Explorer.exe trop gourmand !

bonjour a tous
je suis un petit nouveau sur ce site et pas tres doué mais j’ai un probleme
mon explorer.exe est tous le temps entre 50% et 70 % et je ne sais pas pourquoi
je vous donne mon rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:16, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\OrangeHSS\browser\browser.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = D:\Program… Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.fr…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\OrangeHSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [CloneCDTray] “D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [Free Uploader Oe Integration] D:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU…\Run: [MSServer] rundll32.exe C:\Users\UTILIS~1\AppData\Local\Temp\mlJDtuuT.dll,#1
O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\UTILIS~1\AppData\Local\Temp\ssqPigDV.dll,c
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: Chercher avec Copernic Agent - D:\Program… Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [D:\Program…](file://D:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [D:\Program…](file://D:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [D:\Program…](file://D:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [D:\Program…](file://D:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra ‘Tools’ menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - D:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-03.sun.com…
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

–
End of file - 11369 bytes

Mon antivirus est avast
j ai aussi utiliser spyboots et ad aware sans résultat
j’ai aussi fait un scan avec trend secure et bit defender toujours sans resultat !!!
alors si quelqu’un peut m’aider, il aura ma reconnaissance eternelle !!!

merci d’avance

Salut

Dans Hijackthis coche:

Puis clique sur fixed checked

---

Fait ensuite un scan complet avec [MBAM[/url], supprime les detection et post le rapport [url=http://guigui14100.web.officelive.com/tutorialmbam.aspx][b](tutorial)[/b]](http://www.malwarebytes.org/mbam/program/mbam-setup.exe)

merci beaucoup pour la reponse
j ai fait toute les manipulations et voici le rapport
Malwarebytes’ Anti-Malware 1.30
Version de la base de données: 1424
Windows 6.0.6001 Service Pack 1

26/11/2008 11:16:39
mbam-log-2008-11-26 (11-16-39).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 387542
Temps écoulé: 2 hour(s), 28 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\814810 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\utilisateur\AppData\Roaming\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\utilisateur\AppData\Local\Temp\tuvWpNge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\utilisateur\AppData\Local\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Windows\System32\GI2\CRAFE913.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Users\utilisateur\AppData\Local\Temp\rqRIcdAq.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\utilisateur\AppData\Local\Temp\ssqPigDV.dll (Malware.Trace) -> Delete on reboot.
C:\Users\utilisateur\AppData\Roaming\REX Shared Library.dll (Trojan.Lop.H) -> Quarantined and deleted successfully.

pour l’instant explorer.exe consomme tjrs autant

il y a t-il encore quelque chose a faire?

merci et a tres bientot j’espere !!!

Passe un coup de vundofix

Ensuite désactive ton antivirus, lance combofix, laisse travailler et post le rapport

tout été fait

vundofix n’a rien trouve et je joins le rapport combofix

ComboFix 08-11-26.03 - utilisateur 2008-11-26 18:32:13.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.993 [GMT 1:00]
Lancé depuis: c:\users\utilisateur\Desktop\ComboFix.exe

• Un nouveau point de restauration a été créé
  .

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\utilisateur\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.

