ENCORE DES FENETRE POP-UP

Fermé
gaetan - 15 oct. 2008 à 20:22
 wiwild - 19 nov. 2008 à 18:32
Bonjour, et ReBonjour, a se qui mon aidé il y a 4-5 jour sa marche bien mieu maitenant MAIS g toujour 1 fenétre pop-up qui souvre toute les 25-30 min a peuprer le nom c "apartementjackpot" voila donc si kelkun pouvai m'aider . . . . . encore.
La derniére foi c chiquitine29 et ^^marie^^ qui mon aider donc voila aider moi svp
A voir également:

62 réponses

et maitenant je fais koi g toujour les fenétre. Quelqu'un peu me répondre SVP !!!!!!!!!!!
0
voila le rapport en 2 parti

"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"SmpcSys" = "C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" ["Packard Bell BV"]
"CursorXP" = "C:\Program Files\CursorXP\CursorXP.exe" [" "]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"ISUSPM" = ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"Speech Recognition" = ""C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup" [MS]
"Orb" = ""C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background" ["Orb Networks"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"AdobeUpdater" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"" ["Sonic Solutions"]
"toolbar_eula_launcher" = "C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [null data]
"NeroFilterCheck" = "C:\Windows\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""C:\Program Files\Micro Application\Securite Internet 2007\avp.exe"" ["Micro Application"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader"
-> {HKLM...CLSID} = "Winamp Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector"
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\Program Files\Google\Google_BAE\BAE.dll" ["Packard Bell"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\scieplugin.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\ShellEx.dll" ["Micro Application"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\ShellEx.dll" ["Micro Application"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"LogonHoursAction" = (REG_DWORD) dword:0x00000002
{unrecognized setting}

"DontDisplayLogonHoursWarnings" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\gaetan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

RoxioSCAudioCDTask33\
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\Winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\Winamp.exe"" ["Nullsoft"]


Startup items in "gaetan" & "All Users" startup folders:
--------------------------------------------------------

C:\Users\gaetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"ppcbooster" -> shortcut to: "C:\Program Files\ppcbooster\ppcbooster.exe" ["BB Inc"]
0
Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"Extension de garantie" -> launches: "C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe" ["Packard Bell BV"]
"Recovery DVD Creator" -> launches: "C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe" ["Packard Bell BV"]
"User_Feed_Synchronization-{0A49DB88-7C7A-43BD-9A98-D3516BEAB586}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{0FDFB5FE-AC5A-42EB-A448-DB4F55847877}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\" [MS]
"{2757C239-C431-453B-A767-E874EBC7D103}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\gaetan\Warcraft 2 - The Tides of Darkness\SETUP.EXE" -d "C:\Users\gaetan\Warcraft 2 - The Tides of Darkness"" [MS]
"{2BC78422-C14F-4E99-AFE1-3F9879F9FF92}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\TheGladiators.exe -d H:\" [MS]
"{6166B418-A64F-4202-9724-045B6BD1F4E3}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\instmsiw.exe -d H:\" [MS]
"{6EB6A404-22BB-4E4C-B923-6A0CDAB47089}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Windows\system32\ImageDrive.cpl -c Nero ImageDrive" [MS]
"{76CE492B-2033-49C3-AED5-CFFA958FF078}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\gaetan\Downloads\INSTALL.EXE -d C:\Users\gaetan\Downloads" [MS]
"{81F4CBAB-B8B1-4F53-9BFE-FA21F19DBF46}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Ubisoft\GSC Game World\Alexandre\uninstall.exe"" [MS]
"{82D91A8E-E463-4BEA-959C-4CD362D82FC7}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\setup.exe -d H:\" [MS]
"{B305E9B9-D1C6-48BB-AB74-FC6F9911920C}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\gaetan\Downloads\Arcanes12h.exe -d C:\Users\gaetan\Downloads" [MS]
"{CCBF9A7C-97F7-4822-AF15-39ADB1F33BA8}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\autorun\Setup.exe -d H:\autorun" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ManualDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"MP Scheduled Signature Update" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe SignatureUpdate" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
-> {HKLM...CLSID} = "Dealio"
\InProcServer32\(Default) = "C:\Program Files\Dealio\kb127\Dealio.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {HKLM...CLSID} = "Barre d'outils MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll" [MS]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Micro Application\Securite Internet 2007\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Explorateur d'ordinateurs, Browser, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
Service*SSTP (Secure Socket Tunneling Protocol) (unwritable string), SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Sécurité Internet 2007, AVP, ""C:\Program Files\Micro Application\Securite Internet 2007\avp.exe" -r" ["Micro Application"]
Windows CardSpace, idsvc, ""C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"" [MS]
Windows Driver Foundation - Infrastructure de pilote mode-utilisateur, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}


Accessibility Tools:
--------------------

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\
"Configuration" = "magnifierpane"

HKCU\Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp\
"magnifierpane" = dword:0x00000000

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\
"Configuration" = "magnifierpane"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifierpane\
"Description" = "Screen Magnifier"
"StartExe" = "C:\Windows\System32\Magnify.exe" [MS]


---------- (launch time: 2008-10-25 12:51:40)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 83 seconds, including 8 seconds for message boxes)
0
désoler pour la lenteur de ma réponse mais voila le rapport

ComboFix 08-10-24.02 - gaetan 2008-10-26 21:25:52.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1275 [GMT 1:00]
Lancé depuis: C:\Users\gaetan\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.

2008-10-25 17:52 . 2008-10-25 17:52 2,995,773 -ra------ C:\Users\gaetan\ComboFix.exe
2008-10-25 11:51 . 2008-10-25 11:51 399,648 --a------ C:\Users\gaetan\Silent Runners.vbs
2008-10-22 20:58 . 2008-10-22 20:58 <REP> d-------- C:\Windows\Sun
2008-10-18 21:22 . 2008-10-20 19:05 <REP> d-------- C:\Program Files\Navilog1
2008-10-18 21:21 . 2008-10-18 21:22 571,687 --a------ C:\Users\gaetan\Navilog1.exe
2008-10-18 18:24 . 2008-06-19 16:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-18 18:23 . 2008-10-18 18:23 <REP> d-------- C:\Program Files\Panda Security
2008-10-17 16:35 . 2008-10-17 16:37 <REP> d-------- C:\ToolBar SD
2008-10-17 16:35 . 2008-10-17 16:35 364,558 --a------ C:\Users\gaetan\ToolBarSD.exe
2008-10-16 20:04 . 2008-10-16 20:04 812,344 --a------ C:\Users\gaetan\HJTInstall.exe
2008-10-16 15:42 . 2008-10-16 18:12 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-10-15 19:52 . 2008-10-15 19:53 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-10-15 19:48 . 2008-10-15 19:48 <REP> d-------- C:\Users\gaetan\GenProc
2008-10-15 19:48 . 2008-10-15 19:48 417,527 --a------ C:\Users\gaetan\GenProc.zip
2008-10-15 18:36 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 18:36 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 18:36 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 18:36 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 18:36 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 18:36 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Celestia
2008-10-14 19:39 . 2008-10-14 19:39 23,790,082 --a------ C:\Users\gaetan\celestia-win32-1.5.1.exe
2008-10-13 17:04 . 2008-10-13 17:05 <REP> d-------- C:\Program Files\Java
2008-10-13 17:04 . 2008-10-13 17:04 <REP> d-------- C:\Program Files\Common Files\Java
2008-10-11 13:43 . 2008-10-16 20:04 <REP> d-------- C:\Program Files\Trend Micro
2008-10-08 20:36 . 2007-10-28 21:56 838,515 --a------ C:\Windows\_detmp.1
2008-10-08 20:36 . 2000-04-14 10:11 86,016 --a------ C:\Windows\_detmp.2
2008-10-08 16:37 . 2008-10-08 16:37 <REP> d-------- C:\GAMES
2008-10-08 16:29 . 2008-10-08 16:29 <REP> d-------- C:\Program Files\ppcbooster
2008-10-08 14:09 . 2008-10-24 20:15 <REP> d-------- C:\Users\gaetan\jeu

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:27 49,693,984 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-10-26 20:16 --------- d-----w C:\Users\gaetan\AppData\Roaming\Skype
2008-10-26 20:12 --------- d-----w C:\Program Files\Warcraft III
2008-10-26 15:05 --------- d-----w C:\Users\gaetan\AppData\Roaming\skypePM
2008-10-26 11:54 --------- d-----w C:\ProgramData\Micro Application
2008-10-25 21:10 660,188 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-10-23 17:35 --------- d-----w C:\Users\gaetan\AppData\Roaming\LimeWire
2008-10-21 16:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-18 13:55 --------- d-----w C:\Program Files\Google
2008-10-17 16:50 --------- d-----w C:\Program Files\Metin2_France
2008-10-16 14:13 --------- d-----w C:\Program Files\Windows Mail
2008-10-13 18:21 --------- d-----w C:\Program Files\Microsoft Games
2008-10-11 10:43 --------- d-----w C:\ProgramData\OrbNetworks
2008-10-08 19:36 --------- d-----w C:\Program Files\Tetris 3000
2008-10-08 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 17:10 --------- d-----w C:\Program Files\Cossacks - The Art Of War
2008-09-22 19:43 --------- d-----w C:\Program Files\Free Audio Pack
2008-09-10 18:19 --------- d-----w C:\Program Files\Glest_3.1.2
2008-09-04 21:02 --------- d-----w C:\Users\gaetan\AppData\Roaming\GetRightToGo
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 17:30 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-07-30 17:30 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-07-29 11:22 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-07-29 11:22 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-07-29 11:22 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-07-25 12:00 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 20:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-05 20:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-05 20:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-03 14:29 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 14:29 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 14:29 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-16 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 C:\Windows\SkyTel.exe]

C:\Users\gaetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ppcbooster.lnk - C:\Program Files\ppcbooster\ppcbooster.exe [2008-10-08 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5339627-E33F-4F74-A621-6094E86725B3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{95095CE9-163A-4BDD-B427-20949BDAB151}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5E45B4AF-B939-4CA2-B07A-133AB80FB86B}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{394C6BA2-C96A-4BBD-9F60-4F515EEBA77F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{FD0C1E39-A528-493F-9760-4C4843F9E02A}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AE8F2CC7-E273-4232-B1BD-D354146370E4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{46085E9B-7974-4DC8-9794-D1CC8F4B7376}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{577A7DBF-45D8-4828-B37B-5FDFC66821AB}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{FFB85EA8-6B9E-4F43-A81F-1DA6E69C6593}C:\\program files\\jowood\\spellforce - diamond edition\\spellforce.exe"= UDP:C:\program files\jowood\spellforce - diamond edition\spellforce.exe:SpellForce
"UDP Query User{F274A370-0311-4948-9C00-87A5C244DFDC}C:\\program files\\jowood\\spellforce - diamond edition\\spellforce.exe"= TCP:C:\program files\jowood\spellforce - diamond edition\spellforce.exe:SpellForce
"TCP Query User{985E93B6-BA64-4D9B-ADD7-0CD1AC6DAF25}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{3644BD2E-7A11-4783-8710-CEFEB4116421}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{90806C1F-8895-440C-B227-08E0D48F0987}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{D446BD00-BBE9-478B-9619-4D452BDB9759}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{DEE7FC4B-D651-41CC-81D7-8F6C3D7205D9}"= UDP:C:\Sierra\Arcanum\Arcanum.exe:Arcanum
"{EC54DAB7-FEBA-4550-818E-5C2D411A2B29}"= TCP:C:\Sierra\Arcanum\Arcanum.exe:Arcanum
"{263CADE6-F851-450D-96C1-082AB8AA19BA}"= UDP:C:\Program Files\Cossacks - The Art Of War\dmcr.exe:Cossacks - The Art of War
"{4C4F4181-AB1A-499D-B561-41DE31A6B5A1}"= TCP:C:\Program Files\Cossacks - The Art Of War\dmcr.exe:Cossacks - The Art of War
"{00AE8FAA-9A09-4854-A5D1-EC24CA422CC7}"= UDP:C:\Program Files\Strategy First\Disciples Gold\Exe\Disciple.exe:Disciples - Sacred Lands
"{39617411-470F-48F4-A924-CFD9D565AA87}"= TCP:C:\Program Files\Strategy First\Disciples Gold\Exe\Disciple.exe:Disciples - Sacred Lands
"{003BCC81-5806-46CD-876C-B72CFCA1ADEA}"= UDP:C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:Heroes of Might and Magic V
"{F239920F-2B88-472B-A5D5-76CA9035B9CE}"= TCP:C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:Heroes of Might and Magic V
"{43A9E2F3-9C50-46F9-9BB9-8F79888FA03A}"= UDP:C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4f.exe:Heroes of Might and Magic IV
"{3BEAD466-553E-47FE-9EFF-363A0969C7E2}"= TCP:C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4f.exe:Heroes of Might and Magic IV
"{9536B881-DD0F-4B9E-B48F-0F1572E0A1B6}"= UDP:C:\Program Files\Warcraft III\Warcraft III.exe:Warcraft III
"{EBBA2F99-F856-45EE-A1F1-7142EBEFDDF0}"= TCP:C:\Program Files\Warcraft III\Warcraft III.exe:Warcraft III
"{EE17DB73-4A90-435A-8F2B-C3E107D41848}"= UDP:C:\Program Files\Eidos Interactive\Pyro Studios\Praetorians\Praetorians.exe:Praetorians
"{B1E9F990-D2E4-426B-963F-F61AAA926EFE}"= TCP:C:\Program Files\Eidos Interactive\Pyro Studios\Praetorians\Praetorians.exe:Praetorians
"{315A0922-576B-4C34-912E-172ADCC367EB}"= UDP:C:\Program Files\Port Royale\PortRoyale.exe:Port Royale
"{BD87D139-CC2D-42D2-83A5-9CFAFF9CF995}"= TCP:C:\Program Files\Port Royale\PortRoyale.exe:Port Royale
"TCP Query User{DC42F8CF-5A2F-4BFD-92A4-2D4B22296815}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{61AD9EF0-F75E-43BD-B095-D069C95428D5}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{A8D9876F-D393-40B8-A956-EB5B51AE5521}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8667E890-E0C1-4E1D-9947-56DBE1A838C1}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{035A7B05-D664-4341-B6B0-675BE266701A}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{C5AE43CF-0B11-4066-B4FC-89C971968756}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{F2817DE4-BAFD-4FF6-B909-D0E722A92A61}C:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= UDP:C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{F97870DA-D57B-40CF-88FF-CB7AD76BD659}C:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= TCP:C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{E951D5EF-F6E7-467A-8B44-F83509473BA6}C:\\program files\\warzone 2100\\warzone2100.exe"= UDP:C:\program files\warzone 2100\warzone2100.exe:Warzone 2100
"UDP Query User{50B8AE86-CC7D-4DD3-A5A8-681CAE5FA1F1}C:\\program files\\warzone 2100\\warzone2100.exe"= TCP:C:\program files\warzone 2100\warzone2100.exe:Warzone 2100
"TCP Query User{03229C4D-E7BE-4981-8383-9142626D2EA8}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"UDP Query User{986D858B-4E6B-4C2F-8680-B4DA7EDAF5F5}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"TCP Query User{6912C221-A7D0-4505-A14A-6D759795AF3F}C:\\bluebyte\\the settlers iv\\exe\\s4_main.exe"= UDP:C:\bluebyte\the settlers iv\exe\s4_main.exe:S4_Main
"UDP Query User{825DA880-72D0-47AC-95C1-D7D0C1CFBF84}C:\\bluebyte\\the settlers iv\\exe\\s4_main.exe"= TCP:C:\bluebyte\the settlers iv\exe\s4_main.exe:S4_Main
"TCP Query User{FA1AAFE1-D686-477F-8C7B-46DFC492ECE0}C:\\program files\\giants\\giants.exe"= UDP:C:\program files\giants\giants.exe:Giants
"UDP Query User{1AC13B7B-D5AF-4AA7-ABBA-741E73EE8CB6}C:\\program files\\giants\\giants.exe"= TCP:C:\program files\giants\giants.exe:Giants
"TCP Query User{8F180B30-77F4-402C-8F7F-0E7E0A772811}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{1F7CA572-467C-421D-A2FD-D474704478BA}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"{E6942491-2D7E-4373-BBFA-A038575FBDAE}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{10512A4C-5354-4DED-A488-3BF0D65A5986}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{20C65265-96D9-4A19-B34E-D406DCFA0F1A}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{220287E5-AA44-466B-9D32-F6F73593096C}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{47C66D78-D87D-49E1-B813-B60D6EAA0BFF}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C1165618-5246-4897-B163-00E18B76447C}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{1435300C-09D2-4658-91E4-5C164BD15F2C}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0C5C33D6-DB3E-4F78-9C38-20125F092EB0}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{41E719C3-4818-4293-84DB-9BABFF382CC4}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{E06D12E1-F75F-435E-8854-D808F4365EAA}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{9DDAF048-3287-46BD-9E53-FC85F7D8A4AC}C:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= UDP:C:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"UDP Query User{68A9DE2C-0F8B-4689-AD2F-7F274C73E3E3}C:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= TCP:C:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"TCP Query User{3B1844B2-F152-4446-B412-03398EB8967D}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{59A8433A-1785-4A27-AC17-2E2412E1110A}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{2395DCB8-6253-4551-AE0F-3A7006889658}C:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= UDP:C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem
"UDP Query User{5E134F99-A986-4A88-8786-3000C0ACEA78}C:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= TCP:C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:Worms 4 Mayhem
"TCP Query User{8CB693D6-A8CE-42F8-A038-535B36683717}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{38D6F906-C58F-4B64-852A-B99543CF097D}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"{24E3B5BF-E5AC-4430-AF66-BBA075F31D22}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{3D0A14F5-1760-40D6-A1F8-7F2ACEF42530}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"TCP Query User{09FA9CD2-64D4-4C5A-A412-DEF58DDBBF1F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{14D50DFC-4056-4E26-A43B-A2DDD65362DF}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{B4FE32BB-43C8-47AF-882A-1F7ED376DC33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D7EF8BA-406B-498B-BD76-3BF3F54ACD72}"= UDP:4377:H4_4377_TCP
"{661046D7-846A-41FF-BA4F-09EDF11AF06E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{257B1C6D-F537-4D7E-A96F-B67E1819594E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{147B8CF6-4754-4684-97BF-46487EEF0354}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F92AE674-A755-4E33-A8FD-29CEE08D927A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{4C3AFC98-E1C7-4DF0-BFB8-BD23B2768E5A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{75226A16-502B-4002-94A7-CE8299DD9CBF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2406255A-46C6-4AAB-9F3F-130E58A6CD4E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{73BFB7C6-41F5-4728-8D87-35AAC0C19B00}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{86F538DB-2279-43BB-902A-D118F9CBEC25}"= UDP:C:\Program Files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{39D35ABD-D3C7-4D5C-A042-F712804F4730}"= TCP:C:\Program Files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{1AA52F01-4CD9-40C2-9AD6-9488D13CBFCD}"= UDP:C:\Program Files\Metin2_France\metin2.exe:metin2
"{17C65EC1-655C-4B2E-B30A-93589BA3589D}"= TCP:C:\Program Files\Metin2_France\metin2.exe:metin2
"TCP Query User{65664738-28C3-4EAB-AB2C-B70E68588B70}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{E7E9A406-C4D7-41BF-8BF1-A15060AE257D}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{60C25528-AE63-48C6-A7C7-A81EF6A94630}"= UDP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"{F91A0A54-0084-4909-AAEE-3B825188DF24}"= TCP:C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:Teamspeak RC2
"TCP Query User{4E36F86F-76F9-4502-A889-CCFAC4228CC7}C:\\skype\\phone\\skype.exe"= UDP:C:\skype\phone\skype.exe:Skype
"TCP Query User{745DA644-BAAA-402E-A58F-CEC014CB3432}C:\\program files\\metin2_france\\metin2.bin"= UDP:C:\program files\metin2_france\metin2.bin:metin2.bin
"UDP Query User{96DAEB0E-5DF9-44F7-A455-6E1848380577}C:\\program files\\metin2_france\\metin2.bin"= TCP:C:\program files\metin2_france\metin2.bin:metin2.bin
"{8E6B8276-37C6-4733-A7B2-65B6E79D65CC}"= UDP:C:\Program Files\GUILD WARS\Gw.exe:GUILD WARS
"{0D9EA4F3-F864-4B74-B01D-C72FEFD2A06E}"= TCP:C:\Program Files\GUILD WARS\Gw.exe:GUILD WARS
"TCP Query User{D34672FF-FBB7-4438-9088-E0EF131F68B2}C:\\program files\\glest_3.1.2\\glest.exe"= UDP:C:\program files\glest_3.1.2\glest.exe:glest
"UDP Query User{1BAB26A5-A2BF-4484-A848-409CC772EEA2}C:\\program files\\glest_3.1.2\\glest.exe"= TCP:C:\program files\glest_3.1.2\glest.exe:glest
"TCP Query User{0048870A-F567-4043-A360-21E845C6953A}C:\\users\\gaetan\\c&c sdt\\game.exe"= UDP:C:\users\gaetan\c&c sdt\game.exe:game.exe
"UDP Query User{098608C5-B191-48B3-9F37-63A5F39ECAC7}C:\\users\\gaetan\\c&c sdt\\game.exe"= TCP:C:\users\gaetan\c&c sdt\game.exe:game.exe
"{8A5F95CE-0D1A-4C9A-A4E6-CFA204948D49}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 20760]
R1 SSHDRV52;SSHDRV52;C:\Windows\system32\drivers\SSHDRV52.sys [2007-10-02 29184]
R1 SSHDRV85;SSHDRV85;C:\Windows\system32\drivers\SSHDRV85.sys [2007-12-05 78848]
S3 ARCSOFTVIRTUALCAPTURE;Magic-i Virtual Driver;C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys [2006-12-07 17024]
S3 PAC207;Webcam 1200;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
.
Contenu du dossier 'Tâches planifiées'

2008-10-26 C:\Windows\Tasks\Extension de garantie.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2008-10-26 C:\Windows\Tasks\Recovery DVD Creator.job
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2008-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{0A49DB88-7C7A-43BD-9A98-D3516BEAB586}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\gaetan\AppData\Roaming\Mozilla\Firefox\Profiles\ngo1i7xo.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 21:30:02
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-26 21:31:32
ComboFix-quarantined-files.txt 2008-10-26 20:31:19

Avant-CF: 183 644 364 800 octets libres
Après-CF: 183,669,374,976 octets libres

262 --- E O F --- 2008-10-25 10:26:58
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Alor le verdicte ????
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
27 oct. 2008 à 13:26
Répond :

- depuis quand précisément tu as des pubs ?
- depuis quoi ?
- sous IE et aussi sous Firefox ?

Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document texte". Ouvre-le et copie-colle dedans ces lignes en italique :

netstat -abnov > netstat.txt
notepad netstat.txt
del netstat.txt


Dans le menu "fichier"/"enregistrer sous", sélectionne :
"Nom du fichier" : list.bat
"Type" : "tous les fichiers"
Clique ensuite sur "enregistrer".

double-clique dessus, le bloc-notes s'ouvre au bout de quelques instants. Copie et poste son contenu.
0
depui quan et depuis quoi je m'en c rien et je jutilise internet explorer
et voila le rapport


Connexions actives

Proto Adresse locale Adresse distante tat
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 944
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING 1924
[avp.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 0.0.0.0:29831 0.0.0.0:0 LISTENING 3828
[OrbTray.exe]
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 624
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1088
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1164
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 688
[lsass.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 672
[services.exe]
TCP 127.0.0.1:1110 127.0.0.1:50578 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:50580 TIME_WAIT 0
TCP 127.0.0.1:29831 127.0.0.1:49161 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:29831 127.0.0.1:49162 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:49161 127.0.0.1:29831 ESTABLISHED 3828
[OrbTray.exe]
TCP 127.0.0.1:49162 127.0.0.1:29831 ESTABLISHED 3828
[OrbTray.exe]
TCP 192.168.1.5:139 0.0.0.0:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP 192.168.1.5:49231 207.46.107.69:1863 ESTABLISHED 3796
[msnmsgr.exe]
TCP 192.168.1.5:50503 84.96.219.209:80 TIME_WAIT 0
TCP 192.168.1.5:50511 84.96.219.209:80 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 944
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP [::]:5357 [::]:0 LISTENING 4

Impossible d'obtenir les informations de propri‚taire
TCP [::]:49152 [::]:0 LISTENING 624
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING 1088
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING 1164
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING 688
[lsass.exe]
TCP [::]:49156 [::]:0 LISTENING 672
[services.exe]
UDP 0.0.0.0:123 *:* 1328
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:* 1164
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1328
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1328
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:* 1164
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:* 1520
Dnscache
[svchost.exe]
UDP 0.0.0.0:63543 *:* 1328
FDResPub
[svchost.exe]
UDP 127.0.0.1:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:50604 *:* 3820
[iexplore.exe]
UDP 127.0.0.1:57436 *:* 3796
[msnmsgr.exe]
UDP 127.0.0.1:59611 *:* 3796
[msnmsgr.exe]
UDP 127.0.0.1:59856 *:* 3860
[ppcbooster.exe]
UDP 127.0.0.1:60156 *:* 1328
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:60187 *:* 1164
ShellHWDetection
[svchost.exe]
UDP 127.0.0.1:62052 *:* 1120
[winamp.exe]
UDP 127.0.0.1:62551 *:* 3808
[ISUSPM.exe]
UDP 192.168.1.5:9 *:* 3796
[msnmsgr.exe]
UDP 192.168.1.5:137 *:* 4

Impossible d'obtenir les informations de propri‚taire
UDP 192.168.1.5:138 *:* 4

Impossible d'obtenir les informations de propri‚taire
UDP 192.168.1.5:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP 192.168.1.5:12655 *:* 3796
[msnmsgr.exe]
UDP 192.168.1.5:60155 *:* 1328
SSDPSRV
[svchost.exe]
UDP [::]:123 *:* 1328
W32Time
[svchost.exe]
UDP [::]:500 *:* 1164
IKEEXT
[svchost.exe]
UDP [::]:3702 *:* 1328
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 1328
FDResPub
[svchost.exe]
UDP [::]:5355 *:* 1520
Dnscache
[svchost.exe]
UDP [::]:63544 *:* 1328
FDResPub
[svchost.exe]
UDP [::1]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [::1]:60153 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::28e7:981:ab9d:a7c4%9]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::28e7:981:ab9d:a7c4%9]:60154 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::d001:fef2:1a13:45b0%8]:1900 *:* 1328
SSDPSRV
[svchost.exe]
UDP [fe80::d001:fef2:1a13:45b0%8]:60152 *:* 1328
SSDPSRV
[svchost.exe]
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
29 oct. 2008 à 07:24
Et que te donne ce fichier sur VirusTotal C:\Program Files\ppcbooster\ppcbooster.exe ?

ne me demande pas comment on fait, tu as déjà effectué cette procédure
0
Quoi ?!?!?!?! heuu . . . dsl mais je comprens pas la.
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
29 oct. 2008 à 15:12
Vas sur ce site https://www.virustotal.com/gui/
Colle dans la case à gauche de "parcourir" :
C:\Program Files\ppcbooster\ppcbooster.exe
en cours de chargement ...mis en file d'attenteen attenteen cours d'analyse clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.
0
Bonjour , g exactement la meme chose que gaetan le meme site mais g pas sur mon pc les fichier que tu a dit merci de répondre sa devient saoulant ;) .
0
Bon voila le rapport

AhnLab-V3 2008.10.28.3 2008.10.29 -
AntiVir 7.9.0.10 2008.10.29 HEUR/Malware
Authentium 5.1.0.4 2008.10.29 -
Avast 4.8.1248.0 2008.10.28 -
AVG 8.0.0.161 2008.10.29 -
BitDefender 7.2 2008.10.29 -
CAT-QuickHeal 9.50 2008.10.29 -
ClamAV 0.93.1 2008.10.29 -
DrWeb 4.44.0.09170 2008.10.29 -
eSafe 7.0.17.0 2008.10.29 -
eTrust-Vet 31.6.6179 2008.10.29 -
Ewido 4.0 2008.10.29 -
F-Prot 4.4.4.56 2008.10.29 -
F-Secure 8.0.14332.0 2008.10.29 -
Fortinet 3.117.0.0 2008.10.28 -
GData 19 2008.10.29 -
Ikarus T3.1.1.44.0 2008.10.29 -
K7AntiVirus 7.10.511 2008.10.29 -
Kaspersky 7.0.0.125 2008.10.29 -
McAfee 5417 2008.10.28 -
Microsoft 1.4005 2008.10.29 -
NOD32 3566 2008.10.29 -
Norman 5.80.02 2008.10.29 -
Panda 9.0.0.4 2008.10.29 -
PCTools 4.4.2.0 2008.10.29 -
Prevx1 V2 2008.10.29 -
Rising 21.01.22.00 2008.10.29 -
SecureWeb-Gateway 6.7.6 2008.10.29 Heuristic.Malware
Sophos 4.35.0 2008.10.29 -
Sunbelt 3.1.1762.1 2008.10.28 -
Symantec 10 2008.10.29 -
TheHacker 6.3.1.1.133 2008.10.28 -
TrendMicro 8.700.0.1004 2008.10.29 -
VBA32 3.12.8.8 2008.10.28 -
ViRobot 2008.10.29.1443 2008.10.29 -
VirusBuster 4.5.11.0 2008.10.28 -
Information additionnelle
File size: 20480 bytes
MD5...: 99014a34b2a8b46c190c7cb943ad8dcd
SHA1..: 43144f2331bc11d9df4ee03cbaaacd93aff84c56
SHA256: 75b6c501fc80bd6f4e98512e7cd2ca5b74640da0cf40e8f6666a8a751da1d6a5
SHA512: 1c66ebe1cb30e17a1ab3daddee33b3e96b723a437dc430a552e7abf1ae26c778
06ede0536fb23650c2e6e41a295ffa8b1549fea4b3992a2c2b296a4e4864948b
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401330
timedatestamp.....: 0x48ecc4fb (Wed Oct 08 14:34:35 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1fb8 0x2000 5.32 891c5893d47255e4d10570e588c7953a
.data 0x3000 0xa14 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x4000 0x8e0 0x1000 1.90 32736490cb941d7c86f1d2c33e0dd0c4

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
29 oct. 2008 à 18:03
Ce n'est pas très convaincant mais on peut toujours essayer : lance HijackThis en cliquant sur "do a system scan only" et coche ces lignes (uniquement ces lignes) si tu les trouves encore :

O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe

- Ferme toutes les fenêtres, applications, messagerie... et clique sur "fix checked". Valide, puis quitte HijackThis.

ensuite redémarre ton ordinateur et regarde si tu as tjs des pubs
0
c bon sa marche !! merci !!
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
4 nov. 2008 à 19:11
c'est donc cette saloperie de ppcbooster qui envoyait des pubs depuis le début ?

ça a l'air d'être le cas, ne te prive surtout pas de supprimer le répertoire C:\Program Files\ppcbooster
0
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
16 oct. 2008 à 07:13
comme indiqué https://www.eset.com/
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
16 oct. 2008 à 20:43
il me faut beaucoup de temps pour traduire ton dialecte SMS, pardonne-moi

et sinon le problème, c'est réglé ?
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
16 oct. 2008 à 21:30
si tu doubles cliques sur ce fichier Uninstall.bat, tu n'obtiens pas un fichier Uninstall.txt ensuite ?
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 oct. 2008 à 13:58
Désinstalle ces programmes

"Dealio Toolbar 3.4"
"Search Settings 1.2"
"SweetIM for Messenger 2.5"
"SweetIM Toolbar for Internet Explorer 3.1"

puis redémarre l'ordi et dis-moi ce que ça donne. Si encore pubs, précise les url
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 oct. 2008 à 16:23
Et le reste ?
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 oct. 2008 à 18:39
Fais un scan nanoscan/totalscan et fais voir le rapport, il est pas trop mal pour détecter les adwares, je suppose que c'est quelque chose dans le style qui doit lancer ces fenêtres.
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 oct. 2008 à 19:19
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 oct. 2008 à 22:20
bon, voilà les méchants :

02555179 Adware/NaviPromo Adware No 1 Yes No C:\Users\gaetan\AppData\Local\fyrevoyrkv.exe
02555179 Adware/NaviPromo Adware No 1 Yes No C:\Users\gaetan\AppData\Local\qcurch.exe


n'essaye pas de les supprimer manuellement. Utilise Navilog1 pour t'en débarrasser http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm

1. Option 1
2. Option 2

Et vérifie qu'il supprime bien ces deux fichiers, si tu veux tu peux poster le rapport final.
-1
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
19 oct. 2008 à 20:06
si tu regardes bien le rapport navilog1, il ne semble pas avoir trouvé fyrevoyrkv.exe

on va voir ce que dit panda
-1