Bonjour, et ReBonjour, a se qui mon aidé il y a 4-5 jour sa marche bien mieu maitenant MAIS g toujour 1 fenétre pop-up qui souvre toute les 25-30 min a peuprer le nom c "apartementjackpot" voila donc si kelkun pouvai m'aider . . . . . encore. La derniére foi c chiquitine29 et ^^marie^^ qui mon aider donc voila aider moi svp

Si ces fichiers n'ont pas été détectés, je te suggère de les soumettre dans un premier temps ici http://secubox.gateweb.org/mad.php Ouvre le blocnote de windows puis copie-colle dedans ce qui est en gras juste ci-dessous (Les deux lignes et rien d'autre) fyrevoyrkv qcurch Puis dans le blocnote, vas dans fichier/enregistrer sous : Appelle-le NavScript.txt Enregistre-le dans C:\program files\Navilog1 (C'est impératif) Double-clique sur le raccourci Navilog1 présent sur ton bureau. Laisse toi guider et patiente. Le Fix va automatiquement démarrer sans passer par le menu principal. Le fix va t'informer qu'il va alors redémarrer ton PC Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts Appuie sur une touche comme demandé. (si ton Pc ne redémarre pas automatiquement, fais-le toi-même) Au redémarrage de ton PC, choisis ta session habituelle si nécessaire. Patiente jusqu'au message : *** Nettoyage Termine le ..... *** Le blocnote va s'ouvrir. Sauvegarde le rapport de manière à le retrouver Ton bureau va réapparaitre. Poste le rapport Cleannavi.txt

ENCORE DES FENETRE POP-UP

Réponse 41 / 62

gaetan

et maitenant je fais koi g toujour les fenétre. Quelqu'un peu me répondre SVP !!!!!!!!!!!

Réponse 42 / 62

gaetan

voila le rapport en 2 parti

"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"SmpcSys" = "C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" ["Packard Bell BV"]
"CursorXP" = "C:\Program Files\CursorXP\CursorXP.exe" [" "]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"ISUSPM" = ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"Speech Recognition" = ""C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup" [MS]
"Orb" = ""C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background" ["Orb Networks"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"AdobeUpdater" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"" ["Sonic Solutions"]
"toolbar_eula_launcher" = "C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [null data]
"NeroFilterCheck" = "C:\Windows\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""C:\Program Files\Micro Application\Securite Internet 2007\avp.exe"" ["Micro Application"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader"
-> {HKLM...CLSID} = "Winamp Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector"
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\Program Files\Google\Google_BAE\BAE.dll" ["Packard Bell"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\scieplugin.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\ShellEx.dll" ["Micro Application"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\ShellEx.dll" ["Micro Application"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"LogonHoursAction" = (REG_DWORD) dword:0x00000002
{unrecognized setting}

"DontDisplayLogonHoursWarnings" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\gaetan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

RoxioSCAudioCDTask33\
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\Winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\Winamp.exe"" ["Nullsoft"]

Startup items in "gaetan" & "All Users" startup folders:
--------------------------------------------------------

C:\Users\gaetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"ppcbooster" -> shortcut to: "C:\Program Files\ppcbooster\ppcbooster.exe" ["BB Inc"]

Réponse 43 / 62

gaetan

Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"Extension de garantie" -> launches: "C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe" ["Packard Bell BV"]
"Recovery DVD Creator" -> launches: "C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe" ["Packard Bell BV"]
"User_Feed_Synchronization-{0A49DB88-7C7A-43BD-9A98-D3516BEAB586}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{0FDFB5FE-AC5A-42EB-A448-DB4F55847877}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\" [MS]
"{2757C239-C431-453B-A767-E874EBC7D103}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\gaetan\Warcraft 2 - The Tides of Darkness\SETUP.EXE" -d "C:\Users\gaetan\Warcraft 2 - The Tides of Darkness"" [MS]
"{2BC78422-C14F-4E99-AFE1-3F9879F9FF92}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\TheGladiators.exe -d H:\" [MS]
"{6166B418-A64F-4202-9724-045B6BD1F4E3}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\instmsiw.exe -d H:\" [MS]
"{6EB6A404-22BB-4E4C-B923-6A0CDAB47089}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Windows\system32\ImageDrive.cpl -c Nero ImageDrive" [MS]
"{76CE492B-2033-49C3-AED5-CFFA958FF078}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\gaetan\Downloads\INSTALL.EXE -d C:\Users\gaetan\Downloads" [MS]
"{81F4CBAB-B8B1-4F53-9BFE-FA21F19DBF46}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Ubisoft\GSC Game World\Alexandre\uninstall.exe"" [MS]
"{82D91A8E-E463-4BEA-959C-4CD362D82FC7}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\setup.exe -d H:\" [MS]
"{B305E9B9-D1C6-48BB-AB74-FC6F9911920C}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\gaetan\Downloads\Arcanes12h.exe -d C:\Users\gaetan\Downloads" [MS]
"{CCBF9A7C-97F7-4822-AF15-39ADB1F33BA8}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\autorun\Setup.exe -d H:\autorun" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ManualDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"MP Scheduled Signature Update" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe SignatureUpdate" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
-> {HKLM...CLSID} = "Dealio"
\InProcServer32\(Default) = "C:\Program Files\Dealio\kb127\Dealio.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {HKLM...CLSID} = "Barre d'outils MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll" [MS]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Explorateur d'ordinateurs, Browser, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
Service*SSTP (Secure Socket Tunneling Protocol) (unwritable string), SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Sécurité Internet 2007, AVP, ""C:\Program Files\Micro Application\Securite Internet 2007\avp.exe" -r" ["Micro Application"]
Windows CardSpace, idsvc, ""C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"" [MS]
Windows Driver Foundation - Infrastructure de pilote mode-utilisateur, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Accessibility Tools:
--------------------

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\
"Configuration" = "magnifierpane"

HKCU\Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp\
"magnifierpane" = dword:0x00000000

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\
"Configuration" = "magnifierpane"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifierpane\
"Description" = "Screen Magnifier"
"StartExe" = "C:\Windows\System32\Magnify.exe" [MS]

---------- (launch time: 2008-10-25 12:51:40)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 83 seconds, including 8 seconds for message boxes)

Réponse 44 / 62

gaetan

désoler pour la lenteur de ma réponse mais voila le rapport

ComboFix 08-10-24.02 - gaetan 2008-10-26 21:25:52.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1275 [GMT 1:00]
Lancé depuis: C:\Users\gaetan\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.

2008-10-25 17:52 . 2008-10-25 17:52 2,995,773 -ra------ C:\Users\gaetan\ComboFix.exe
2008-10-25 11:51 . 2008-10-25 11:51 399,648 --a------ C:\Users\gaetan\Silent Runners.vbs
2008-10-22 20:58 . 2008-10-22 20:58 <REP> d-------- C:\Windows\Sun
2008-10-18 21:22 . 2008-10-20 19:05 <REP> d-------- C:\Program Files\Navilog1
2008-10-18 21:21 . 2008-10-18 21:22 571,687 --a------ C:\Users\gaetan\Navilog1.exe
2008-10-18 18:24 . 2008-06-19 16:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-18 18:23 . 2008-10-18 18:23 <REP> d-------- C:\Program Files\Panda Security
2008-10-17 16:35 . 2008-10-17 16:37 <REP> d-------- C:\ToolBar SD
2008-10-17 16:35 . 2008-10-17 16:35 364,558 --a------ C:\Users\gaetan\ToolBarSD.exe
2008-10-16 20:04 . 2008-10-16 20:04 812,344 --a------ C:\Users\gaetan\HJTInstall.exe
2008-10-16 15:42 . 2008-10-16 18:12 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-10-15 19:52 . 2008-10-15 19:53 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-10-15 19:48 . 2008-10-15 19:48 <REP> d-------- C:\Users\gaetan\GenProc
2008-10-15 19:48 . 2008-10-15 19:48 417,527 --a------ C:\Users\gaetan\GenProc.zip
2008-10-15 18:36 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 18:36 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 18:36 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 18:36 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 18:36 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 18:36 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Celestia
2008-10-14 19:39 . 2008-10-14 19:39 23,790,082 --a------ C:\Users\gaetan\celestia-win32-1.5.1.exe
2008-10-13 17:04 . 2008-10-13 17:05 <REP> d-------- C:\Program Files\Java
2008-10-13 17:04 . 2008-10-13 17:04 <REP> d-------- C:\Program Files\Common Files\Java
2008-10-11 13:43 . 2008-10-16 20:04 <REP> d-------- C:\Program Files\Trend Micro
2008-10-08 20:36 . 2007-10-28 21:56 838,515 --a------ C:\Windows\_detmp.1
2008-10-08 20:36 . 2000-04-14 10:11 86,016 --a------ C:\Windows\_detmp.2
2008-10-08 16:37 . 2008-10-08 16:37 <REP> d-------- C:\GAMES
2008-10-08 16:29 . 2008-10-08 16:29 <REP> d-------- C:\Program Files\ppcbooster
2008-10-08 14:09 . 2008-10-24 20:15 <REP> d-------- C:\Users\gaetan\jeu

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:27 49,693,984 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-10-26 20:16 --------- d-----w C:\Users\gaetan\AppData\Roaming\Skype
2008-10-26 20:12 --------- d-----w C:\Program Files\Warcraft III
2008-10-26 15:05 --------- d-----w C:\Users\gaetan\AppData\Roaming\skypePM
2008-10-26 11:54 --------- d-----w C:\ProgramData\Micro Application
2008-10-25 21:10 660,188 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-10-23 17:35 --------- d-----w C:\Users\gaetan\AppData\Roaming\LimeWire
2008-10-21 16:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-18 13:55 --------- d-----w C:\Program Files\Google
2008-10-17 16:50 --------- d-----w C:\Program Files\Metin2_France
2008-10-16 14:13 --------- d-----w C:\Program Files\Windows Mail
2008-10-13 18:21 --------- d-----w C:\Program Files\Microsoft Games
2008-10-11 10:43 --------- d-----w C:\ProgramData\OrbNetworks
2008-10-08 19:36 --------- d-----w C:\Program Files\Tetris 3000
2008-10-08 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 17:10 --------- d-----w C:\Program Files\Cossacks - The Art Of War
2008-09-22 19:43 --------- d-----w C:\Program Files\Free Audio Pack
2008-09-10 18:19 --------- d-----w C:\Program Files\Glest_3.1.2
2008-09-04 21:02 --------- d-----w C:\Users\gaetan\AppData\Roaming\GetRightToGo
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 17:30 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-07-30 17:30 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-07-29 11:22 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-07-29 11:22 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-07-29 11:22 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-07-25 12:00 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 20:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-05 20:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-05 20:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-03 14:29 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 14:29 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 14:29 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-16 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 C:\Windows\SkyTel.exe]

C:\Users\gaetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ppcbooster.lnk - C:\Program Files\ppcbooster\ppcbooster.exe [2008-10-08 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5339627-E33F-4F74-A621-6094E86725B3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{95095CE9-163A-4BDD-B427-20949BDAB151}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5E45B4AF-B939-4CA2-B07A-133AB80FB86B}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{394C6BA2-C96A-4BBD-9F60-4F515EEBA77F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{FD0C1E39-A528-493F-9760-4C4843F9E02A}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AE8F2CC7-E273-4232-B1BD-D354146370E4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{46085E9B-7974-4DC8-9794-D1CC8F4B7376}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{577A7DBF-45D8-4828-B37B-5FDFC66821AB}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{FFB85EA8-6B9E-4F43-A81F-1DA6E69C6593}C:\\program files\\jowood\\spellforce - diamond edition\\spellforce.exe"= UDP:C:\program files\jowood\spellforce - diamond edition\spellforce.exe:SpellForce
"UDP Query User{F274A370-0311-4948-9C00-87A5C244DFDC}C:\\program files\\jowood\\spellforce - diamond edition\\spellforce.exe"= TCP:C:\program files\jowood\spellforce - diamond edition\spellforce.exe:SpellForce
"TCP Query User{985E93B6-BA64-4D9B-ADD7-0CD1AC6DAF25}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{3644BD2E-7A11-4783-8710-CEFEB4116421}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{90806C1F-8895-440C-B227-08E0D48F0987}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{D446BD00-BBE9-478B-9619-4D452BDB9759}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{DEE7FC4B-D651-41CC-81D7-8F6C3D7205D9}"= UDP:C:\Sierra\Arcanum\Arcanum.exe:Arcanum
"{EC54DAB7-FEBA-4550-818E-5C2D411A2B29}"= TCP:C:\Sierra\Arcanum\Arcanum.exe:Arcanum
"{263CADE6-F851-450D-96C1-082AB8AA19BA}"= UDP:C:\Program Files\Cossacks - The Art Of War\dmcr.exe:Cossacks - The Art of War
"{4C4F4181-AB1A-499D-B561-41DE31A6B5A1}"= TCP:C:\Program Files\Cossacks - The Art Of War\dmcr.exe:Cossacks - The Art of War
"{00AE8FAA-9A09-4854-A5D1-EC24CA422CC7}"= UDP:C:\Program Files\Strategy First\Disciples Gold\Exe\Disciple.exe:Disciples - Sacred Lands
"{39617411-470F-48F4-A924-CFD9D565AA87}"= TCP:C:\Program Files\Strategy First\Disciples Gold\Exe\Disciple.exe:Disciples - Sacred Lands
"{003BCC81-5806-46CD-876C-B72CFCA1ADEA}"= UDP:C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:Heroes of Might and Magic V
"{F239920F-2B88-472B-A5D5-76CA9035B9CE}"= TCP:C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:Heroes of Might and Magic V
"{43A9E2F3-9C50-46F9-9BB9-8F79888FA03A}"= UDP:C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4f.exe:Heroes of Might and Magic IV
"{3BEAD466-553E-47FE-9EFF-363A0969C7E2}"= TCP:C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4f.exe:Heroes of Might and Magic IV
"{9536B881-DD0F-4B9E-B48F-0F1572E0A1B6}"= UDP:C:\Program Files\Warcraft III\Warcraft III.exe:Warcraft III
"{EBBA2F99-F856-45EE-A1F1-7142EBEFDDF0}"= TCP:C:\Program Files\Warcraft III\Warcraft III.exe:Warcraft III
"{EE17DB73-4A90-435A-8F2B-C3E107D41848}"= UDP:C:\Program Files\Eidos Interactive\Pyro Studios\Praetorians\Praetorians.exe:Praetorians
"{B1E9F990-D2E4-426B-963F-F61AAA926EFE}"= TCP:C:\Program Files\Eidos Interactive\Pyro Studios\Praetorians\Praetorians.exe:Praetorians
"{315A0922-576B-4C34-912E-172ADCC367EB}"= UDP:C:\Program Files\Port Royale\PortRoyale.exe:Port Royale
"{BD87D139-CC2D-42D2-83A5-9CFAFF9CF995}"= TCP:C:\Program Files\Port Royale\PortRoyale.exe:Port Royale
"TCP Query User{DC42F8CF-5A2F-4BFD-92A4-2D4B22296815}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{61AD9EF0-F75E-43BD-B095-D069C95428D5}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{A8D9876F-D393-40B8-A956-EB5B51AE5521}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8667E890-E0C1-4E1D-9947-56DBE1A838C1}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{035A7B05-D664-4341-B6B0-675BE266701A}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{C5AE43CF-0B11-4066-B4FC-89C971968756}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{F2817DE4-BAFD-4FF6-B909-D0E722A92A61}C:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= UDP:C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{F97870DA-D57B-40CF-88FF-CB7AD76BD659}C:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= TCP:C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{E951D5EF-F6E7-467A-8B44-F83509473BA6}C:\\program files\\warzone 2100\\warzone2100.exe"= UDP:C:\program files\warzone 2100\warzone2100.exe:Warzone 2100
"UDP Query User{50B8AE86-CC7D-4DD3-A5A8-681CAE5FA1F1}C:\\program files\\warzone 2100\\warzone2100.exe"= TCP:C:\program files\warzone 2100\warzone2100.exe:Warzone 2100
"TCP Query User{03229C4D-E7BE-4981-8383-9142626D2EA8}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"UDP Query User{986D858B-4E6B-4C2F-8680-B4DA7EDAF5F5}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"TCP Query User{6912C221-A7D0-4505-A14A-6D759795AF3F}C:\\bluebyte\\the settlers iv\\exe\\s4_main.exe"= UDP:C:\bluebyte\the settlers iv\exe\s4_main.exe:S4_Main
"UDP Query User{825DA880-72D0-47AC-95C1-D7D0C1CFBF84}C:\\bluebyte\\the settlers iv\\exe\\s4_main.exe"= TCP:C:\bluebyte\the settlers iv\exe\s4_main.exe:S4_Main
"TCP Query User{FA1AAFE1-D686-477F-8C7B-46DFC492ECE0}C:\\program files\\giants\\giants.exe"= UDP:C:\program files\giants\giants.exe:Giants
"UDP Query User{1AC13B7B-D5AF-4AA7-ABBA-741E73EE8CB6}C:\\program files\\giants\\giants.exe"= TCP:C:\program files\giants\giants.exe:Giants
"TCP Query User{8F180B30-77F4-402C-8F7F-0E7E0A772811}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{1F7CA572-467C-421D-A2FD-D474704478BA}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"{E6942491-2D7E-4373-BBFA-A038575FBDAE}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{10512A4C-5354-4DED-A488-3BF0D65A5986}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{20C65265-96D9-4A19-B34E-D406DCFA0F1A}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{220287E5-AA44-466B-9D32-F6F73593096C}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{47C66D78-D87D-49E1-B813-B60D6EAA0BFF}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C1165618-5246-4897-B163-00E18B76447C}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1435300C-09D2-4658-91E4-5C164BD15F2C}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0C5C33D6-DB3E-4F78-9C38-20125F092EB0}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{41E719C3-4818-4293-84DB-9BABFF382CC4}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{E06D12E1-F75F-435E-8854-D808F4365EAA}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{9DDAF048-3287-46BD-9E53-FC85F7D8A4AC}C:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= UDP:C:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"UDP Query User{68A9DE2C-0F8B-4689-AD2F-7F274C73E3E3}C:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= TCP:C:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"TCP Query User{3B1844B2-F152-4446-B412-03398EB8967D}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{59A8433A-1785-4A27-AC17-2E2412E1110A}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{2395DCB8-6253-4551-AE0F-3A7006889658}C:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= UDP:C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem
"UDP Query User{5E134F99-A986-4A88-8786-3000C0ACEA78}C:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= TCP:C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem
"TCP Query User{8CB693D6-A8CE-42F8-A038-535B36683717}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{38D6F906-C58F-4B64-852A-B99543CF097D}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"{24E3B5BF-E5AC-4430-AF66-BBA075F31D22}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{3D0A14F5-1760-40D6-A1F8-7F2ACEF42530}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"TCP Query User{09FA9CD2-64D4-4C5A-A412-DEF58DDBBF1F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{14D50DFC-4056-4E26-A43B-A2DDD65362DF}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{B4FE32BB-43C8-47AF-882A-1F7ED376DC33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D7EF8BA-406B-498B-BD76-3BF3F54ACD72}"= UDP:4377:H4_4377_TCP
"{661046D7-846A-41FF-BA4F-09EDF11AF06E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{257B1C6D-F537-4D7E-A96F-B67E1819594E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{147B8CF6-4754-4684-97BF-46487EEF0354}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F92AE674-A755-4E33-A8FD-29CEE08D927A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{4C3AFC98-E1C7-4DF0-BFB8-BD23B2768E5A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{75226A16-502B-4002-94A7-CE8299DD9CBF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2406255A-46C6-4AAB-9F3F-130E58A6CD4E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{73BFB7C6-41F5-4728-8D87-35AAC0C19B00}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{86F538DB-2279-43BB-902A-D118F9CBEC25}"= UDP:C:\Program Files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{39D35ABD-D3C7-4D5C-A042-F712804F4730}"= TCP:C:\Program Files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{1AA52F01-4CD9-40C2-9AD6-9488D13CBFCD}"= UDP:C:\Program Files\Metin2_France\metin2.exe:metin2
"{17C65EC1-655C-4B2E-B30A-93589BA3589D}"= TCP:C:\Program Files\Metin2_France\metin2.exe:metin2
"TCP Query User{65664738-28C3-4EAB-AB2C-B70E68588B70}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{E7E9A406-C4D7-41BF-8BF1-A15060AE257D}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{60C25528-AE63-48C6-A7C7-A81EF6A94630}"= UDP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{F91A0A54-0084-4909-AAEE-3B825188DF24}"= TCP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"TCP Query User{4E36F86F-76F9-4502-A889-CCFAC4228CC7}C:\\skype\\phone\\skype.exe"= UDP:C:\skype\phone\skype.exe:Skype
"TCP Query User{745DA644-BAAA-402E-A58F-CEC014CB3432}C:\\program files\\metin2_france\\metin2.bin"= UDP:C:\program files\metin2_france\metin2.bin:metin2.bin
"UDP Query User{96DAEB0E-5DF9-44F7-A455-6E1848380577}C:\\program files\\metin2_france\\metin2.bin"= TCP:C:\program files\metin2_france\metin2.bin:metin2.bin
"{8E6B8276-37C6-4733-A7B2-65B6E79D65CC}"= UDP:C:\Program Files\GUILD WARS\Gw.exe:GUILD WARS
"{0D9EA4F3-F864-4B74-B01D-C72FEFD2A06E}"= TCP:C:\Program Files\GUILD WARS\Gw.exe:GUILD WARS
"TCP Query User{D34672FF-FBB7-4438-9088-E0EF131F68B2}C:\\program files\\glest_3.1.2\\glest.exe"= UDP:C:\program files\glest_3.1.2\glest.exe:glest
"UDP Query User{1BAB26A5-A2BF-4484-A848-409CC772EEA2}C:\\program files\\glest_3.1.2\\glest.exe"= TCP:C:\program files\glest_3.1.2\glest.exe:glest
"TCP Query User{0048870A-F567-4043-A360-21E845C6953A}C:\\users\\gaetan\\c&c sdt\\game.exe"= UDP:C:\users\gaetan\c&c sdt\game.exe:game.exe
"UDP Query User{098608C5-B191-48B3-9F37-63A5F39ECAC7}C:\\users\\gaetan\\c&c sdt\\game.exe"= TCP:C:\users\gaetan\c&c sdt\game.exe:game.exe
"{8A5F95CE-0D1A-4C9A-A4E6-CFA204948D49}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 20760]
R1 SSHDRV52;SSHDRV52;C:\Windows\system32\drivers\SSHDRV52.sys [2007-10-02 29184]
R1 SSHDRV85;SSHDRV85;C:\Windows\system32\drivers\SSHDRV85.sys [2007-12-05 78848]
S3 ARCSOFTVIRTUALCAPTURE;Magic-i Virtual Driver;C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys [2006-12-07 17024]
S3 PAC207;Webcam 1200;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
.
Contenu du dossier 'Tâches planifiées'

2008-10-26 C:\Windows\Tasks\Extension de garantie.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2008-10-26 C:\Windows\Tasks\Recovery DVD Creator.job
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2008-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{0A49DB88-7C7A-43BD-9A98-D3516BEAB586}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\gaetan\AppData\Roaming\Mozilla\Firefox\Profiles\ngo1i7xo.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 21:30:02
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-26 21:31:32
ComboFix-quarantined-files.txt 2008-10-26 20:31:19

Avant-CF: 183 644 364 800 octets libres
Après-CF: 183,669,374,976 octets libres

262 --- E O F --- 2008-10-25 10:26:58

Réponse 45 / 62

gaetan

Alor le verdicte ????

Réponse 46 / 62

eZula Messages postés 3509 Statut Contributeur 392

Répond :

- depuis quand précisément tu as des pubs ?
- depuis quoi ?
- sous IE et aussi sous Firefox ?

Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document texte". Ouvre-le et copie-colle dedans ces lignes en italique :

netstat -abnov > netstat.txt
notepad netstat.txt
del netstat.txt

Dans le menu "fichier"/"enregistrer sous", sélectionne :
"Nom du fichier" : list.bat
"Type" : "tous les fichiers"
Clique ensuite sur "enregistrer".

double-clique dessus, le bloc-notes s'ouvre au bout de quelques instants. Copie et poste son contenu.

gaetan

depui quan et depuis quoi je m'en c rien et je jutilise internet explorer
et voila le rapport

Connexions actives

Proto Adresse locale Adresse distante tat
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 944
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING 1924
[avp.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 0.0.0.0:29831 0.0.0.0:0 LISTENING 3828
[OrbTray.exe]
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 624
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1088
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1164
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 688
[lsass.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 672
[services.exe]
TCP 127.0.0.1:1110 127.0.0.1:50578 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:50580 TIME_WAIT 0
TCP 127.0.0.1:29831 127.0.0.1:49161 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:29831 127.0.0.1:49162 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:49161 127.0.0.1:29831 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:49162 127.0.0.1:29831 ESTABLISHED 3828
[OrbTray.exe]
TCP 192.168.1.5:139 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 192.168.1.5:49231 207.46.107.69:1863 ESTABLISHED 3796
[msnmsgr.exe]
TCP 192.168.1.5:50503 84.96.219.209:80 TIME_WAIT 0
TCP 192.168.1.5:50511 84.96.219.209:80 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 944
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP [::]:5357 [::]:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP [::]:49152 [::]:0 LISTENING 624
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING 1088
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING 1164
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING 688
[lsass.exe]
TCP [::]:49156 [::]:0 LISTENING 672
[services.exe]
UDP 0.0.0.0:123 *:* 1328
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:* 1164
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1328
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1328
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:* 1164
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:* 1520
Dnscache
[svchost.exe]
UDP 0.0.0.0:63543 *:* 1328
FDResPub
[svchost.exe]
UDP 127.0.0.1:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:50604 *:* 3820
[iexplore.exe]
UDP 127.0.0.1:57436 *:* 3796
[msnmsgr.exe]
UDP 127.0.0.1:59611 *:* 3796
[msnmsgr.exe]
UDP 127.0.0.1:59856 *:* 3860
[ppcbooster.exe]
UDP 127.0.0.1:60156 *:* 1328
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:60187 *:* 1164
ShellHWDetection
[svchost.exe]
UDP 127.0.0.1:62052 *:* 1120
[winamp.exe]
UDP 127.0.0.1:62551 *:* 3808
[ISUSPM.exe]
UDP 192.168.1.5:9 *:* 3796
[msnmsgr.exe]
UDP 192.168.1.5:137 *:* 4

Impossible d'obtenir les informations de propri‚taire
UDP 192.168.1.5:138 *:* 4

Impossible d'obtenir les informations de propri‚taire
UDP 192.168.1.5:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP 192.168.1.5:12655 *:* 3796
[msnmsgr.exe]
UDP 192.168.1.5:60155 *:* 1328
SSDPSRV
[svchost.exe]
UDP [::]:123 *:* 1328
W32Time
[svchost.exe]
UDP [::]:500 *:* 1164
IKEEXT
[svchost.exe]
UDP [::]:3702 *:* 1328
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 1328
FDResPub
[svchost.exe]
UDP [::]:5355 *:* 1520
Dnscache
[svchost.exe]
UDP [::]:63544 *:* 1328
FDResPub
[svchost.exe]
UDP [::1]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [::1]:60153 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::28e7:981:ab9d:a7c4%9]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::28e7:981:ab9d:a7c4%9]:60154 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::d001:fef2:1a13:45b0%8]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::d001:fef2:1a13:45b0%8]:60152 *:* 1328
SSDPSRV
[svchost.exe]

Réponse 47 / 62

eZula Messages postés 3509 Statut Contributeur 392

Et que te donne ce fichier sur VirusTotal C:\Program Files\ppcbooster\ppcbooster.exe ?

ne me demande pas comment on fait, tu as déjà effectué cette procédure

gaetan

Quoi ?!?!?!?! heuu . . . dsl mais je comprens pas la.

Réponse 48 / 62

eZula Messages postés 3509 Statut Contributeur 392

Vas sur ce site https://www.virustotal.com/gui/
Colle dans la case à gauche de "parcourir" :
C:\Program Files\ppcbooster\ppcbooster.exe
en cours de chargement ...mis en file d'attenteen attenteen cours d'analyse clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.

wiwild

Bonjour , g exactement la meme chose que gaetan le meme site mais g pas sur mon pc les fichier que tu a dit merci de répondre sa devient saoulant ;) .

Réponse 49 / 62

gaetan

Bon voila le rapport

AhnLab-V3 2008.10.28.3 2008.10.29 -
AntiVir 7.9.0.10 2008.10.29 HEUR/Malware
Authentium 5.1.0.4 2008.10.29 -
Avast 4.8.1248.0 2008.10.28 -
AVG 8.0.0.161 2008.10.29 -
BitDefender 7.2 2008.10.29 -
CAT-QuickHeal 9.50 2008.10.29 -
ClamAV 0.93.1 2008.10.29 -
DrWeb 4.44.0.09170 2008.10.29 -
eSafe 7.0.17.0 2008.10.29 -
eTrust-Vet 31.6.6179 2008.10.29 -
Ewido 4.0 2008.10.29 -
F-Prot 4.4.4.56 2008.10.29 -
F-Secure 8.0.14332.0 2008.10.29 -
Fortinet 3.117.0.0 2008.10.28 -
GData 19 2008.10.29 -
Ikarus T3.1.1.44.0 2008.10.29 -
K7AntiVirus 7.10.511 2008.10.29 -
Kaspersky 7.0.0.125 2008.10.29 -
McAfee 5417 2008.10.28 -
Microsoft 1.4005 2008.10.29 -
NOD32 3566 2008.10.29 -
Norman 5.80.02 2008.10.29 -
Panda 9.0.0.4 2008.10.29 -
PCTools 4.4.2.0 2008.10.29 -
Prevx1 V2 2008.10.29 -
Rising 21.01.22.00 2008.10.29 -
SecureWeb-Gateway 6.7.6 2008.10.29 Heuristic.Malware
Sophos 4.35.0 2008.10.29 -
Sunbelt 3.1.1762.1 2008.10.28 -
Symantec 10 2008.10.29 -
TheHacker 6.3.1.1.133 2008.10.28 -
TrendMicro 8.700.0.1004 2008.10.29 -
VBA32 3.12.8.8 2008.10.28 -
ViRobot 2008.10.29.1443 2008.10.29 -
VirusBuster 4.5.11.0 2008.10.28 -
Information additionnelle
File size: 20480 bytes
MD5...: 99014a34b2a8b46c190c7cb943ad8dcd
SHA1..: 43144f2331bc11d9df4ee03cbaaacd93aff84c56
SHA256: 75b6c501fc80bd6f4e98512e7cd2ca5b74640da0cf40e8f6666a8a751da1d6a5
SHA512: 1c66ebe1cb30e17a1ab3daddee33b3e96b723a437dc430a552e7abf1ae26c778
06ede0536fb23650c2e6e41a295ffa8b1549fea4b3992a2c2b296a4e4864948b
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401330
timedatestamp.....: 0x48ecc4fb (Wed Oct 08 14:34:35 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1fb8 0x2000 5.32 891c5893d47255e4d10570e588c7953a
.data 0x3000 0xa14 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x4000 0x8e0 0x1000 1.90 32736490cb941d7c86f1d2c33e0dd0c4

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )

Réponse 50 / 62

eZula Messages postés 3509 Statut Contributeur 392

Ce n'est pas très convaincant mais on peut toujours essayer : lance HijackThis en cliquant sur "do a system scan only" et coche ces lignes (uniquement ces lignes) si tu les trouves encore :

O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe

- Ferme toutes les fenêtres, applications, messagerie... et clique sur "fix checked". Valide, puis quitte HijackThis.

ensuite redémarre ton ordinateur et regarde si tu as tjs des pubs

gaetan

c bon sa marche !! merci !!

Réponse 51 / 62

eZula Messages postés 3509 Statut Contributeur 392

c'est donc cette saloperie de ppcbooster qui envoyait des pubs depuis le début ?

ça a l'air d'être le cas, ne te prive surtout pas de supprimer le répertoire C:\Program Files\ppcbooster

Réponse 52 / 62

eZula Messages postés 3509 Statut Contributeur 392

comme indiqué https://www.eset.com/

Réponse 53 / 62

eZula Messages postés 3509 Statut Contributeur 392

il me faut beaucoup de temps pour traduire ton dialecte SMS, pardonne-moi

et sinon le problème, c'est réglé ?

Réponse 54 / 62

eZula Messages postés 3509 Statut Contributeur 392

si tu doubles cliques sur ce fichier Uninstall.bat, tu n'obtiens pas un fichier Uninstall.txt ensuite ?

Réponse 55 / 62

eZula Messages postés 3509 Statut Contributeur 392

Désinstalle ces programmes

"Dealio Toolbar 3.4"
"Search Settings 1.2"
"SweetIM for Messenger 2.5"
"SweetIM Toolbar for Internet Explorer 3.1"

puis redémarre l'ordi et dis-moi ce que ça donne. Si encore pubs, précise les url

Réponse 56 / 62

eZula Messages postés 3509 Statut Contributeur 392

Et le reste ?

Réponse 57 / 62

eZula Messages postés 3509 Statut Contributeur 392

Fais un scan nanoscan/totalscan et fais voir le rapport, il est pas trop mal pour détecter les adwares, je suppose que c'est quelque chose dans le style qui doit lancer ces fenêtres.

Réponse 58 / 62

eZula Messages postés 3509 Statut Contributeur 392

https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Ne reviens pas sans le rapport

Réponse 59 / 62

eZula Messages postés 3509 Statut Contributeur 392

bon, voilà les méchants :

02555179 Adware/NaviPromo Adware No 1 Yes No C:\Users\gaetan\AppData\Local\fyrevoyrkv.exe
02555179 Adware/NaviPromo Adware No 1 Yes No C:\Users\gaetan\AppData\Local\qcurch.exe

n'essaye pas de les supprimer manuellement. Utilise Navilog1 pour t'en débarrasser http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm

1. Option 1
2. Option 2

Et vérifie qu'il supprime bien ces deux fichiers, si tu veux tu peux poster le rapport final.

Réponse 60 / 62

eZula Messages postés 3509 Statut Contributeur 392

si tu regardes bien le rapport navilog1, il ne semble pas avoir trouvé fyrevoyrkv.exe

on va voir ce que dit panda

ENCORE DES FENETRE POP-UP

62 réponses

Votre réponse

Discussions similaires

Newsletters