2008-11-26 13:25 . 2008-11-26 13:25 d-------- C:\VundoFix Backups
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\utilisateur\AppData\Roaming\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\All Users\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\programdata\Malwarebytes
2008-11-26 08:41 . 2008-11-26 11:15 d-------- c:\program files\Malwarebytes’ Anti-Malware
2008-11-26 08:41 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 08:41 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-24 13:42 . 2008-11-24 13:41 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-24 13:35 . 2008-11-24 13:35 d-------- c:\windows\BDOSCAN8
2008-11-23 15:12 . 2008-11-23 15:13 d-------- c:\windows\System32\X
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\vo2
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\windows\System32\qt2
2008-11-23 15:12 . 2008-11-26 11:16 d-------- c:\windows\System32\GI2
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\dPI02
2008-11-23 15:12 . 2008-11-24 09:09 d–hs---- c:\windows\dXRpbGlzYXRldXI
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\temp\FT62
2008-11-23 15:12 . 2008-11-23 15:12 46,080 --a------ c:\users\utilisateur\gif.exe
2008-11-23 15:12 . 2008-11-23 15:12 65 --a------ c:\users\utilisateur\ff.bat
2008-11-14 14:15 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 14:15 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 14:15 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 14:15 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 14:14 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 14:14 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 14:14 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 14:14 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 14:14 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 14:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 14:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 14:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 22:46 . 2008-11-04 22:46 d-------- c:\program files\WinUHA
2008-11-04 17:00 . 2008-11-13 18:06 d-------- c:\users\utilisateur\AppData\Roaming\Red Alert 3
2008-11-04 16:36 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-11-04 16:36 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll
2008-11-04 16:36 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll
2008-11-03 13:50 . 2008-11-03 13:56 d-------- C:\Lop SD
2008-11-03 13:47 . 2008-11-03 13:45 529,069 --a------ c:\users\Public\LopSD.exe
2008-11-03 13:43 . 2008-11-02 18:13 334,738 --a------ c:\users\Public\viamichelin.zip
2008-11-03 13:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 13:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 13:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 13:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 13:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 13:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-03 13:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-03 13:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 15:14 --------- d-----w c:\programdata\Google Updater
2008-11-24 12:41 --------- d-----w c:\program files\Java
2008-11-24 12:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 07:34 --------- d-----w c:\programdata\Microsoft Help
2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-15 08:41 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 13:16 --------- d-----w c:\program files\Google
2008-11-13 17:10 --------- d-----w c:\users\utilisateur\AppData\Roaming\Hamachi
2008-11-04 15:56 10,978 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-21 16:46 --------- d-----w c:\programdata\Messenger Plus!
2008-10-21 11:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 06:35 --------- d-----w c:\program files\Windows Mail
2008-10-15 06:27 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-10-15 06:27 --------- d-----w c:\users\utilisateur\AppData\Roaming\TuneUp Software
2008-10-15 06:27 --------- d-----w c:\programdata\TuneUp Software
2008-10-15 06:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-09 14:43 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-06 10:44 --------- d-----w c:\program files\Common Files\Softwin
2008-10-06 10:43 81,984 ----a-w c:\windows\System32\bdod.bin
2008-10-06 10:43 --------- d-----w c:\programdata\BitDefender
2008-10-06 08:38 --------- d-----w c:\programdata\PLUSHEARTKEEP
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 13:41 --------- d-----w c:\programdata\Media Center Programs
2008-09-29 13:41 --------- d-----w c:\program files\GUILD WARS
2008-09-24 18:21 38,459 ----a-w c:\users\utilisateur\AppData\Roaming\mdb.bin
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-04 13:42 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_5867.exe
2008-09-04 13:25 112,436 ----a-w c:\windows\System32~.tmp
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 65,536 ----a-w c:\windows\System32\jdns_sd.dll
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-06-28 15:50 174 --sha-w c:\program files\desktop.ini
2008-02-21 15:40 225,280 ----a-w c:\users\utilisateur\AppData\Roaming\Rewire.dll
2008-02-17 09:20 47,360 ----a-w c:\users\utilisateur\AppData\Roaming\pcouffin.sys
2007-12-10 20:07 22,328 ----a-w c:\users\utilisateur\AppData\Roaming\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh–r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r c:\windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh–w c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“Free Uploader Oe Integration”=“d:\program files\Free Download Manager\FUM\fumoei.exe” [2007-06-10 40960]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-18 81000]
“SystrayORAHSS”=“c:\program files\OrangeHSS\Systray\SystrayApp.exe” [2006-12-12 90112]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-24 136600]
“CloneCDTray”=“d:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 57344]
“SMSTray”=“c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe” [2007-12-14 132624]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-09-12 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-09-12 8497696]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-09-12 81920]
“H2O”=“c:\program files\SyncroSoft\Pos\H2O\cledx.exe” [2005-10-22 385024]
“SearchSettings”=“c:\program files\Search Settings\SearchSettings.exe” [2008-06-12 991584]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“QuickTime Task”=“d:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-09-03 111936]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-09-10 289576]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.I420”= i420vfw.dll
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Device Detection”=d:\program files\Auchan Photogénie\dd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{4602962D-D56D-42DE-A429-F9A402F99DEA}c:\program files\orangehss\browser\browser.exe”= UDP:c:\program files\orangehss\browser\browser.exe:Browser
“UDP Query User{C32BE9B1-5362-4EE8-BF9F-86DFD4AFD59F}c:\program files\orangehss\browser\browser.exe”= TCP:c:\program files\orangehss\browser\browser.exe:Browser
“TCP Query User{3428B782-B324-459D-9BD6-D6B89403E8F5}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{2545E77E-36BF-4DE5-8D52-E49E18280617}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“{9FED0BB7-96DC-4584-8B80-5D7015855383}”= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
“{A51C83EE-2E78-401E-9666-48DAF74371A4}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{DB420AA1-59E6-45CE-82C3-C01BC18A3B3B}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{944F9F38-53C1-491D-AADB-868631AB355B}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“TCP Query User{07A5E0BE-3DA0-41A4-87A4-C4735B8ACC5B}g:\documents\music\freezer.v1.2\freezer.exe”= UDP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“UDP Query User{6BDC8538-58F0-47D7-A951-945C478A0DD9}g:\documents\music\freezer.v1.2\freezer.exe”= TCP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“{D7975EDA-8656-47BA-8445-8BF798DF7798}”= Disabled:UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“{50A3199F-548D-45C8-A612-80ED7CEFB17C}”= Disabled:TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“TCP Query User{006F1873-456F-4BDC-81A1-D18B8F2B6E82}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= UDP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“UDP Query User{B9DA5047-8D87-4C6F-857A-CC37E19DE0BA}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= TCP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“TCP Query User{5E9FB6AF-90CF-4F2C-8D11-B49DBF8A04F8}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“UDP Query User{E72A1D26-E48B-4C14-AD18-ECE0C52C2FF6}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“TCP Query User{8D203987-C54D-47F2-BAFA-D480AC7B6F8C}c:\wamp\apache2\bin\httpd.exe”= UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{9846190D-5F19-466F-8EB4-FCFF18D34F38}c:\wamp\apache2\bin\httpd.exe”= TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“TCP Query User{76579543-0F1B-42A3-A307-2B29F63F5C45}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“UDP Query User{1AD36B6D-0EC2-4AE1-92A1-BB30F6EE2703}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“TCP Query User{694CFEE4-2C4B-44EF-BF09-36BEA42EDFAA}c:\program files\teamspeak2_rc2\server_windows.exe”= UDP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“UDP Query User{EC7ABD0C-A6A4-4B7E-8FC0-DE19078FE17C}c:\program files\teamspeak2_rc2\server_windows.exe”= TCP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“TCP Query User{6B9EC730-34A6-4C5C-9BAD-80AC120162E6}c:\users\utilisateur\desktop\freezer.exe”= UDP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“UDP Query User{6641DE81-D55D-4308-8F44-169812EE873A}c:\users\utilisateur\desktop\freezer.exe”= TCP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“TCP Query User{C6AC4569-E22F-4C6B-A033-587AB9A44F8D}c:\funserver\server\xampp\mercurymail\mercury.exe”= UDP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“UDP Query User{0F0478C2-273D-4E39-93C6-016E59C3A64B}c:\funserver\server\xampp\mercurymail\mercury.exe”= TCP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“TCP Query User{1ACC8968-D2DB-49C0-8859-3B0C59FFF801}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{0B171426-C34F-4DA5-8288-A3655091D4CC}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{28C7EC6E-C3C5-4081-9907-2C1C471C0C06}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“UDP Query User{B4D808D1-D151-4FB7-A7F9-6700823EBB59}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“TCP Query User{EBC7B30B-1C81-41FA-ADA8-E28691A62DFD}c:\funserver\ascent\ascent-logonserver.exe”= UDP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{770DE37B-02D0-46B3-BBB8-96D19C2151E0}c:\funserver\ascent\ascent-logonserver.exe”= TCP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{BB76452A-557E-4CC6-9CEE-9A95015013F7}c:\funserver\ascent\ascent-world.exe”= UDP:c:\funserver\ascent\ascent-world.exe:ascent-world
“UDP Query User{97778055-93E6-4FF6-BDEF-E1516BFE13AA}c:\funserver\ascent\ascent-world.exe”= TCP:c:\funserver\ascent\ascent-world.exe:ascent-world
“TCP Query User{372E4056-B864-4956-8D52-94745ED02D17}d:\program files\veoh networks\veoh\veohclient.exe”= UDP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“UDP Query User{4450710D-82FC-40CB-9ABC-4A4B45809298}d:\program files\veoh networks\veoh\veohclient.exe”= TCP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“TCP Query User{33C333C4-4B2C-4835-AA9A-DCC26407DBA1}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= UDP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“UDP Query User{8E33F856-433A-469D-8CAC-47A3F8176291}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= TCP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“TCP Query User{04756577-C332-40E4-A034-6587C4A5C111}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{1DBFF887-653B-429C-B903-B07D8B84336E}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{ADBE140B-F7FC-483F-81B4-D0AF5F17FBC8}c:\ac web ultimate repack\ascent\ascent-world.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“UDP Query User{8EE92EA5-22EB-4C88-95B0-766309F36A5B}c:\ac web ultimate repack\ascent\ascent-world.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“TCP Query User{B29C2C00-9551-4E8C-9F37-28AFBD53414B}c:\ac web ultimate repack\server\apache\bin\apache.exe”= UDP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{BC67681A-EEAA-47B3-B739-6D3143E6E31C}c:\ac web ultimate repack\server\apache\bin\apache.exe”= TCP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{03A9596A-8FC6-4DF3-A3CF-BEA4D61E235A}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“UDP Query User{52521DF1-366D-43F0-BF71-7EE789FAC3C5}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“TCP Query User{7B53CF79-A9CC-478A-9172-0C079C5E5E07}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= UDP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“UDP Query User{A271E2DA-54DF-409B-A0FE-AA102BC0B516}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= TCP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“TCP Query User{D0EAFF3D-51E3-4BD2-B8F5-69977D2FED4C}c:\funserver\server\xampp\apache\bin\apache.exe”= UDP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{C6F2B4E0-166F-4F01-A1C3-A9E1E95F34D6}c:\funserver\server\xampp\apache\bin\apache.exe”= TCP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{BF56F505-3B07-48DA-A292-5090B3988D95}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“UDP Query User{367F85A0-9AD7-4317-814E-1ECB0929F696}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“TCP Query User{1312AE3D-5831-4C33-AF8F-C3D47CA1E7E6}d:\alex\wotlk-ff-frfr-downloader.exe”= UDP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“UDP Query User{F401FE1F-F40E-41FB-B9BA-C278567A05E9}d:\alex\wotlk-ff-frfr-downloader.exe”= TCP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“TCP Query User{6912DC5E-5EB0-487A-AC2D-0AE2224F1044}c:\program files\utorrent\utorrent.exe”= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
“UDP Query User{7F850224-574D-4FE0-A321-140B9B746388}c:\program files\utorrent\utorrent.exe”= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
“TCP Query User{DB468C28-1FA4-4DBF-84C3-39457C24C072}c:\program files\pando networks\pando\pando.exe”= UDP:c:\program files\pando networks\pando\pando.exe:pando
“UDP Query User{C613D13B-02F7-4686-A9BA-F177A46A2102}c:\program files\pando networks\pando\pando.exe”= TCP:c:\program files\pando networks\pando\pando.exe:pando
“TCP Query User{A80D415C-6817-4C43-B4CE-BCC9AD9A1799}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{46303275-13DF-4917-B874-973B1DE98440}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“TCP Query User{919AC6C9-C8AE-4E8A-B6BF-32D7CDB866E6}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“UDP Query User{A944D273-249D-4A73-9845-A19BB8621ABC}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“{84D7A855-E72F-4725-A962-A44244A750EB}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{2E8FDE03-6AD1-4E53-A915-6B64F2830B00}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{CBD384B9-46B6-4996-BAEB-ACB06F8A2856}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{ABA7E4A7-A2F7-4286-A366-6816B26B7240}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“{0BC5A6BC-8DD2-49AC-98A3-9A79A1B903BF}”= UDP:d:\program files\Piolet\Piolet.exe:Piolet
“{E25096AD-9878-4307-8497-48659FBC8A6D}”= TCP:d:\program files\Piolet\Piolet.exe:Piolet
“TCP Query User{BC721B01-A48B-4736-AAB0-764E23D1B997}c:\program files\common files\nero\nero web\setupx.exe”= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“UDP Query User{7CE33E31-D98F-427E-8063-3056E8068F24}c:\program files\common files\nero\nero web\setupx.exe”= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“TCP Query User{8A7124B2-ADF5-4F20-A997-95B3A0D0BE2F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= UDP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“UDP Query User{9EDAFF47-AEAB-4A7C-9788-6EE14D9CBE1F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= TCP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“{2946E6D9-A5AC-4995-B535-40DD61328031}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“TCP Query User{5C8F7A08-B927-4F57-A04F-998CEA6DAA4A}c:\program files\vuze\azureus.exe”= UDP:c:\program files\vuze\azureus.exe:Azureus
“UDP Query User{328D7751-DA71-45DD-88B7-91C90AD0850E}c:\program files\vuze\azureus.exe”= TCP:c:\program files\vuze\azureus.exe:Azureus
“{5E645EC4-EBC4-4E22-AE2A-B3D81327FD36}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{45CB2428-3060-4E3A-8549-8798351776AB}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“{AEF39037-58A1-451F-AEA5-E5D0E72E66BC}”= UDP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“{290BDD32-AA1D-4180-826A-F984D7C8FCA1}”= TCP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“TCP Query User{0059FD46-7D3A-4F3F-A126-3BFB03AD627B}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= UDP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“UDP Query User{C60006D7-80AB-45A9-8CD1-0706C444D54F}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= TCP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“TCP Query User{0C9D2896-3CC9-42D5-AFA6-D9F4F3D15922}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= UDP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“UDP Query User{CBFBA2F5-2F72-4721-80BA-D1D1A729E4D9}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= TCP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“{6D5FEE6B-3326-411B-AF01-CF4DFAE60EA3}”= Disabled:d:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:Command & Conquer 3 Tiberium Wars
“{0F3057DB-7A7B-4BF4-8621-4B28763B87ED}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{30AC7465-9774-452E-80CD-3E6F1C23C446}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{4F4C7267-83D2-4588-B134-2FD6583095D7}c:\wamp\apache2\bin\httpd.exe”= Disabled:UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{28335045-9072-492F-A2B5-B3FEBB083FB5}c:\wamp\apache2\bin\httpd.exe”= Disabled:TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“{3E35BAF4-7D96-4A1B-93DF-6EF0AC11167A}”= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{315692F7-A7C1-437A-B269-AB33B93478DB}”= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{4425A569-6448-4E67-A662-E3C8C6FBE37B}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:UDP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
“UDP Query User{BC0705B7-1E71-460F-A807-8DF720B50396}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:TCP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
“{973AEE44-0529-4927-B972-B3FC1CB23D8E}”= Disabled:UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{84A0ED56-6FA4-4670-AFCC-F53BCCDF68E7}”= Disabled:TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{33BD4CAD-4502-4012-BB97-812C9F575AD6}”= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{97886719-B6E8-4400-B58F-3BF7DF7F5DC0}”= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{554C7B2C-645D-486E-9B14-36F4989A35FC}”= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{395BA585-CBE3-4ADC-8B93-BAD75C9F77F7}”= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{FD13B979-157B-45CC-A21A-62B4782A2FDE}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
“UDP Query User{F700A3DB-0C38-4BDC-B77E-A661431D0374}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
“TCP Query User{CFD4A78C-A1DC-41DD-A2E9-640891C2FAE3}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3
“UDP Query User{0E58239B-D56E-4936-885C-1914F719A154}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-12-05 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-04-23 600912]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-06-10 21504]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-07-07 33792]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-12-05 27072]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys [2008-06-10 521472]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-12-05 28224]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-15 355584]
S3 wampapache;wampapache;“c:\wamp\apache2\bin\httpd.exe” -k runservice [2007-01-09 20539]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld []
S4 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-06-05 87288]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9c8f6b1f-bf4c-11dc-8968-001a9206a69d}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f974b721-3ab5-11dd-bc53-001a9206a69d}]
\shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe

Newly Created Service - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier ‘Tâches planifiées’

2008-07-20 c:\windows\Tasks\1 Copernic Intra-Daily ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\2 Copernic Daily ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\3 Copernic Weekly ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\4 Copernic Monthly ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-11-26 c:\windows\Tasks\Maintenance en 1 clic.job

• d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]

2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{9D84138B-1A99-49E8-8808-364947D9EA09}.job

• c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
  .
• • • • ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\uy6vtohh.default
FireFox -: prefs.js - SEARCH.DEFAULTURL - search.conduit.com…
FireFox -: prefs.js - STARTUP.HOMEPAGE - fr.start2.mozilla.com…
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - d:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\program files\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - d:\program files\Firefox\plugins\np-mswmp.dll
FF -: plugin - d:\program files\Firefox\plugins\np32dsw.dll
FF -: plugin - d:\program files\Firefox\plugins\npdeploytk.dll
FF -: plugin - d:\program files\Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - d:\program files\Firefox\plugins\npmozax.dll
FF -: plugin - d:\program files\Firefox\plugins\npnul32.dll
FF -: plugin - d:\program files\Firefox\plugins\NPOFF12.DLL
FF -: plugin - d:\program files\Firefox\plugins\nppdf32.dll
FF -: plugin - d:\program files\Firefox\plugins\nppl3260.dll
FF -: plugin - d:\program files\Firefox\plugins\nppopcaploader.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\Firefox\plugins\nprpjplug.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmaud.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmprog.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmvid.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmzip.dll
FF -: plugin - d:\program files\Opera\program\plugins\nppopcaploader.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin7.dll
.

---

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-26 18:34:53
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

---

.
Heure de fin: 2008-11-26 18:36:26
ComboFix-quarantined-files.txt 2008-11-26 17:36:24

Avant-CF: 91 870 601 216 octets libres
Après-CF: 92,158,898,176 octets libres

362 — E O F — 2008-11-25 14:07:13

pour l’instant explorer tourne tjrs a 60 %

merci pour tout et que peut on faire maintenant

J’analyse ton rapport est je te dit quoi faire

---

Vide les temp a l'aide de[ ATF Cleaner](http://www.atribune.org/ccount/click.php?id=1) [url=http://guigui14100.web.officelive.com/atfcleaner.aspx][b](tutorial) [/b][/url]

Upload sa sur virus total puis post les rapport

---

Puis fait un scan complet en ligne avec [Bitdefender[/url] puis une fois fini [url=http://www.trendsecure.com/portal/en-US/tools/security_tools/housecall]Housecall](http://www.bitdefender.fr/scan_fr/scan8/ie.html)

bonjour,

avec virus total, il y a que la 1er ligne qui est detecter voici le rapport

AhnLab-V3 2008.11.21.0 2008.11.23 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.22 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.23 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.23 -
DrWeb 4.44.0.09170 2008.11.23 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.22 -
F-Secure 8.0.14332.0 2008.11.23 -
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.23 -
Ikarus T3.1.1.45.0 2008.11.23 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.23 -
McAfee 5442 2008.11.22 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.23 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.23 -
Rising 21.04.62.00 2008.11.23 -
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.23 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.23 Downloader
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.22 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.22 -
Information additionnelle
File size: 46080 bytes
MD5…: fa20ebd02e2e87483b360c85716da978
SHA1…: a3610fd3408dedd03ea7d42b37b7c68653af5aba
SHA256: 3d4b32f572b379d5b7eb3ac6ec3d675ced273b22553793e5c59b6e4d68476a1a
SHA512: 7b6b1de2448fb170b40e5030f34223628fce0f8ab3fe952c3d3032484f5d3d7c
1c9227c9f40cb7918f375c6195e05b502c32d7bfd4d9311ba2af6c3107d120d9
PEiD…: -
TrID…: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401838
timedatestamp…: 0x491eac92 (Sat Nov 15 11:03:46 2008)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9198 0x9200 5.46 e79bece46c79e1fd62e793b9ac840c8f
.data 0xb000 0x3c8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
text 0xc000 0x7a 0x200 1.65 3805b40bb77004df19c4c9a82b75993e
.rsrc 0xd000 0x1a68 0x1c00 7.78 581cfe8bf2ca24d0ea2d8935631c4f92

( 1 imports )

MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, -, -, __vbaOnError, __vbaStrLike, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaVarMul, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaUbound, __vbaVarCat, -, -, _CIlog, __vbaErrorOverflow, -, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, __vbaVarInt, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, -, _CIatan, __vbaStrMove, -, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr, __vbaI4ErrVar

( 0 exports )

ThreatExpert info: www.threatexpert.com…
CWSandbox info: research.sunbelt-software.com…

je ne peut pas faire d’analyse avec bitdefender, car je ne peut pas telecharger les signatures de virus
et housecall refuse de s’ouvrir completement (il charge sans resultat et indefiniment)

0k utilise [Dr cUREIT[/url] [url=http://guigui14100.web.officelive.com/tutorialdrcureit.aspx]b[/b]](ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe)

Dr cureit n a rien trouvé

Dans le bloc note fait un copier coller de:

Enregistre le fichier sous le nom CFScript au même endroit que l’exécutable combofix.
Désactive toute les protections
Ensuite fait glisser le fichier texte sur l’éxécutable de combofix, celui ci se lancera automatiquement.
A la fin un rapport s’ouvre post le.

ok c est fait voila le rapport

ComboFix 08-11-26.03 - utilisateur 2008-11-27 13:36:58.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1337 [GMT 1:00]
Lancé depuis: c:\users\utilisateur\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\utilisateur\Desktop\CFScript

• Un nouveau point de restauration a été créé

FILE ::
c:\program files\Search Settings\SearchSettings.exe
c:\windows\System32\Smab0.dll
File:: c:\users\utilisateur\AppData\Roaming\inst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings\SearchSettings.exe
c:\windows\System32\Smab0.dll
c:\windows\System32\X

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.

2008-11-27 11:51 . 2008-11-27 11:51 d-------- c:\users\utilisateur\DoctorWeb
2008-11-26 13:25 . 2008-11-26 13:25 d-------- C:\VundoFix Backups
2008-11-26 10:28 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 10:27 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 10:27 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 10:27 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 10:27 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\utilisateur\AppData\Roaming\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\All Users\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\programdata\Malwarebytes
2008-11-26 08:41 . 2008-11-26 11:15 d-------- c:\program files\Malwarebytes’ Anti-Malware
2008-11-26 08:41 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 08:41 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-24 13:42 . 2008-11-24 13:41 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-24 13:35 . 2008-11-27 08:30 d-------- c:\windows\BDOSCAN8
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\vo2
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\windows\System32\qt2
2008-11-23 15:12 . 2008-11-26 11:16 d-------- c:\windows\System32\GI2
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\dPI02
2008-11-23 15:12 . 2008-11-24 09:09 d–hs---- c:\windows\dXRpbGlzYXRldXI
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\temp\FT62
2008-11-23 15:12 . 2008-11-23 15:12 46,080 --a------ c:\users\utilisateur\gif.exe
2008-11-23 15:12 . 2008-11-23 15:12 65 --a------ c:\users\utilisateur\ff.bat
2008-11-14 14:15 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 14:15 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 14:15 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 14:15 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 14:14 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 14:14 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 14:14 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 14:14 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 14:14 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 14:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 14:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 14:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 22:46 . 2008-11-04 22:46 d-------- c:\program files\WinUHA
2008-11-04 17:00 . 2008-11-13 18:06 d-------- c:\users\utilisateur\AppData\Roaming\Red Alert 3
2008-11-04 16:36 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-11-04 16:36 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll
2008-11-04 16:36 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll
2008-11-03 13:50 . 2008-11-03 13:56 d-------- C:\Lop SD
2008-11-03 13:47 . 2008-11-03 13:45 529,069 --a------ c:\users\Public\LopSD.exe
2008-11-03 13:43 . 2008-11-02 18:13 334,738 --a------ c:\users\Public\viamichelin.zip
2008-11-03 13:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 13:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 13:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 13:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 13:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 13:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-03 13:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-03 13:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 12:37 --------- d-----w c:\program files\Search Settings
2008-11-26 15:14 --------- d-----w c:\programdata\Google Updater
2008-11-24 12:41 --------- d-----w c:\program files\Java
2008-11-24 12:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 07:34 --------- d-----w c:\programdata\Microsoft Help
2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-15 08:41 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 13:16 --------- d-----w c:\program files\Google
2008-11-13 17:10 --------- d-----w c:\users\utilisateur\AppData\Roaming\Hamachi
2008-11-04 15:56 10,978 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-21 16:46 --------- d-----w c:\programdata\Messenger Plus!
2008-10-21 11:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 06:35 --------- d-----w c:\program files\Windows Mail
2008-10-15 06:27 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-10-15 06:27 --------- d-----w c:\users\utilisateur\AppData\Roaming\TuneUp Software
2008-10-15 06:27 --------- d-----w c:\programdata\TuneUp Software
2008-10-15 06:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-09 14:43 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-06 10:44 --------- d-----w c:\program files\Common Files\Softwin
2008-10-06 10:43 81,984 ----a-w c:\windows\System32\bdod.bin
2008-10-06 10:43 --------- d-----w c:\programdata\BitDefender
2008-10-06 08:38 --------- d-----w c:\programdata\PLUSHEARTKEEP
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 13:41 --------- d-----w c:\programdata\Media Center Programs
2008-09-29 13:41 --------- d-----w c:\program files\GUILD WARS
2008-09-24 18:21 38,459 ----a-w c:\users\utilisateur\AppData\Roaming\mdb.bin
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-04 13:42 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_5867.exe
2008-09-04 13:25 112,436 ----a-w c:\windows\System32~.tmp
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 65,536 ----a-w c:\windows\System32\jdns_sd.dll
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-06-28 15:50 174 --sha-w c:\program files\desktop.ini
2008-02-21 15:40 225,280 ----a-w c:\users\utilisateur\AppData\Roaming\Rewire.dll
2008-02-17 09:20 47,360 ----a-w c:\users\utilisateur\AppData\Roaming\pcouffin.sys
2007-12-10 20:07 22,328 ----a-w c:\users\utilisateur\AppData\Roaming\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh–r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r c:\windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_18.35.13,94 )))))))))))))))))))))))))))))))))))))))))
.

• 2006-05-25 00:22:06 53,248 ----a-w c:\windows\bdoscandel.exe
• 2006-05-25 00:21:00 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
• 2006-05-25 00:21:14 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll

• 2008-11-26 10:19:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

• 2008-11-27 12:29:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

• 2008-11-26 10:19:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

• 2008-11-27 12:29:16 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

• 2008-11-26 17:34:41 1,835,008 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

• 2008-11-27 12:30:10 1,835,008 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

• 2008-11-26 17:34:33 1,835,008 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

• 2008-11-27 12:40:46 1,835,008 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

• 2008-11-26 10:19:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

• 2008-11-27 12:31:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

• 2008-11-26 10:19:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

• 2008-11-27 12:31:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

• 2008-11-26 10:19:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

• 2008-11-27 12:31:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

• 2008-11-26 10:26:01 101,896 ----a-w c:\windows\System32\perfc009.dat

• 2008-11-27 12:35:54 101,896 ----a-w c:\windows\System32\perfc009.dat

• 2008-11-26 10:26:01 124,228 ----a-w c:\windows\System32\perfc00C.dat

• 2008-11-27 12:35:54 124,228 ----a-w c:\windows\System32\perfc00C.dat

• 2008-11-26 10:26:01 589,884 ----a-w c:\windows\System32\perfh009.dat

• 2008-11-27 12:35:54 589,884 ----a-w c:\windows\System32\perfh009.dat

• 2008-11-26 10:26:01 672,084 ----a-w c:\windows\System32\perfh00C.dat

• 2008-11-27 12:35:54 672,084 ----a-w c:\windows\System32\perfh00C.dat

• 2008-11-26 10:18:18 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat

• 2008-11-27 07:20:42 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat

• 2008-11-26 10:21:20 17,440 ----a-w c:\windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-601807569-543530777-2641924603-1000_UserData.bin

• 2008-11-27 12:31:28 17,440 ----a-w c:\windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-601807569-543530777-2641924603-1000_UserData.bin

• 2008-11-26 10:21:20 63,074 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

• 2008-11-27 12:31:28 63,192 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

• 2008-11-26 10:21:18 58,878 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

• 2008-11-27 12:31:27 58,958 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
• 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
• 2008-10-21 05:06:53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
• 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
• 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
• 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
• 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
• 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
• 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
• 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
• 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
• 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
• 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
• 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
• 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
• 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
• 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
• 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
• 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
• 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
• 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
• 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
• 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
• 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
• 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
• 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
• 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
  .
  – Instantané actualisé –
  .
  ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
  REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“Free Uploader Oe Integration”=“d:\program files\Free Download Manager\FUM\fumoei.exe” [2007-06-10 40960]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-18 81000]
“SystrayORAHSS”=“c:\program files\OrangeHSS\Systray\SystrayApp.exe” [2006-12-12 90112]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-24 136600]
“CloneCDTray”=“d:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 57344]
“SMSTray”=“c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe” [2007-12-14 132624]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-09-12 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-09-12 8497696]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-09-12 81920]
“H2O”=“c:\program files\SyncroSoft\Pos\H2O\cledx.exe” [2005-10-22 385024]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“QuickTime Task”=“d:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-09-03 111936]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-09-10 289576]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.I420”= i420vfw.dll
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Device Detection”=d:\program files\Auchan Photogénie\dd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{4602962D-D56D-42DE-A429-F9A402F99DEA}c:\program files\orangehss\browser\browser.exe”= UDP:c:\program files\orangehss\browser\browser.exe:Browser
“UDP Query User{C32BE9B1-5362-4EE8-BF9F-86DFD4AFD59F}c:\program files\orangehss\browser\browser.exe”= TCP:c:\program files\orangehss\browser\browser.exe:Browser
“TCP Query User{3428B782-B324-459D-9BD6-D6B89403E8F5}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{2545E77E-36BF-4DE5-8D52-E49E18280617}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“{9FED0BB7-96DC-4584-8B80-5D7015855383}”= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
“{A51C83EE-2E78-401E-9666-48DAF74371A4}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{DB420AA1-59E6-45CE-82C3-C01BC18A3B3B}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{944F9F38-53C1-491D-AADB-868631AB355B}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“TCP Query User{07A5E0BE-3DA0-41A4-87A4-C4735B8ACC5B}g:\documents\music\freezer.v1.2\freezer.exe”= UDP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“UDP Query User{6BDC8538-58F0-47D7-A951-945C478A0DD9}g:\documents\music\freezer.v1.2\freezer.exe”= TCP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“{D7975EDA-8656-47BA-8445-8BF798DF7798}”= Disabled:UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“{50A3199F-548D-45C8-A612-80ED7CEFB17C}”= Disabled:TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“TCP Query User{006F1873-456F-4BDC-81A1-D18B8F2B6E82}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= UDP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“UDP Query User{B9DA5047-8D87-4C6F-857A-CC37E19DE0BA}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= TCP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“TCP Query User{5E9FB6AF-90CF-4F2C-8D11-B49DBF8A04F8}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“UDP Query User{E72A1D26-E48B-4C14-AD18-ECE0C52C2FF6}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“TCP Query User{8D203987-C54D-47F2-BAFA-D480AC7B6F8C}c:\wamp\apache2\bin\httpd.exe”= UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{9846190D-5F19-466F-8EB4-FCFF18D34F38}c:\wamp\apache2\bin\httpd.exe”= TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“TCP Query User{76579543-0F1B-42A3-A307-2B29F63F5C45}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“UDP Query User{1AD36B6D-0EC2-4AE1-92A1-BB30F6EE2703}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“TCP Query User{694CFEE4-2C4B-44EF-BF09-36BEA42EDFAA}c:\program files\teamspeak2_rc2\server_windows.exe”= UDP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“UDP Query User{EC7ABD0C-A6A4-4B7E-8FC0-DE19078FE17C}c:\program files\teamspeak2_rc2\server_windows.exe”= TCP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“TCP Query User{6B9EC730-34A6-4C5C-9BAD-80AC120162E6}c:\users\utilisateur\desktop\freezer.exe”= UDP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“UDP Query User{6641DE81-D55D-4308-8F44-169812EE873A}c:\users\utilisateur\desktop\freezer.exe”= TCP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“TCP Query User{C6AC4569-E22F-4C6B-A033-587AB9A44F8D}c:\funserver\server\xampp\mercurymail\mercury.exe”= UDP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“UDP Query User{0F0478C2-273D-4E39-93C6-016E59C3A64B}c:\funserver\server\xampp\mercurymail\mercury.exe”= TCP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“TCP Query User{1ACC8968-D2DB-49C0-8859-3B0C59FFF801}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{0B171426-C34F-4DA5-8288-A3655091D4CC}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{28C7EC6E-C3C5-4081-9907-2C1C471C0C06}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“UDP Query User{B4D808D1-D151-4FB7-A7F9-6700823EBB59}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“TCP Query User{EBC7B30B-1C81-41FA-ADA8-E28691A62DFD}c:\funserver\ascent\ascent-logonserver.exe”= UDP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{770DE37B-02D0-46B3-BBB8-96D19C2151E0}c:\funserver\ascent\ascent-logonserver.exe”= TCP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{BB76452A-557E-4CC6-9CEE-9A95015013F7}c:\funserver\ascent\ascent-world.exe”= UDP:c:\funserver\ascent\ascent-world.exe:ascent-world
“UDP Query User{97778055-93E6-4FF6-BDEF-E1516BFE13AA}c:\funserver\ascent\ascent-world.exe”= TCP:c:\funserver\ascent\ascent-world.exe:ascent-world
“TCP Query User{372E4056-B864-4956-8D52-94745ED02D17}d:\program files\veoh networks\veoh\veohclient.exe”= UDP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“UDP Query User{4450710D-82FC-40CB-9ABC-4A4B45809298}d:\program files\veoh networks\veoh\veohclient.exe”= TCP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“TCP Query User{33C333C4-4B2C-4835-AA9A-DCC26407DBA1}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= UDP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“UDP Query User{8E33F856-433A-469D-8CAC-47A3F8176291}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= TCP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“TCP Query User{04756577-C332-40E4-A034-6587C4A5C111}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{1DBFF887-653B-429C-B903-B07D8B84336E}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{ADBE140B-F7FC-483F-81B4-D0AF5F17FBC8}c:\ac web ultimate repack\ascent\ascent-world.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“UDP Query User{8EE92EA5-22EB-4C88-95B0-766309F36A5B}c:\ac web ultimate repack\ascent\ascent-world.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“TCP Query User{B29C2C00-9551-4E8C-9F37-28AFBD53414B}c:\ac web ultimate repack\server\apache\bin\apache.exe”= UDP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{BC67681A-EEAA-47B3-B739-6D3143E6E31C}c:\ac web ultimate repack\server\apache\bin\apache.exe”= TCP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{03A9596A-8FC6-4DF3-A3CF-BEA4D61E235A}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“UDP Query User{52521DF1-366D-43F0-BF71-7EE789FAC3C5}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“TCP Query User{7B53CF79-A9CC-478A-9172-0C079C5E5E07}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= UDP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“UDP Query User{A271E2DA-54DF-409B-A0FE-AA102BC0B516}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= TCP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“TCP Query User{D0EAFF3D-51E3-4BD2-B8F5-69977D2FED4C}c:\funserver\server\xampp\apache\bin\apache.exe”= UDP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{C6F2B4E0-166F-4F01-A1C3-A9E1E95F34D6}c:\funserver\server\xampp\apache\bin\apache.exe”= TCP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{BF56F505-3B07-48DA-A292-5090B3988D95}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“UDP Query User{367F85A0-9AD7-4317-814E-1ECB0929F696}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“TCP Query User{1312AE3D-5831-4C33-AF8F-C3D47CA1E7E6}d:\alex\wotlk-ff-frfr-downloader.exe”= UDP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“UDP Query User{F401FE1F-F40E-41FB-B9BA-C278567A05E9}d:\alex\wotlk-ff-frfr-downloader.exe”= TCP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“TCP Query User{6912DC5E-5EB0-487A-AC2D-0AE2224F1044}c:\program files\utorrent\utorrent.exe”= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
“UDP Query User{7F850224-574D-4FE0-A321-140B9B746388}c:\program files\utorrent\utorrent.exe”= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
“TCP Query User{DB468C28-1FA4-4DBF-84C3-39457C24C072}c:\program files\pando networks\pando\pando.exe”= UDP:c:\program files\pando networks\pando\pando.exe:pando
“UDP Query User{C613D13B-02F7-4686-A9BA-F177A46A2102}c:\program files\pando networks\pando\pando.exe”= TCP:c:\program files\pando networks\pando\pando.exe:pando
“TCP Query User{A80D415C-6817-4C43-B4CE-BCC9AD9A1799}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{46303275-13DF-4917-B874-973B1DE98440}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“TCP Query User{919AC6C9-C8AE-4E8A-B6BF-32D7CDB866E6}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“UDP Query User{A944D273-249D-4A73-9845-A19BB8621ABC}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“{84D7A855-E72F-4725-A962-A44244A750EB}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{2E8FDE03-6AD1-4E53-A915-6B64F2830B00}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{CBD384B9-46B6-4996-BAEB-ACB06F8A2856}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{ABA7E4A7-A2F7-4286-A366-6816B26B7240}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“{0BC5A6BC-8DD2-49AC-98A3-9A79A1B903BF}”= UDP:d:\program files\Piolet\Piolet.exe:Piolet
“{E25096AD-9878-4307-8497-48659FBC8A6D}”= TCP:d:\program files\Piolet\Piolet.exe:Piolet
“TCP Query User{BC721B01-A48B-4736-AAB0-764E23D1B997}c:\program files\common files\nero\nero web\setupx.exe”= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“UDP Query User{7CE33E31-D98F-427E-8063-3056E8068F24}c:\program files\common files\nero\nero web\setupx.exe”= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“TCP Query User{8A7124B2-ADF5-4F20-A997-95B3A0D0BE2F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= UDP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“UDP Query User{9EDAFF47-AEAB-4A7C-9788-6EE14D9CBE1F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= TCP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“{2946E6D9-A5AC-4995-B535-40DD61328031}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“TCP Query User{5C8F7A08-B927-4F57-A04F-998CEA6DAA4A}c:\program files\vuze\azureus.exe”= UDP:c:\program files\vuze\azureus.exe:Azureus
“UDP Query User{328D7751-DA71-45DD-88B7-91C90AD0850E}c:\program files\vuze\azureus.exe”= TCP:c:\program files\vuze\azureus.exe:Azureus
“{5E645EC4-EBC4-4E22-AE2A-B3D81327FD36}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{45CB2428-3060-4E3A-8549-8798351776AB}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“{AEF39037-58A1-451F-AEA5-E5D0E72E66BC}”= UDP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“{290BDD32-AA1D-4180-826A-F984D7C8FCA1}”= TCP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“TCP Query User{0059FD46-7D3A-4F3F-A126-3BFB03AD627B}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= UDP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“UDP Query User{C60006D7-80AB-45A9-8CD1-0706C444D54F}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= TCP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“TCP Query User{0C9D2896-3CC9-42D5-AFA6-D9F4F3D15922}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= UDP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“UDP Query User{CBFBA2F5-2F72-4721-80BA-D1D1A729E4D9}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= TCP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“{6D5FEE6B-3326-411B-AF01-CF4DFAE60EA3}”= Disabled:d:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:Command & Conquer 3 Tiberium Wars
“{0F3057DB-7A7B-4BF4-8621-4B28763B87ED}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{30AC7465-9774-452E-80CD-3E6F1C23C446}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{4F4C7267-83D2-4588-B134-2FD6583095D7}c:\wamp\apache2\bin\httpd.exe”= Disabled:UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{28335045-9072-492F-A2B5-B3FEBB083FB5}c:\wamp\apache2\bin\httpd.exe”= Disabled:TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“{3E35BAF4-7D96-4A1B-93DF-6EF0AC11167A}”= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{315692F7-A7C1-437A-B269-AB33B93478DB}”= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{4425A569-6448-4E67-A662-E3C8C6FBE37B}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:UDP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
“UDP Query User{BC0705B7-1E71-460F-A807-8DF720B50396}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:TCP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
“{973AEE44-0529-4927-B972-B3FC1CB23D8E}”= Disabled:UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{84A0ED56-6FA4-4670-AFCC-F53BCCDF68E7}”= Disabled:TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{33BD4CAD-4502-4012-BB97-812C9F575AD6}”= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{97886719-B6E8-4400-B58F-3BF7DF7F5DC0}”= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{554C7B2C-645D-486E-9B14-36F4989A35FC}”= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{395BA585-CBE3-4ADC-8B93-BAD75C9F77F7}”= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{FD13B979-157B-45CC-A21A-62B4782A2FDE}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
“UDP Query User{F700A3DB-0C38-4BDC-B77E-A661431D0374}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
“TCP Query User{CFD4A78C-A1DC-41DD-A2E9-640891C2FAE3}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3
“UDP Query User{0E58239B-D56E-4936-885C-1914F719A154}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-12-05 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-04-23 600912]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-06-10 21504]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-07-07 33792]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys [2008-06-10 521472]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-12-05 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-12-05 27072]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-15 355584]
S3 wampapache;wampapache;“c:\wamp\apache2\bin\httpd.exe” -k runservice [2007-01-09 20539]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld []
S4 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-06-05 87288]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9c8f6b1f-bf4c-11dc-8968-001a9206a69d}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f974b721-3ab5-11dd-bc53-001a9206a69d}]
\shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier ‘Tâches planifiées’

2008-07-20 c:\windows\Tasks\1 Copernic Intra-Daily ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\2 Copernic Daily ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\3 Copernic Weekly ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-07-20 c:\windows\Tasks\4 Copernic Monthly ~PC-de-utilisate utilisateur.job

• d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-11-27 c:\windows\Tasks\Maintenance en 1 clic.job

• d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]

2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{9D84138B-1A99-49E8-8808-364947D9EA09}.job

• c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
  .
• • • • ORPHELINS SUPPRIMES - - - -

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

---

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-27 13:40:57
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

---

.
Heure de fin: 2008-11-27 13:42:25
ComboFix-quarantined-files.txt 2008-11-27 12:42:22
ComboFix2.txt 2008-11-26 17:36:27

Avant-CF: 90 373 304 320 octets libres
Après-CF: 90,451,406,848 octets libres

380 — E O F — 2008-11-27 07:04:21

Nettoi le ragistre avec ccleaner (fait plusieur passage jusqu’a se qu’il y est plus de clés) puis reboot

---

Explorer.exe c'est améliorer?

bonjour

tout d’abord je voudrais te remercier pour tes efforts et ta bonne volonté

apres plusieurs passage de ccleaner explorer.exe tourne tjrs a 50% avec quelque tres breve baisse a 36% 40% mais dans ce cas mon UC tourne a 90% sans aucune application en cours

Met a jour MBAM et relance une analyse.

Installe sa www.01net.com… ouis fait un scan complet en suppriment les detection

Post un nouveau log hijackthis

bonjour

ca marche !!!

je te remercie beaucoup mon explorer tourne a environ 5% je pense que c’est bon

sans avoir eu besoin de lancer avptool

De rien

Bonne journée :jap: