 11:14 --------- dc----w E:\Program Files\CCleaner
    2008-05-30 01:21 --------- dc----w E:\Program Files\MeuhMeuhTV
    2008-05-29 10:41 --------- dc----w E:\ProgramData\eMule
    2008-05-29 10:39 --------- dc----w E:\Program Files\eMule
    2008-05-28 09:38 --------- dc----w E:\ProgramData\ma-config.com
    2008-05-28 09:35 --------- dc----w E:\Program Files\ma-config.com
    2008-05-28 00:27 --------- dc----w E:\Program Files\Common Files\TerraTec
    2008-05-27 23:59 --------- dc----w E:\ProgramData\VMware
    2008-05-27 23:59 --------- dc----w E:\Program Files\VMware
    2008-05-27 23:34 --------- dc----w E:\Program Files\TerraTec
    2008-05-27 23:23 --------- dc----w E:\ProgramData\TerraTec
    2008-05-27 21:26 319,456 -c--a-w E:\Windows\DIFxAPI.dll
    2008-05-27 21:26 --------- dc----w E:\Program Files\Realtek
    2008-05-27 20:48 --------- dc----w E:\Program Files\Intel
    2008-05-26 11:45 --------- dc----w E:\Program Files\NewsSearcher
    2008-05-26 11:26 --------- dc----w E:\Program Files\NewsLeecher
    2008-05-23 02:49 --------- dc----w E:\Program Files\mIRC
    2008-05-22 00:15 --------- dc----w E:\Program Files\Notepad++
    2008-05-21 15:09 --------- dc----w E:\Program Files\DivX
    2008-05-21 02:04 --------- dc----w E:\ProgramData\CyberLink
    2008-05-21 01:48 --------- dc-h--w E:\Program Files\InstallShield Installation Information
    2008-05-21 01:48 --------- dc----w E:\Program Files\CyberLink
    2008-05-20 23:57 --------- dc----w E:\Program Files\MeuhMeuhTV Alpha
    2008-05-20 21:06 --------- dc----w E:\Program Files\ASUS
    2008-05-20 09:59 --------- dc----w E:\Program Files\Microsoft Silverlight
    2008-05-19 09:50 --------- dc----w E:\Program Files\K!TV
    2008-05-16 09:58 12,632 -c--a-w E:\Windows\System32\lsdelete.exe
    2008-05-13 01:53 524,288 -c--a-w E:\Windows\System32\DivXsm.exe
    2008-05-13 01:53 3,596,288 -c--a-w E:\Windows\System32\qt-dx331.dll
    2008-05-13 01:51 200,704 -c--a-w E:\Windows\System32\ssldivx.dll
    2008-05-13 01:51 1,044,480 -c--a-w E:\Windows\System32\libdivx.dll
    2008-05-13 01:49 161,096 -c--a-w E:\Windows\System32\DivXCodecVersionChecker.exe
    2008-05-13 01:49 12,288 -c--a-w E:\Windows\System32\DivXWMPExtType.dll
    2008-05-10 01:33 113,664 -c--a-w E:\Windows\system32\drivers\rmcast.sys
    2008-05-09 10:55 --------- dc----w E:\Program Files\The GodFather
    2008-05-08 02:33 --------- dc----w E:\Program Files\WinAce
    2008-05-07 12:00 --------- dc----w E:\Program Files\nxtvepg
    2008-04-29 09:20 15,648 -c--a-w E:\Windows\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 -c--a-w E:\Windows\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 -c--a-w E:\Windows\system32\drivers\Awrtpd.sys
    2008-04-27 23:20 --------- dc----w E:\Program Files\Smart Projects
    2008-04-26 08:08 1,314,816 -c--a-w E:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 -c--a-w E:\Windows\System32\wininet.dll
    2008-04-23 04:42 428,544 -c--a-w E:\Windows\System32\EncDec.dll
    2008-04-23 04:42 293,376 -c--a-w E:\Windows\System32\psisdecd.dll
    2008-04-22 09:59 --------- dc----w E:\Program Files\uTorrent
    2008-04-19 02:50 --------- dc----w E:\ProgramData\NVIDIA
    2008-04-12 01:17 174 --sha-w E:\Program Files\desktop.ini
    2008-04-12 00:43 82,432 ----a-w E:\Windows\System32\axaltocm.dll
    2008-04-12 00:43 101,888 ----a-w E:\Windows\System32\ifxcardm.dll
    2008-04-11 23:05 47,560 -c--a-w E:\Windows\System32\SPReview.exe
    2008-04-11 23:05 152,576 -c--a-w E:\Windows\System32\SPWizUI.dll
    2008-04-11 15:23 38,400 -c--a-w E:\Windows\System32\SoundSchemes.exe
    2008-04-06 23:35 32 -c--a-w E:\Users\All Users\ezsid.dat
    2008-04-06 23:35 32 -c--a-w E:\ProgramData\ezsid.dat
    2008-04-04 12:51 28,416 -c--a-w E:\Windows\System32\uxtuneup.dll
    2008-04-04 12:51 16,640 -c--a-w E:\Windows\System32\authuitu.dll
    2008-01-03 01:38 357 -c--a-w E:\Users\NY152\.cb_layout.bin
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-01-26 00:17 32,768 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-14_ 4.04.12.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-14 01:24:59 67,584 --s-a-w E:\Windows\bootstat.dat
    + 2008-06-16 02:27:12 67,584 --s-a-w E:\Windows\bootstat.dat
    + 2008-06-16 02:27:19 2,048 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-16 02:27:19 2,048 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-14 01:27:21 1,572,864 ----a-w E:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-16 02:36:21 1,572,864 ----a-w E:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-06-14 01:33:19 1,572,864 ----a-w E:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-16 02:36:16 1,572,864 ----a-w E:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-06-14 01:26:56 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-16 04:08:58 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-14 01:26:56 49,152 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-16 04:08:58 49,152 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-14 01:26:56 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-16 02:28:42 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-22 02:32:06 370,536 -c--a-w E:\Windows\System32\FNTCACHE.DAT
    + 2008-06-14 23:23:43 369,176 -c--a-w E:\Windows\System32\FNTCACHE.DAT
    - 2008-06-14 01:38:08 166,764 -c--a-w E:\Windows\System32\perfc009.dat
    + 2008-06-16 02:34:07 166,764 -c--a-w E:\Windows\System32\perfc009.dat
    - 2008-06-14 01:38:36 204,674 -c--a-w E:\Windows\System32\perfc00C.dat
    + 2008-06-16 02:34:07 204,674 -c--a-w E:\Windows\System32\perfc00C.dat
    - 2008-06-14 01:39:08 156,808 -c--a-w E:\Windows\System32\perfc011.dat
    + 2008-06-16 02:34:07 156,808 -c--a-w E:\Windows\System32\perfc011.dat
    - 2008-06-14 01:38:36 739,718 -c--a-w E:\Windows\System32\perfh009.dat
    + 2008-06-16 02:34:07 739,718 -c--a-w E:\Windows\System32\perfh009.dat
    - 2008-06-14 01:39:08 877,848 -c--a-w E:\Windows\System32\perfh00C.dat
    + 2008-06-16 02:34:07 877,848 -c--a-w E:\Windows\System32\perfh00C.dat
    - 2008-06-14 01:39:14 479,402 -c--a-w E:\Windows\System32\perfh011.dat
    + 2008-06-16 02:34:07 479,402 -c--a-w E:\Windows\System32\perfh011.dat
    - 2008-06-12 23:39:03 21,590 -c--a-w E:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2771707230-3443183479-2865194093-1000_UserData.bin
    + 2008-06-14 23:28:43 21,590 -c--a-w E:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2771707230-3443183479-2865194093-1000_UserData.bin
    - 2008-06-14 01:32:28 119,662 -c--a-w E:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-14 23:28:42 119,786 -c--a-w E:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-12 23:38:52 95,630 -c--a-w E:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-14 23:27:55 95,746 -c--a-w E:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-14 01:26:29 878,904 -c--a-w E:\Windows\System32\ZoneLabs\avsys\bases\sfdb.dat
    + 2008-06-16 13:05:02 880,080 -c--a-w E:\Windows\System32\ZoneLabs\avsys\bases\sfdb.dat
    - 2008-06-13 23:36:12 4,096 -c--a-w E:\Windows\System32\ZoneLabs\zlqrtdb.dat
    + 2008-06-16 13:13:52 5,632 -c--a-w E:\Windows\System32\ZoneLabs\zlqrtdb.dat
    - 2008-06-12 22:57:15 148,002,662 ----a-w E:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-06-16 01:06:52 148,008,298 ----a-w E:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a--c--- E:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "E:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]
    "swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 15:25 68856]
    "DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
    "uTorrent"="E:\Program Files\uTorrent\utorrent.exe" [2008-05-28 02:41 578864]
    "Orb"="E:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
    "Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Sidebar"="E:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "RamBoostXp"="E:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 22:48 1542144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
    "LanguageShortcut"="E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 19:11 4317184 E:\Windows\RtHDVCpl.exe]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "EasyPHP"="E:\Serveur\EasyPHP.exe" [2006-11-19 22:16 176128]
    "NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
    "WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
    "Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
    "Ai Quicker Help"="E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
    "NvSvc"="E:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
    "NvCplDaemon"="E:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
    "NvMediaCenter"="E:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
    "PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-12-27 14:59 151552]
    "ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
    "ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

    E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\787a3f10]
    E:\Users\NY152\AppData\Local\Temp\chphmkqm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc7cf3cef]
    E:\Users\NY152\AppData\Local\Temp\vdsyjmoe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
    E:\Users\NY152\AppData\Local\Temp\wvUnNhIc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
    E:\Users\NY152\AppData\Local\Temp\opnkkiHa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{BF108482-0EB1-489F-AADE-CF21E799BA35}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{5E2EA2AB-B51D-4901-808D-0188B094A0D2}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{6036C27F-2C69-4F0E-9467-9A7B4F094AB6}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{CDB1F895-43F9-4ADD-BA71-00CFFD204578}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{77B9CF9A-6195-4421-A6BE-E969B6AEBBA8}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{E35343D7-CA6B-4389-B3AB-60DDAA10B783}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{8121849D-149D-4F9B-BB61-4908B0C95A44}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{7C36667E-CC0A-45F1-9776-0668F1A8F5CA}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{3BF24B7E-BB90-4BEA-B366-81D75FBEB5D5}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{F7E930A0-C155-418D-97F0-7A3332E431CD}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{C89B7A1A-FEBE-4DFC-BA74-3953CCC598C7}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{E746E21C-0D38-4F58-B369-2C3BA817124F}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1BAC5483-03F4-4DEA-92D6-D79F38756751}E:\\program files\\unreal3.2\\wircd.exe"= UDP:E:\program files\unreal3.2\wircd.exe:wircd
    "UDP Query User{206347B2-86CF-4BF7-BDCA-6F10433F1E35}E:\\program files\\unreal3.2\\wircd.exe"= TCP:E:\program files\unreal3.2\wircd.exe:wircd
    "TCP Query User{7ABC444F-F385-4284-AC2A-62AEE8A5D32B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{C62DF5AE-83AA-4D73-9CD6-30C7302DF98F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1D77F2CA-5AB8-4D0B-9A81-76CE0BB5C840}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= UDP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{525AFBAD-CA53-453C-8458-9EE4D2938EEA}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= TCP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{E51E01AC-7DBB-4E80-83E4-20F2F617CAB6}E:\\users\\ny152\\desktop\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{B3A6761A-94CC-46C1-B379-14FD63C68FF0}E:\\users\\ny152\\desktop\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{62D1AE42-A86A-4B27-B564-E217B496CC60}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{D574DCFD-D4F9-4059-8E0D-B80C597F0C9F}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{30AA0849-56B8-414F-BF4A-A3F6256958F3}E:\\program files\\videolan\\vlc\\vlc.exe"= UDP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{A012963E-3C1D-409A-9EF6-AEB22A004D52}E:\\program files\\videolan\\vlc\\vlc.exe"= TCP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "{57281467-B851-4673-9267-CB11E511A877}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{F3E67344-4E87-48F8-910D-A8A16B66A19D}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{9A7B2ACF-0C12-457C-B338-36C445B78B7D}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{9F1AA51F-D75E-4564-9C81-130E05D0F20C}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{7361A0E7-FA1B-44D7-95A4-D662A1253220}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{3884E9E7-0625-48E9-80AE-3D2C723FADA1}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "TCP Query User{CE8A7024-6A04-4901-AE8A-192492F4880B}E:\\program files\\internet explorer\\iexplore.exe"= UDP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{343FEF9F-755B-4C26-A7F4-C2B693E5A092}E:\\program files\\internet explorer\\iexplore.exe"= TCP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{535A3916-9E01-4EC4-87CD-09076A9F6CBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7248E649-C78C-42A1-B2BE-EC2151F0774E}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{12EF46FB-B19C-402B-879C-12A681012303}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4DAF6DCC-763C-4BE0-820E-C0B8171091F5}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{97FEE673-E995-4430-91F2-721C820C4F84}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{3690E3C0-88BB-4515-9660-49415A3912B6}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= UDP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "UDP Query User{8C5409D3-3360-4217-82BB-9ECBED307AA1}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= TCP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "{8C34C0E7-1434-4A56-A687-29DA492F432D}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{48E4740F-D961-4B70-9217-76A67F4D517D}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{23A0E2C6-FFAE-4A51-A876-1BC0A5885620}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{DE5769B6-FDC1-42E1-9EE2-9B5155195DAC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{ED8DB0BA-2580-4247-8FE4-165719244164}"= Disabled:UDP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "{BEA63001-DEB8-4A91-9A7D-57C32E98E942}"= Disabled:TCP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "TCP Query User{BF4160A8-1F42-4F8D-9B9E-905606878940}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{61952E4E-2E7D-4872-9151-3A7758E92DD1}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{4C7020A9-5D11-47D7-931B-613D100638FE}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{4055A7AB-D721-473C-9907-CDB3C8B71E01}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "{033FD465-402E-4E79-B9F3-22A63EA418DA}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{0425EAEE-64CC-446F-92F3-36ECA5CEB4B8}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{97FAA0C1-A1E2-4B8D-B209-B0F63B382DBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{6091B6EC-4000-4408-AD08-1283F8BAE28E}E:\\serveur\\apache2.2\\bin\\httpd.exe"= UDP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "UDP Query User{57E0CA7F-C04A-4D9E-B22C-B7DF0D3654EC}E:\\serveur\\apache2.2\\bin\\httpd.exe"= TCP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "TCP Query User{C1352992-04C7-4671-9A9D-56E04C74502E}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{AC233DCD-27C1-4D5C-BC02-AF552515FB62}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "{1B62CF7C-7848-4A19-9AD5-07997FA782A0}"= UDP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3C5685E5-F81B-4FE4-B64B-34DEDB9472D6}"= TCP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3B85895E-52DE-4DB6-B75E-7C39BB71B876}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{3B9A2DCE-B8F1-4E3B-A966-CD366DD55576}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{52B1C107-FCD7-4284-9D4D-0840CFD28004}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{F1F60DCE-8C96-4733-B0A0-C91D0F351197}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{B877EB90-2DC7-4245-AC6D-23E7375261E8}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{B1984769-D95C-47BB-B6DC-99E78CFE4910}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{EF04462F-7644-4150-BFCF-01959EADFFAD}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{398AFF56-31A0-4305-9F3F-457719EF4588}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "TCP Query User{F93088E5-D9CC-47EC-8ADA-98DC0B754A77}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{A16B396C-3E93-4C56-AF6D-E489FC1F34CF}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "TCP Query User{263D8921-BF49-40CD-A97D-92F88DE5DCB2}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{01333779-E687-44DD-8F77-30ABC03108C3}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{5D856332-1710-4495-9BBE-C6A573C135EF}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{A355CB1C-B6D4-4D5A-AF94-808770A35EC2}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{1F9ADF6A-38C0-41C0-8813-5E2FEB5E090F}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= UDP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "UDP Query User{C31033FA-3A31-4651-842A-BB89E424FFCF}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= TCP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "{E990B999-A5F1-4CEE-AF35-77E920031EAD}"= UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{29421688-02DF-4D2C-80F3-B14A6D02CEBF}"= TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{BAF1C9A1-0DD4-4E61-91D9-8A9E18078177}"= UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{A4C8553C-F26A-42A6-B6F4-D13591ADD17B}"= TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{1A364CE3-2EFC-4FBD-8E17-9FA95FC20DFD}"= UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{DCB1D536-574A-4CCA-94C1-6F609C9E4C68}"= TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "TCP Query User{1CFC8655-E452-4BB6-8F96-E30137A1DF6C}E:\\eduke32\\eduke32.exe"= UDP:E:\eduke32\eduke32.exe:eduke32
    "UDP Query User{FFEE7B37-C254-4F63-A6FD-B7484A3F18A6}E:\\eduke32\\eduke32.exe"= TCP:E:\eduke32\eduke32.exe:eduke32
    "TCP Query User{E7F1BC1D-C519-47E0-8D35-71BF7FCA5CB3}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= UDP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "UDP Query User{0C77D81D-EC4C-4ACB-97D5-D6D1C657BCF1}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= TCP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "TCP Query User{87606A35-95F5-430C-B88B-11EC44394F08}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= UDP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "UDP Query User{3C52B43C-4AD8-47F9-A5F9-0688C11515F2}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= TCP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "TCP Query User{E34BE81F-25B0-4BAE-B2A9-A5FC8EA59523}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= UDP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "UDP Query User{79042002-884D-423C-BC23-661570F8C127}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= TCP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "TCP Query User{D195EEAF-AC90-4A2E-87AE-ACF73B7B08EF}E:\\windows\\system32\\qpsvoo.exe"= UDP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "UDP Query User{E7AAD6C5-8A7C-44E7-AC3F-325E41BD34D1}E:\\windows\\system32\\qpsvoo.exe"= TCP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "TCP Query User{2332811E-5B4E-4FF5-A244-7163C6AB0DC3}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= UDP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "UDP Query User{30BAE46F-1FF7-4EF4-B0E3-0709937A03F4}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= TCP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "TCP Query User{3E75310D-B195-40F0-B66B-D653EE9DCA8E}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{BFEB257D-F580-463B-B24C-D81CED128C11}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{285D087E-7B68-49F9-BC47-1D8E5FBD5B84}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= UDP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "UDP Query User{582D5485-5042-4A48-B2A7-043B53882F65}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= TCP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "TCP Query User{9AC8D1FE-AFBE-4553-A03C-382AEF14C965}E:\\mercury\\mercury.exe"= UDP:E:\mercury\mercury.exe:Mercury
    "UDP Query User{F78C7F63-A1EB-4AD6-95D2-6622239E6EC7}E:\\mercury\\mercury.exe"= TCP:E:\mercury\mercury.exe:Mercury
    "{A47892DC-A151-432B-9C37-8BF6EDD4CAC1}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{289172A3-A9FA-4420-BD6D-85E44316330E}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{5550D1B8-1431-49C1-9079-57B20A438653}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{2F1C87B5-7D9C-4EB1-9371-868201F57C80}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{6BBE53F7-34CE-4B41-B2BF-78BB67B7193B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{9D62AE26-7919-4921-9CF4-A9E3F0EEEC4D}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{52BECF7C-5431-497C-92ED-BB128872392B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{D495DF5D-8320-48E9-B1E0-1601941E8261}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{772B2805-038A-44AD-B4B2-592C4A8CA178}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{DA4537A3-1256-4D19-ACBA-9B92825216E7}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{63DED16A-31F5-4D2F-8D52-2AB8731BE3C9}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
    "{A9E5BE9B-7ADC-49AA-BE3D-F889FAD14197}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
    "{C28AB1B6-0864-44A1-90A7-DBFEC37090A3}"= UDP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{9F5F419B-FF86-4AE7-A39B-A6513A718112}"= TCP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{37BE5547-6AEE-4C1E-A6D0-10484950E172}"= E:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
    "{EFA3DF9B-160B-4553-8E18-C916714D010B}"= UDP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{4BFA3486-4957-4FBF-BA4F-B6E2885BDB54}"= TCP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{5C5AFEC0-FB88-4F88-80BD-CF4F0B161D06}"= UDP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{043283F1-31A1-4526-AF5B-5F610121E88E}"= TCP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{8F9AE586-E1D8-41E6-88E0-29E58DE73970}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{C602A709-0DC3-4085-A2FE-18F5456E41AC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{8139EE5A-37D7-4BAE-9B86-468672149B59}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{51A1743A-F55F-4E5C-A6B9-954845920D06}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{11A3D272-C452-4C7E-98AF-31F726DDDBF4}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{33F1C391-9B29-4217-BAE9-6966EC403252}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{D504C1F7-7975-4D9F-AD45-CA141961BC61}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{69C21C20-7131-40F2-BD2B-E4A08B740EAB}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{FD8A2F82-924D-4816-B34F-C76C8AB546DF}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{9075CCCC-E727-42D9-B75B-CE876D313912}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{FFF69D78-9A32-479D-ADA4-D9A99381276E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{7DDCFB4D-D006-46D6-91DB-3ABE6E8B8F87}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{D57A05DC-E1BF-4E18-BBFB-AD42D3EC6A96}"= UDP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{08FB3232-1500-42A4-BB22-4DFF89D8F90C}"= TCP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{9B98C63D-2569-4752-BB90-076A040395B3}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{1AD1D7BF-E96F-4AE2-81EA-C528B6A4D016}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
    "Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 hotcore3;hotcore3;E:\Windows\system32\drivers\hotcore3.sys [2007-03-07 14:27]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
    R2 EAPPkt;Realtek EAPPkt Protocol;E:\Windows\system32\DRIVERS\EAPPkt.sys [2007-03-09 15:29]
    R2 hMailServer;hMailServer;E:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
    R2 hMailServerMySQL;hMailServerMySQL;"E:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=E:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
    R2 NfsClnt;Client pour NFS;E:\Windows\system32\nfsclnt.exe [2008-01-18 23:33]
    R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 UxTuneUp;TuneUp Extension de thème;E:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;E:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 NfsRdr;Redirecteur du service Client pour NFS;E:\Windows\system32\drivers\nfsrdr.sys [2008-01-18 21:28]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;E:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
    R3 PsxDrv;PsxDrv;E:\Windows\system32\drivers\psxdrv.sys [2008-01-18 21:35]
    R3 RpcXdr;ONCRPC (Open RPC) du service Serveur pour NFS;E:\Windows\system32\drivers\rpcxdr.sys [2008-01-18 21:29]
    R3 vvftav;vvftav;E:\Windows\system32\drivers\vvftav.sys [2007-02-02 22:38]
    R3 xpvcom;XPVCOM Port;E:\Windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 03:00]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;E:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    R3 ZSMC0305;USB PC Camera VC305;E:\Windows\system32\Drivers\usbVM305.sys [2007-03-08 20:05]
    S0 OemBiosDevice;Royalty OEM Bios Extension;E:\Windows\system32\drivers\royal.sys [2007-12-21 02:11]
    S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);E:\Windows\system32\Drivers\ezusb.sys [2003-04-04 03:53]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezusb2.sys);E:\Windows\system32\Drivers\ezusb2.sys [2003-04-04 03:53]
    S3 3xHybrid;3xHybrid service;E:\Windows\system32\DRIVERS\3xHybrid.sys [2005-05-03 10:25]
    S3 maconfservice;Ma-Config Service;"E:\Program Files\ma-config.com\maconfservice.exe" [2008-05-23 18:37]
    S3 NPF;NetGroup Packet Filter Driver;E:\Windows\system32\drivers\npf.sys [2007-06-29 02:01]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;E:\Windows\system32\DRIVERS\RTL8187.sys [2007-03-13 12:20]
    S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);E:\Windows\system32\DRIVERS\tap0801co.sys [2006-08-31 02:47]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;E:\Windows\System32\TuneUpDefragService.exe [2008-06-14 04:49]
    S3 WMSvc;Service de gestion Web;E:\Windows\system32\inetsrv\wmsvc.exe [2008-01-18 23:33]
    S4 Anpe;FireDaemon Service: Anope;E:\Program Files\FireDaemon\FireDaemon.exe [2007-10-26 07:15]
    S4 NetMsmqActivator;Adaptateur d’écouteur Net.Msmq;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator []
    S4 NetPipeActivator;Adaptateur d’écouteur Net.Pipe;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]
    S4 NetTcpActivator;Adaptateur d’écouteur Net.Tcp;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LPDService REG_MULTI_SZ LPDSVC
    rsmsvcs REG_MULTI_SZ ntmssvc
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b003888-7bd9-11dc-996a-806e6f6e6963}]
    \shell\AutoRun\command - L:\setup.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-16 11:16:52 E:\Windows\Tasks\GlaryInitialize.job"
    - E:\Program Files\Glary Utilities\initialize.exe
    "2008-06-16 13:00:00 E:\Windows\Tasks\Maintenance en 1 clic.job"
    - E:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    "2008-06-16 13:35:00 E:\Windows\Tasks\User_Feed_Synchronization-{A638CC2B-A99C-4834-89B0-DDEADE8E6FA6}.job"
    - E:\Windows\system32\msfeedssync.exe
    "2008-06-16 12:55:00 E:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - E:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-16 15:27:34
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-16 15:36:45
    ComboFix-quarantined-files.txt 2008-06-16 13:36:05

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    456 --- E O F --- 2008-06-12 23:19:50
    a b 8 Sécurité
    17 Juin 2008 14:35:15

    Pas grand chose.

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\787a3f10]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc7cf3cef]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    17 Juin 2008 19:00:16

    Rapport ComboFix :

    ComboFix 08-06-12.2 - NY152 2008-06-17 18:27:07.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.849 [GMT 2:00]
    Endroit: E:\secur\ComboFix.exe
    Command switches used :: E:\secur\CFScript.txt
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Modèles
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Menu Démarrer
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Favoris
    2099-04-20 19:06 --------- d-sh--w E:\ProgramData\Bureau
    2099-04-20 19:06 --------- d-sh--w E:\Program Files\Fichiers communs
    2008-06-17 16:06 39,216,160 -csha-w E:\Windows\system32\drivers\fidbox.dat
    2008-06-17 14:33 --------- dc----w E:\Program Files\Winamp Remote
    2008-06-17 14:09 354,388 -c-ha-w E:\Windows\system32\drivers\vsconfig.xml
    2008-06-17 14:04 548,876 -csha-w E:\Windows\system32\drivers\fidbox.idx
    2008-06-17 13:59 --------- dc----w E:\Program Files\DivX
    2008-06-17 05:09 --------- dc----w E:\ProgramData\Google Updater
    2008-06-17 02:33 --------- dc----w E:\Program Files\RamBoost XP
    2008-06-14 23:45 --------- dc----w E:\Program Files\OfflineList 0.7.2
    2008-06-14 02:50 --------- dc----w E:\Program Files\TuneUp Utilities 2008
    2008-06-14 02:49 354,560 -c--a-w E:\Windows\System32\TuneUpDefragService.exe
    2008-06-12 23:25 --------- dc----w E:\Program Files\Windows Mail
    2008-06-11 22:31 --------- dc----w E:\ProgramData\Malwarebytes
    2008-06-11 22:31 --------- dc----w E:\Program Files\Malwarebytes' Anti-Malware
    2008-06-10 17:02 34,296 -c--a-w E:\Windows\system32\drivers\mbamcatchme.sys
    2008-06-10 17:02 15,864 -c--a-w E:\Windows\system32\drivers\mbam.sys
    2008-06-10 14:01 --------- dc----w E:\Program Files\Symantec
    2008-06-10 12:39 --------- dc----w E:\ProgramData\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Lavasoft
    2008-06-10 12:39 --------- dc----w E:\Program Files\Common Files\Wise Installation Wizard
    2008-06-10 10:30 --------- dc----w E:\Program Files\Windows Live Safety Center
    2008-06-09 14:45 3,085,824 -c--a-w E:\Windows\Internet Logs\xDBA302.tmp
    2008-06-08 09:53 3,082,752 -c--a-w E:\Windows\Internet Logs\xDB8767.tmp
    2008-06-07 01:24 --------- dc----w E:\Program Files\Glary Utilities
    2008-06-05 13:58 --------- dc----w E:\Program Files\Zone Labs
    2008-06-04 02:59 --------- dc----w E:\Program Files\Chaos Shredder2.3FR
    2008-06-04 01:03 --------- dc----w E:\ProgramData\Spybot - Search & Destroy
    2008-06-04 00:26 806 -c--a-w E:\Windows\system32\drivers\SYMEVENT.INF
    2008-06-04 00:26 123,952 -c--a-w E:\Windows\system32\drivers\SYMEVENT.SYS
    2008-06-04 00:26 10,652 -c--a-w E:\Windows\system32\drivers\SYMEVENT.CAT
    2008-06-04 00:26 --------- dc----w E:\ProgramData\Symantec
    2008-06-04 00:26 --------- dc----w E:\Program Files\Common Files\Symantec Shared
    2008-06-04 00:25 --------- dc----w E:\Program Files\Norton AntiVirus
    2008-06-03 22:02 --------- dc----w E:\Program Files\Security Task Manager
    2008-06-03 21:55 --------- dc----w E:\ProgramData\SecTaskMan
    2008-06-03 11:14 --------- dc----w E:\Program Files\CCleaner
    2008-05-30 23:22 823,296 -c--a-w E:\Windows\System32\divx_xx0c.dll
    2008-05-30 23:22 823,296 -c--a-w E:\Windows\System32\divx_xx07.dll
    2008-05-30 23:22 815,104 -c--a-w E:\Windows\System32\divx_xx0a.dll
    2008-05-30 23:22 802,816 -c--a-w E:\Windows\System32\divx_xx11.dll
    2008-05-30 23:22 683,520 -c--a-w E:\Windows\System32\DivX.dll
    2008-05-30 23:22 593,920 -c--a-w E:\Windows\System32\dpuGUI11.dll
    2008-05-30 23:22 57,344 -c--a-w E:\Windows\System32\dpv11.dll
    2008-05-30 23:22 53,248 -c--a-w E:\Windows\System32\dpuGUI10.dll
    2008-05-30 23:22 344,064 -c--a-w E:\Windows\System32\dpus11.dll
    2008-05-30 23:22 294,912 -c--a-w E:\Windows\System32\dpu11.dll
    2008-05-30 23:22 294,912 -c--a-w E:\Windows\System32\dpu10.dll
    2008-05-30 01:21 --------- dc----w E:\Program Files\MeuhMeuhTV
    2008-05-29 10:41 --------- dc----w E:\ProgramData\eMule
    2008-05-29 10:39 --------- dc----w E:\Program Files\eMule
    2008-05-28 09:38 --------- dc----w E:\ProgramData\ma-config.com
    2008-05-28 09:35 --------- dc----w E:\Program Files\ma-config.com
    2008-05-28 00:27 --------- dc----w E:\Program Files\Common Files\TerraTec
    2008-05-27 23:59 --------- dc----w E:\ProgramData\VMware
    2008-05-27 23:59 --------- dc----w E:\Program Files\VMware
    2008-05-27 23:34 --------- dc----w E:\Program Files\TerraTec
    2008-05-27 23:23 --------- dc----w E:\ProgramData\TerraTec
    2008-05-27 21:26 319,456 -c--a-w E:\Windows\DIFxAPI.dll
    2008-05-27 21:26 --------- dc----w E:\Program Files\Realtek
    2008-05-27 20:48 --------- dc----w E:\Program Files\Intel
    2008-05-26 11:45 --------- dc----w E:\Program Files\NewsSearcher
    2008-05-26 11:26 --------- dc----w E:\Program Files\NewsLeecher
    2008-05-23 02:49 --------- dc----w E:\Program Files\mIRC
    2008-05-22 22:22 524,288 -c--a-w E:\Windows\System32\DivXsm.exe
    2008-05-22 22:22 3,596,288 -c--a-w E:\Windows\System32\qt-dx331.dll
    2008-05-22 22:20 200,704 -c--a-w E:\Windows\System32\ssldivx.dll
    2008-05-22 22:20 1,044,480 -c--a-w E:\Windows\System32\libdivx.dll
    2008-05-22 22:19 81,920 -c--a-w E:\Windows\System32\dpl100.dll
    2008-05-22 22:19 196,608 -c--a-w E:\Windows\System32\dtu100.dll
    2008-05-22 22:19 161,096 -c--a-w E:\Windows\System32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 -c--a-w E:\Windows\System32\DivXWMPExtType.dll
    2008-05-22 00:15 --------- dc----w E:\Program Files\Notepad++
    2008-05-21 02:04 --------- dc----w E:\ProgramData\CyberLink
    2008-05-21 01:48 --------- dc-h--w E:\Program Files\InstallShield Installation Information
    2008-05-21 01:48 --------- dc----w E:\Program Files\CyberLink
    2008-05-20 23:57 --------- dc----w E:\Program Files\MeuhMeuhTV Alpha
    2008-05-20 21:06 --------- dc----w E:\Program Files\ASUS
    2008-05-20 09:59 --------- dc----w E:\Program Files\Microsoft Silverlight
    2008-05-19 09:50 --------- dc----w E:\Program Files\K!TV
    2008-05-16 09:58 12,632 -c--a-w E:\Windows\System32\lsdelete.exe
    2008-05-10 01:33 113,664 -c--a-w E:\Windows\system32\drivers\rmcast.sys
    2008-05-09 10:55 --------- dc----w E:\Program Files\The GodFather
    2008-05-08 02:33 --------- dc----w E:\Program Files\WinAce
    2008-05-07 12:00 --------- dc----w E:\Program Files\nxtvepg
    2008-04-29 09:20 15,648 -c--a-w E:\Windows\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 -c--a-w E:\Windows\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 -c--a-w E:\Windows\system32\drivers\Awrtpd.sys
    2008-04-27 23:20 --------- dc----w E:\Program Files\Smart Projects
    2008-04-26 08:08 1,314,816 -c--a-w E:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 -c--a-w E:\Windows\System32\wininet.dll
    2008-04-23 04:42 428,544 -c--a-w E:\Windows\System32\EncDec.dll
    2008-04-23 04:42 293,376 -c--a-w E:\Windows\System32\psisdecd.dll
    2008-04-22 09:59 --------- dc----w E:\Program Files\uTorrent
    2008-04-19 02:50 --------- dc----w E:\ProgramData\NVIDIA
    2008-04-12 01:17 174 --sha-w E:\Program Files\desktop.ini
    2008-04-12 00:43 82,432 ----a-w E:\Windows\System32\axaltocm.dll
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-01-26 00:17 32,768 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-01-26 00:17 16,384 -csha-w E:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-06-16_15.33.46.96 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-16 02:27:12 67,584 --s-a-w E:\Windows\bootstat.dat
    + 2008-06-17 14:08:41 67,584 --s-a-w E:\Windows\bootstat.dat
    - 2008-06-16 02:36:21 1,572,864 ----a-w E:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-17 14:18:04 1,572,864 ----a-w E:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-06-16 02:36:16 1,572,864 ----a-w E:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-17 14:17:59 1,572,864 ----a-w E:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-06-16 04:08:58 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-17 14:10:32 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-16 04:08:58 49,152 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-17 14:10:32 49,152 -csha-w E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-16 02:28:42 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-17 14:10:25 32,768 -csha-w E:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-16 02:34:07 166,764 -c--a-w E:\Windows\System32\perfc009.dat
    + 2008-06-17 14:15:44 166,764 -c--a-w E:\Windows\System32\perfc009.dat
    - 2008-06-16 02:34:07 204,674 -c--a-w E:\Windows\System32\perfc00C.dat
    + 2008-06-17 14:15:44 204,674 -c--a-w E:\Windows\System32\perfc00C.dat
    - 2008-06-16 02:34:07 156,808 -c--a-w E:\Windows\System32\perfc011.dat
    + 2008-06-17 14:15:45 156,808 -c--a-w E:\Windows\System32\perfc011.dat
    - 2008-06-16 02:34:07 739,718 -c--a-w E:\Windows\System32\perfh009.dat
    + 2008-06-17 14:15:44 739,718 -c--a-w E:\Windows\System32\perfh009.dat
    - 2008-06-16 02:34:07 877,848 -c--a-w E:\Windows\System32\perfh00C.dat
    + 2008-06-17 14:15:44 877,848 -c--a-w E:\Windows\System32\perfh00C.dat
    - 2008-06-16 02:34:07 479,402 -c--a-w E:\Windows\System32\perfh011.dat
    + 2008-06-17 14:15:45 479,402 -c--a-w E:\Windows\System32\perfh011.dat
    - 2008-06-14 23:28:43 21,590 -c--a-w E:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2771707230-3443183479-2865194093-1000_UserData.bin
    + 2008-06-17 14:36:07 21,590 -c--a-w E:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2771707230-3443183479-2865194093-1000_UserData.bin
    - 2008-06-14 23:28:42 119,786 -c--a-w E:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-17 14:34:57 120,042 -c--a-w E:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-14 23:27:55 95,746 -c--a-w E:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-17 14:33:50 95,794 -c--a-w E:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-16 13:05:02 880,080 -c--a-w E:\Windows\System32\ZoneLabs\avsys\bases\sfdb.dat
    + 2008-06-17 14:10:23 878,232 -c--a-w E:\Windows\System32\ZoneLabs\avsys\bases\sfdb.dat
    - 2008-06-16 13:13:52 5,632 -c--a-w E:\Windows\System32\ZoneLabs\zlqrtdb.dat
    + 2008-06-17 16:27:25 7,168 -c--a-w E:\Windows\System32\ZoneLabs\zlqrtdb.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a--c--- E:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "E:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]
    "swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 15:25 68856]
    "DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
    "uTorrent"="E:\Program Files\uTorrent\utorrent.exe" [2008-05-28 02:41 578864]
    "Orb"="E:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
    "Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Sidebar"="E:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
    "RamBoostXp"="E:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 22:48 1542144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
    "LanguageShortcut"="E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 19:11 4317184 E:\Windows\RtHDVCpl.exe]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "EasyPHP"="E:\Serveur\EasyPHP.exe" [2006-11-19 22:16 176128]
    "NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
    "WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
    "Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
    "Ai Quicker Help"="E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
    "NvSvc"="E:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
    "NvCplDaemon"="E:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
    "NvMediaCenter"="E:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
    "PCMService"="E:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-12-27 14:59 151552]
    "ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
    "ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

    E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{BF108482-0EB1-489F-AADE-CF21E799BA35}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{5E2EA2AB-B51D-4901-808D-0188B094A0D2}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{6036C27F-2C69-4F0E-9467-9A7B4F094AB6}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{CDB1F895-43F9-4ADD-BA71-00CFFD204578}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{77B9CF9A-6195-4421-A6BE-E969B6AEBBA8}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{E35343D7-CA6B-4389-B3AB-60DDAA10B783}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{8121849D-149D-4F9B-BB61-4908B0C95A44}E:\\program files\\emule\\emule.exe"= UDP:E:\program files\emule\emule.exe:eMule
    "UDP Query User{7C36667E-CC0A-45F1-9776-0668F1A8F5CA}E:\\program files\\emule\\emule.exe"= TCP:E:\program files\emule\emule.exe:eMule
    "TCP Query User{3BF24B7E-BB90-4BEA-B366-81D75FBEB5D5}E:\\program files\\newssearcher\\newssearcher.exe"= UDP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "UDP Query User{F7E930A0-C155-418D-97F0-7A3332E431CD}E:\\program files\\newssearcher\\newssearcher.exe"= TCP:E:\program files\newssearcher\newssearcher.exe:NewsSearcher
    "TCP Query User{C89B7A1A-FEBE-4DFC-BA74-3953CCC598C7}E:\\program files\\mirc\\mirc.exe"= UDP:E:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{E746E21C-0D38-4F58-B369-2C3BA817124F}E:\\program files\\mirc\\mirc.exe"= TCP:E:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1BAC5483-03F4-4DEA-92D6-D79F38756751}E:\\program files\\unreal3.2\\wircd.exe"= UDP:E:\program files\unreal3.2\wircd.exe:wircd
    "UDP Query User{206347B2-86CF-4BF7-BDCA-6F10433F1E35}E:\\program files\\unreal3.2\\wircd.exe"= TCP:E:\program files\unreal3.2\wircd.exe:wircd
    "TCP Query User{7ABC444F-F385-4284-AC2A-62AEE8A5D32B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{C62DF5AE-83AA-4D73-9CD6-30C7302DF98F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{1D77F2CA-5AB8-4D0B-9A81-76CE0BB5C840}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= UDP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{525AFBAD-CA53-453C-8458-9EE4D2938EEA}E:\\users\\ny152\\appdata\\local\\temp\\rar$ex00.922\\ps3proxy.exe"= TCP:E:\users\ny152\appdata\local\temp\rar$ex00.922\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{E51E01AC-7DBB-4E80-83E4-20F2F617CAB6}E:\\users\\ny152\\desktop\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{B3A6761A-94CC-46C1-B379-14FD63C68FF0}E:\\users\\ny152\\desktop\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{62D1AE42-A86A-4B27-B564-E217B496CC60}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{D574DCFD-D4F9-4059-8E0D-B80C597F0C9F}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{30AA0849-56B8-414F-BF4A-A3F6256958F3}E:\\program files\\videolan\\vlc\\vlc.exe"= UDP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{A012963E-3C1D-409A-9EF6-AEB22A004D52}E:\\program files\\videolan\\vlc\\vlc.exe"= TCP:E:\program files\videolan\vlc\vlc.exe:VLC media player
    "{57281467-B851-4673-9267-CB11E511A877}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{F3E67344-4E87-48F8-910D-A8A16B66A19D}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{9A7B2ACF-0C12-457C-B338-36C445B78B7D}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{9F1AA51F-D75E-4564-9C81-130E05D0F20C}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{7361A0E7-FA1B-44D7-95A4-D662A1253220}"= UDP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "{3884E9E7-0625-48E9-80AE-3D2C723FADA1}"= TCP:E:\Windows\System32\mqsvc.exe:Message Queuing
    "TCP Query User{CE8A7024-6A04-4901-AE8A-192492F4880B}E:\\program files\\internet explorer\\iexplore.exe"= UDP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{343FEF9F-755B-4C26-A7F4-C2B693E5A092}E:\\program files\\internet explorer\\iexplore.exe"= TCP:E:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{535A3916-9E01-4EC4-87CD-09076A9F6CBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7248E649-C78C-42A1-B2BE-EC2151F0774E}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{12EF46FB-B19C-402B-879C-12A681012303}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4DAF6DCC-763C-4BE0-820E-C0B8171091F5}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{97FEE673-E995-4430-91F2-721C820C4F84}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{3690E3C0-88BB-4515-9660-49415A3912B6}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= UDP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "UDP Query User{8C5409D3-3360-4217-82BB-9ECBED307AA1}E:\\program files\\pimpware\\pimpstreamer\\pimpstreamer.exe"= TCP:E:\program files\pimpware\pimpstreamer\pimpstreamer.exe:p impStreamer, Streams video from PC to PSP Realtime!
    "{8C34C0E7-1434-4A56-A687-29DA492F432D}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{48E4740F-D961-4B70-9217-76A67F4D517D}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{23A0E2C6-FFAE-4A51-A876-1BC0A5885620}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{DE5769B6-FDC1-42E1-9EE2-9B5155195DAC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{ED8DB0BA-2580-4247-8FE4-165719244164}"= Disabled:UDP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "{BEA63001-DEB8-4A91-9A7D-57C32E98E942}"= Disabled:TCP:E:\Users\NY152\Downloads\incredimail_install.exe:IncrediMail Installer
    "TCP Query User{BF4160A8-1F42-4F8D-9B9E-905606878940}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= UDP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "UDP Query User{61952E4E-2E7D-4872-9151-3A7758E92DD1}E:\\users\\ny152\\desktop\\divers\\ps3proxy.exe"= TCP:E:\users\ny152\desktop\divers\ps3proxy.exe:p s3proxy.exe
    "TCP Query User{4C7020A9-5D11-47D7-931B-613D100638FE}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{4055A7AB-D721-473C-9907-CDB3C8B71E01}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "{033FD465-402E-4E79-B9F3-22A63EA418DA}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{0425EAEE-64CC-446F-92F3-36ECA5CEB4B8}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{97FAA0C1-A1E2-4B8D-B209-B0F63B382DBC}"= E:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{6091B6EC-4000-4408-AD08-1283F8BAE28E}E:\\serveur\\apache2.2\\bin\\httpd.exe"= UDP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "UDP Query User{57E0CA7F-C04A-4D9E-B22C-B7DF0D3654EC}E:\\serveur\\apache2.2\\bin\\httpd.exe"= TCP:E:\serveur\apache2.2\bin\httpd.exe:Apache HTTP Server
    "TCP Query User{C1352992-04C7-4671-9A9D-56E04C74502E}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{AC233DCD-27C1-4D5C-BC02-AF552515FB62}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "{1B62CF7C-7848-4A19-9AD5-07997FA782A0}"= UDP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3C5685E5-F81B-4FE4-B64B-34DEDB9472D6}"= TCP:E:\Program Files\iTunes\iTunes.exe:iTunes
    "{3B85895E-52DE-4DB6-B75E-7C39BB71B876}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{3B9A2DCE-B8F1-4E3B-A966-CD366DD55576}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{52B1C107-FCD7-4284-9D4D-0840CFD28004}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{F1F60DCE-8C96-4733-B0A0-C91D0F351197}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{B877EB90-2DC7-4245-AC6D-23E7375261E8}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{B1984769-D95C-47BB-B6DC-99E78CFE4910}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{EF04462F-7644-4150-BFCF-01959EADFFAD}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{398AFF56-31A0-4305-9F3F-457719EF4588}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "TCP Query User{F93088E5-D9CC-47EC-8ADA-98DC0B754A77}E:\\serveur\\apache\\bin\\apache.exe"= UDP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{A16B396C-3E93-4C56-AF6D-E489FC1F34CF}E:\\serveur\\apache\\bin\\apache.exe"= TCP:E:\serveur\apache\bin\apache.exe:Apache HTTP Server
    "TCP Query User{263D8921-BF49-40CD-A97D-92F88DE5DCB2}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{01333779-E687-44DD-8F77-30ABC03108C3}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{5D856332-1710-4495-9BBE-C6A573C135EF}E:\\serveur\\mysql\\bin\\mysqld.exe"= UDP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{A355CB1C-B6D4-4D5A-AF94-808770A35EC2}E:\\serveur\\mysql\\bin\\mysqld.exe"= TCP:E:\serveur\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{1F9ADF6A-38C0-41C0-8813-5E2FEB5E090F}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= UDP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "UDP Query User{C31033FA-3A31-4651-842A-BB89E424FFCF}E:\\program files\\cf3b5\\ps3.proxyserver\\ps3.proxyserver.gui.exe"= TCP:E:\program files\cf3b5\ps3.proxyserver\ps3.proxyserver.gui.exe:
    "{E990B999-A5F1-4CEE-AF35-77E920031EAD}"= UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{29421688-02DF-4D2C-80F3-B14A6D02CEBF}"= TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{BAF1C9A1-0DD4-4E61-91D9-8A9E18078177}"= UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{A4C8553C-F26A-42A6-B6F4-D13591ADD17B}"= TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{1A364CE3-2EFC-4FBD-8E17-9FA95FC20DFD}"= UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{DCB1D536-574A-4CCA-94C1-6F609C9E4C68}"= TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "TCP Query User{1CFC8655-E452-4BB6-8F96-E30137A1DF6C}E:\\eduke32\\eduke32.exe"= UDP:E:\eduke32\eduke32.exe:eduke32
    "UDP Query User{FFEE7B37-C254-4F63-A6FD-B7484A3F18A6}E:\\eduke32\\eduke32.exe"= TCP:E:\eduke32\eduke32.exe:eduke32
    "TCP Query User{E7F1BC1D-C519-47E0-8D35-71BF7FCA5CB3}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= UDP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "UDP Query User{0C77D81D-EC4C-4ACB-97D5-D6D1C657BCF1}E:\\program files\\xlink kai evolution vii\\kailaunch.exe"= TCP:E:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
    "TCP Query User{87606A35-95F5-430C-B88B-11EC44394F08}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= UDP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "UDP Query User{3C52B43C-4AD8-47F9-A5F9-0688C11515F2}E:\\users\\ny152\\desktop\\mirc by fishfindus\\mirc.exe"= TCP:E:\users\ny152\desktop\mirc by fishfindus\mirc.exe:mirc.exe
    "TCP Query User{E34BE81F-25B0-4BAE-B2A9-A5FC8EA59523}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= UDP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "UDP Query User{79042002-884D-423C-BC23-661570F8C127}E:\\users\\ny152\\desktop\\ciberscript\\mirc.exe"= TCP:E:\users\ny152\desktop\ciberscript\mirc.exe:mirc.exe
    "TCP Query User{D195EEAF-AC90-4A2E-87AE-ACF73B7B08EF}E:\\windows\\system32\\qpsvoo.exe"= UDP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "UDP Query User{E7AAD6C5-8A7C-44E7-AC3F-325E41BD34D1}E:\\windows\\system32\\qpsvoo.exe"= TCP:E:\windows\system32\qpsvoo.exe:qpsvoo
    "TCP Query User{2332811E-5B4E-4FF5-A244-7163C6AB0DC3}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= UDP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "UDP Query User{30BAE46F-1FF7-4EF4-B0E3-0709937A03F4}E:\\users\\ny152\\desktop\\usb_psp\\nethostfs.exe"= TCP:E:\users\ny152\desktop\usb_psp\nethostfs.exe:nethostfs.exe
    "TCP Query User{3E75310D-B195-40F0-B66B-D653EE9DCA8E}E:\\program files\\mozilla firefox\\firefox.exe"= UDP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{BFEB257D-F580-463B-B24C-D81CED128C11}E:\\program files\\mozilla firefox\\firefox.exe"= TCP:E:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{285D087E-7B68-49F9-BC47-1D8E5FBD5B84}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= UDP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "UDP Query User{582D5485-5042-4A48-B2A7-043B53882F65}E:\\users\\ny152\\desktop\\psp slim\\utilitaires\\nethostfs.exe"= TCP:E:\users\ny152\desktop\psp slim\utilitaires\nethostfs.exe:nethostfs.exe
    "TCP Query User{9AC8D1FE-AFBE-4553-A03C-382AEF14C965}E:\\mercury\\mercury.exe"= UDP:E:\mercury\mercury.exe:Mercury
    "UDP Query User{F78C7F63-A1EB-4AD6-95D2-6622239E6EC7}E:\\mercury\\mercury.exe"= TCP:E:\mercury\mercury.exe:Mercury
    "{A47892DC-A151-432B-9C37-8BF6EDD4CAC1}"= UDP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{289172A3-A9FA-4420-BD6D-85E44316330E}"= TCP:E:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{5550D1B8-1431-49C1-9079-57B20A438653}"= UDP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{2F1C87B5-7D9C-4EB1-9371-868201F57C80}"= TCP:E:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{6BBE53F7-34CE-4B41-B2BF-78BB67B7193B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{9D62AE26-7919-4921-9CF4-A9E3F0EEEC4D}"= TCP:E:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{52BECF7C-5431-497C-92ED-BB128872392B}"= UDP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{D495DF5D-8320-48E9-B1E0-1601941E8261}"= TCP:E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{772B2805-038A-44AD-B4B2-592C4A8CA178}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{DA4537A3-1256-4D19-ACBA-9B92825216E7}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{63DED16A-31F5-4D2F-8D52-2AB8731BE3C9}"= UDP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
    "{A9E5BE9B-7ADC-49AA-BE3D-F889FAD14197}"= TCP:E:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
    "{C28AB1B6-0864-44A1-90A7-DBFEC37090A3}"= UDP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{9F5F419B-FF86-4AE7-A39B-A6513A718112}"= TCP:E:\Cassini\CassiniWebServer.exe:CassiniWebServer
    "{37BE5547-6AEE-4C1E-A6D0-10484950E172}"= E:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
    "{EFA3DF9B-160B-4553-8E18-C916714D010B}"= UDP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{4BFA3486-4957-4FBF-BA4F-B6E2885BDB54}"= TCP:E:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{5C5AFEC0-FB88-4F88-80BD-CF4F0B161D06}"= UDP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{043283F1-31A1-4526-AF5B-5F610121E88E}"= TCP:E:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{8F9AE586-E1D8-41E6-88E0-29E58DE73970}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{C602A709-0DC3-4085-A2FE-18F5456E41AC}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{8139EE5A-37D7-4BAE-9B86-468672149B59}"= UDP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{51A1743A-F55F-4E5C-A6B9-954845920D06}"= TCP:E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{11A3D272-C452-4C7E-98AF-31F726DDDBF4}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{33F1C391-9B29-4217-BAE9-6966EC403252}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{D504C1F7-7975-4D9F-AD45-CA141961BC61}"= Disabled:UDP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{69C21C20-7131-40F2-BD2B-E4A08B740EAB}"= Disabled:TCP:E:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{FD8A2F82-924D-4816-B34F-C76C8AB546DF}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{9075CCCC-E727-42D9-B75B-CE876D313912}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{FFF69D78-9A32-479D-ADA4-D9A99381276E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{7DDCFB4D-D006-46D6-91DB-3ABE6E8B8F87}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{D57A05DC-E1BF-4E18-BBFB-AD42D3EC6A96}"= UDP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{08FB3232-1500-42A4-BB22-4DFF89D8F90C}"= TCP:E:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{9B98C63D-2569-4752-BB90-076A040395B3}"= Disabled:UDP:E:\Program Files\Skype\Phone\Skype.exe:Skype
    "{1AD1D7BF-E96F-4AE2-81EA-C528B6A4D016}"= Disabled:TCP:E:\Program Files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
    "Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 hotcore3;hotcore3;E:\Windows\system32\drivers\hotcore3.sys [2007-03-07 14:27]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
    R2 EAPPkt;Realtek EAPPkt Protocol;E:\Windows\system32\DRIVERS\EAPPkt.sys [2007-03-09 15:29]
    R2 hMailServer;hMailServer;E:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService []
    R2 hMailServerMySQL;hMailServerMySQL;"E:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=E:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL []
    R2 NfsClnt;Client pour NFS;E:\Windows\system32\nfsclnt.exe [2008-01-18 23:33]
    R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 UxTuneUp;TuneUp Extension de thème;E:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;E:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 NfsRdr;Redirecteur du service Client pour NFS;E:\Windows\system32\drivers\nfsrdr.sys [2008-01-18 21:28]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;E:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
    R3 PsxDrv;PsxDrv;E:\Windows\system32\drivers\psxdrv.sys [2008-01-18 21:35]
    R3 RpcXdr;ONCRPC (Open RPC) du service Serveur pour NFS;E:\Windows\system32\drivers\rpcxdr.sys [2008-01-18 21:29]
    R3 vvftav;vvftav;E:\Windows\system32\drivers\vvftav.sys [2007-02-02 22:38]
    R3 xpvcom;XPVCOM Port;E:\Windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 03:00]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;E:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    R3 ZSMC0305;USB PC Camera VC305;E:\Windows\system32\Drivers\usbVM305.sys [2007-03-08 20:05]
    S0 OemBiosDevice;Royalty OEM Bios Extension;E:\Windows\system32\drivers\royal.sys [2007-12-21 02:11]
    S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);E:\Windows\system32\Drivers\ezusb.sys [2003-04-04 03:53]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezusb2.sys);E:\Windows\system32\Drivers\ezusb2.sys [2003-04-04 03:53]
    S3 3xHybrid;3xHybrid service;E:\Windows\system32\DRIVERS\3xHybrid.sys [2005-05-03 10:25]
    S3 maconfservice;Ma-Config Service;"E:\Program Files\ma-config.com\maconfservice.exe" [2008-05-23 18:37]
    S3 NPF;NetGroup Packet Filter Driver;E:\Windows\system32\drivers\npf.sys [2007-06-29 02:01]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;E:\Windows\system32\DRIVERS\RTL8187.sys [2007-03-13 12:20]
    S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);E:\Windows\system32\DRIVERS\tap0801co.sys [2006-08-31 02:47]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;E:\Windows\System32\TuneUpDefragService.exe [2008-06-14 04:49]
    S3 WMSvc;Service de gestion Web;E:\Windows\system32\inetsrv\wmsvc.exe [2008-01-18 23:33]
    S4 Anpe;FireDaemon Service: Anope;E:\Program Files\FireDaemon\FireDaemon.exe [2007-10-26 07:15]
    S4 NetMsmqActivator;Adaptateur d’écouteur Net.Msmq;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator []
    S4 NetPipeActivator;Adaptateur d’écouteur Net.Pipe;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]
    S4 NetTcpActivator;Adaptateur d’écouteur Net.Tcp;"E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2008-01-05 03:21]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LPDService REG_MULTI_SZ LPDSVC
    rsmsvcs REG_MULTI_SZ ntmssvc
    ipripsvc REG_MULTI_SZ iprip
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b003888-7bd9-11dc-996a-806e6f6e6963}]
    \shell\AutoRun\command - L:\setup.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-17 14:32:21 E:\Windows\Tasks\GlaryInitialize.job"
    - E:\Program Files\Glary Utilities\initialize.exe
    "2008-06-17 16:00:00 E:\Windows\Tasks\Maintenance en 1 clic.job"
    - E:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    "2008-06-17 16:45:00 E:\Windows\Tasks\User_Feed_Synchronization-{A638CC2B-A99C-4834-89B0-DDEADE8E6FA6}.job"
    - E:\Windows\system32\msfeedssync.exe
    "2008-06-17 15:55:00 E:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - E:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-17 18:41:39
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-17 18:51:49
    ComboFix-quarantined-files.txt 2008-06-17 16:47:08

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    425 --- E O F --- 2008-06-12 23:19:50

    Rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:57:42, on 17/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    E:\Windows\system32\taskeng.exe
    E:\Windows\system32\Dwm.exe
    E:\Windows\system32\taskeng.exe
    E:\Program Files\Winamp Remote\bin\orbtray.exe
    E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    E:\Windows\RtHDVCpl.exe
    E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    E:\Program Files\Windows Media Player\wmpnscfg.exe
    E:\Serveur\EasyPHP.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    E:\Windows\System32\rundll32.exe
    E:\Program Files\CyberLink\PowerCinema\PCMService.exe
    E:\Serveur\Apache\bin\apache.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Windows\System32\rundll32.exe
    E:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\Serveur\MySql\bin\mysqld.exe
    E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    E:\Program Files\DAEMON Tools\daemon.exe
    E:\Program Files\Skype\Phone\Skype.exe
    E:\Program Files\Windows Sidebar\sidebar.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\NY152\Mes documents\Mes Devellopements\ALT+CTRL+END\CtrlAltEnd.exe
    E:\Program Files\Windows Sidebar\sidebar.exe
    E:\Program Files\Skype\Plugin Manager\skypePM.exe
    E:\Serveur\Apache\bin\apache.exe
    E:\Windows\system32\conime.exe
    E:\Windows\Explorer.exe
    E:\Windows\Explorer.exe
    E:\Windows\system32\wbem\unsecapp.exe
    E:\secur\test.exe
    E:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - E:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [EasyPHP] "E:\Serveur\EasyPHP.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Ai Quicker Help] "E:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE E:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PCMService] "E:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [Orb] "E:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [RamBoostXp] E:\Program Files\RamBoost XP\rambxpfr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: &Winamp Toolbar Search - E:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{32B4FC82-1BB0-4598-BAFC-BB8A66380BE3}: NameServer = 80.10.246.130,81.253.149.10
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - E:\Windows\System32\DreamScene.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hMailServer - hMailServer - E:\Program Files\hMailServer\Bin\hMailServer.exe
    O23 - Service: hMailServerMySQL - Unknown owner - E:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - E:\Windows\system32\libusbd-nt.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - E:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: TVersityMediaServer - Unknown owner - E:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: UnrealIRCd - Unknown owner - E:\Program Files\Unreal3.2\wircd.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 13672 bytes

    a b 8 Sécurité
    18 Juin 2008 12:50:15

    Même problème ?
    18 Juin 2008 23:43:06

    oui et lenteur aussi
    a b 8 Sécurité
    19 Juin 2008 12:47:45

    Lenteur ne veut pas dire virus. Quel est l'autre problème ?
    19 Juin 2008 17:25:10

    en gros les icônes de l'explorateur disparues depuis l'utilisation de combofix. Le Drag & Drop ne marche plus. En fait il ne marche plus depuis ou vers l'explorateur windows. L'icône indiquant le drag & drop est bien présente mais une fois effectué rien ne se passe.
    a b 8 Sécurité
    19 Juin 2008 17:53:15

    Comprend pas d'où peut venir ce problème :/ 
    Tu devrais essayer dans la section Hardware ou OS.
    19 Juin 2008 21:32:50

    J'essayerais en tout cas merci pour tout ça fait plaisir de voir que l'entraide est de mise ici :) 
    a b 8 Sécurité
    20 Juin 2008 12:57:16

    Bonne chance.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS