Trojan win32.agent.ctfk

Résolu
jolie63 Messages postés 36 Statut Membre -  
jolie63 Messages postés 36 Statut Membre -
Bonjour,
Je suis sous vista, j'ai un antivirus orange, il me trouve un trojan win32.agent.ctfk et je n'arrive pas le supprimer. J'ai avast aussi comme antivirus est il me trouve aucun trojan . Je ne sais plus quoi penser. Comment voir réellement si j'ai un trojan sur mon ordinateur. Merci d'avance pour toute aide..
Configuration: Windows Vista
Firefox 3.5.2

58 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème porte sur un Windows Vista où l’antivirus Orange signale un cheval de Troie Win32.Agent.Ctfk alors que Avast ne le détecte pas, et l’utilisateur cherche comment vérifier la présence réelle d’un cheval de Troie.
Plusieurs réponses évoquent l’utilisation de outils de désinfection complémentaires comme HijackThis et ComboFix, ainsi que la vérification par Avira ou Avast, afin d’identifier les éléments indésirables et les entrées au démarrage.
Des logs détaillés et des résultats de scans, notamment des valeurs listées par HijackThis et les fichiers SysCheck2.dll et SysChkVC.dll, suggèrent que certains composants signalés peuvent être innocents ou liés à des programmes légitimes.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    télécharge GenProc de Lazzzy et Narco4 sur ton Bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dé zippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    0
  2. jolie63 Messages postés 36 Statut Membre
     
    merci je vais essayer et je te tiens au courant
    0
  3. jolie63 Messages postés 36 Statut Membre
     
    j'ai essayé de télécharger dans la première étape mais il me demande plein d'option comme recherche, supprimer... je ne sais pas quel option choisir, sinon comment faites vous pour le mettre sur le bureau sans faire se qu'il demande merci
    0
  4. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    un tutoriel pour t'en servir correctement
    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jolie63 Messages postés 36 Statut Membre
     
    voilà mes rapports, je suis novice en informatique j'avais peur de faire des bétises, mais j'ai réussi :

    Rapport GenProc 2.615 [8] - 24/08/2009 à 9:31:48
    @ Windows Vista Service Pack 2 - Mode normal
    @ Mozilla Firefox (3.5.2) [Navigateur par défaut]

    GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

    Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
    - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
    C:\Program Files\EsetOnlineScanner\log.txt

    ~~~~ INFORMATION COMPLEMENTAIRE ~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:33:50, on 24/08/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Winsudate\gibsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
    C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\WINDOWS\VM30xSnap.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\orange\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Genproc\outil\jean-francois_GenProc.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~2.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S6306.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Notification de cadeaux MSN.lnk = jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E6.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: traduire la page - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E4.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E5.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c95c449a87d1c7) (gupdate1c95c449a87d1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
    0
  7. jolie63 Messages postés 36 Statut Membre
     
    le rapport cleannavi

    Fix Navipromo version 4.0.1 commencé le 24/08/2009 8:30:54,58

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : jean-francois ( Administrator )
    BOOT : Fail-safe boot

    C:\ (Local Disk) - NTFS - Total:224 Go (Free:186 Go)
    D:\ (Local Disk) - NTFS - Total:8 Go (Free:4 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    Recherche executée en mode sans échec

    Nettoyage executé en mode sans échec

    C:\Program Files\Games-Attack supprimé !
    C:\Program Files\MessengerSkinner supprimé !
    c:\progra~2\micros~1\windows\startm~1\programs\Games-Attack supprimé !
    c:\progra~2\micros~1\windows\startm~1\programs\MessengerSkinner supprimé !
    C:\ProgramData\Games-Attack supprimé !
    C:\Users\jean-francois\AppData\Roaming\Games-Attack supprimé !
    C:\Users\jean-francois\AppData\Roaming\MessengerSkinner supprimé !
    C:\Users\jean-francois\AppData\Local\bmhuocci.exe supprimé !
    C:\Users\jean-francois\AppData\Local\bmhuocci.dat supprimé !
    C:\Users\jean-francois\AppData\Local\bmhuocci_nav.dat supprimé !
    C:\Users\jean-francois\AppData\Local\bmhuocci_navps.dat supprimé !
    C:\Users\jean-francois\AppData\Local\cgogumi.dat supprimé !
    C:\Users\jean-francois\AppData\Local\cgogumi_nav.dat supprimé !
    C:\Users\jean-francois\AppData\Local\cgogumi_navps.dat supprimé !

    Nettoyage contenu C:\Windows\Temp effectué !
    Nettoyage contenu C:\Users\JEAN-F~1\AppData\Local\Temp effectué !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !

    *** Scan terminé 24/08/2009 8:32:57,22 ***
    0
  8. jolie63 Messages postés 36 Statut Membre
     
    le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:53:19, on 24/08/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\WINDOWS\VM30xSnap.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\orange\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\jean-francois\Downloads\HiJackThis(4).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~2.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S6306.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Notification de cadeaux MSN.lnk = jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E6.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: traduire la page - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E4.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\JEAN-F~1\AppData\Local\Temp\cceD1E5.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c95c449a87d1c7) (gupdate1c95c449a87d1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
    0
  9. jolie63 Messages postés 36 Statut Membre
     
    le rapport lopr

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : jean-francois ( Administrator )
    BOOT : Fail-safe boot
    C:\ (Local Disk) - NTFS - Total:224 Go (Free:185 Go)
    D:\ (Local Disk) - NTFS - Total:8 Go (Free:4 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 24/08/2009| 8:38 )

    [ UAC => 1 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\Users\JEAN-F~1\AppData\Roaming\MICROS~1\Windows\Cookies\jean-francois@2xmoinscher[2].txt
    Supprime! - C:\Users\JEAN-F~1\AppData\Roaming\MICROS~1\Windows\Cookies\jean-francois@cc.2xmoinscher[1].txt
    Supprime! - C:\Program Files\Circle Developement
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans Local

    [29/04/2009|17:32] C:\Users\JEAN-F~1\AppData\Local\Adobe
    [26/09/2008|21:01] C:\Users\JEAN-F~1\AppData\Local\Application Data
    [07/10/2008|15:56] C:\Users\JEAN-F~1\AppData\Local\Babylon
    [29/12/2008|10:02] C:\Users\JEAN-F~1\AppData\Local\Conduit
    [09/03/2009|15:59] C:\Users\JEAN-F~1\AppData\Local\d3d9caps.dat
    [18/08/2009|12:36] C:\Users\JEAN-F~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [05/03/2009|16:45] C:\Users\JEAN-F~1\AppData\Local\desktop.ini
    [20/04/2009|13:42] C:\Users\JEAN-F~1\AppData\Local\Game Mill Files
    [09/08/2009|18:24] C:\Users\JEAN-F~1\AppData\Local\GDIPFONTCACHEV1.DAT
    [05/06/2008|18:18] C:\Users\JEAN-F~1\AppData\Local\gnc.exe
    [29/04/2009|13:24] C:\Users\JEAN-F~1\AppData\Local\Google
    [26/09/2008|21:01] C:\Users\JEAN-F~1\AppData\Local\Historique
    [24/08/2009|08:25] C:\Users\JEAN-F~1\AppData\Local\IconCache.db
    [24/11/2008|20:33] C:\Users\JEAN-F~1\AppData\Local\IM
    [24/08/2009|07:41] C:\Users\JEAN-F~1\AppData\Local\isaso.bat
    [24/06/2009|14:54] C:\Users\JEAN-F~1\AppData\Local\JollyBear
    [24/11/2008|20:44] C:\Users\JEAN-F~1\AppData\Local\Magentic
    [24/08/2009|08:32] C:\Users\JEAN-F~1\AppData\Local\Microsoft
    [17/11/2008|12:21] C:\Users\JEAN-F~1\AppData\Local\Microsoft Games
    [28/10/2008|12:29] C:\Users\JEAN-F~1\AppData\Local\Microsoft Help
    [20/08/2009|11:13] C:\Users\JEAN-F~1\AppData\Local\MigWiz
    [26/04/2009|14:28] C:\Users\JEAN-F~1\AppData\Local\Mozilla
    [29/12/2008|10:02] C:\Users\JEAN-F~1\AppData\Local\myBabylon_English
    [20/04/2009|14:59] C:\Users\JEAN-F~1\AppData\Local\Nick Chase A Detective Story
    [30/03/2009|13:53] C:\Users\JEAN-F~1\AppData\Local\Oberon Games
    [01/10/2008|13:47] C:\Users\JEAN-F~1\AppData\Local\Orange
    [09/05/2009|08:26] C:\Users\JEAN-F~1\AppData\Local\Ph03nixNewMedia
    [26/09/2008|21:03] C:\Users\JEAN-F~1\AppData\Local\Roxio
    [24/12/2008|19:06] C:\Users\JEAN-F~1\AppData\Local\rx_audio.Cache
    [24/12/2008|19:06] C:\Users\JEAN-F~1\AppData\Local\rx_image.Cache
    [28/01/2009|09:53] C:\Users\JEAN-F~1\AppData\Local\ScreeNet iSaver
    [11/08/2009|14:14] C:\Users\JEAN-F~1\AppData\Local\sowhat
    [26/03/2009|17:18] C:\Users\JEAN-F~1\AppData\Local\STARGAZE_IMAGE_CACHE
    [24/08/2009|08:38] C:\Users\JEAN-F~1\AppData\Local\Temp
    [26/09/2008|21:01] C:\Users\JEAN-F~1\AppData\Local\Temporary Internet Files
    [20/12/2008|21:31] C:\Users\JEAN-F~1\AppData\Local\TimeParadox
    [08/03/2009|10:08] C:\Users\JEAN-F~1\AppData\Local\vembldk.bat
    [26/09/2008|22:08] C:\Users\JEAN-F~1\AppData\Local\VirtualStore
    [05/03/2009|16:40] C:\Users\JEAN-F~1\AppData\Local\Windows Live Writer
    [11/08/2009|14:39] C:\Users\JEAN-F~1\AppData\Local\Yummy
    [18/08/2009|15:14] C:\Users\JEAN-F~1\AppData\Local\Zylom Games

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [23/08/2009 14:32][--a------] C:\Windows\tasks\08-19-2009_143219.job
    [24/08/2009 07:55][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [24/08/2009 07:40][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [24/08/2009 07:42][--a------] C:\Windows\tasks\Google Software Updater.job
    [24/08/2009 08:25][--ah-----] C:\Windows\tasks\SA.DAT
    [24/08/2009 08:25][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [29/04/2009|13:24] C:\ProgramData\Adobe
    [12/08/2009|14:33] C:\ProgramData\AdventureChronicles1
    [26/03/2009|17:18] C:\ProgramData\Alawar Stargaze
    [26/09/2008|20:56] C:\ProgramData\Application Data
    [23/08/2009|18:32] C:\ProgramData\Avira
    [07/10/2008|15:57] C:\ProgramData\Babylon
    [05/08/2009|15:31] C:\ProgramData\BigFishSavedGames
    [11/05/2009|14:43] C:\ProgramData\BigFishv1005fr
    [05/05/2009|15:32] C:\ProgramData\blg
    [11/11/2008|20:13] C:\ProgramData\BOONTY
    [26/09/2008|20:56] C:\ProgramData\Bureau
    [03/08/2009|15:52] C:\ProgramData\Dekovir
    [26/09/2008|20:56] C:\ProgramData\Documents
    [17/10/2008|11:52] C:\ProgramData\Downloaded Installations
    [24/04/2009|16:37] C:\ProgramData\Dr Maboulÿ- Une op‚ration de malade ÿ!
    [04/08/2009|10:55] C:\ProgramData\DragToDiscUserNameE.txt
    [30/09/2008|07:48] C:\ProgramData\EPSON
    [23/12/2008|15:55] C:\ProgramData\EscapeTheMuseum
    [10/08/2009|14:41] C:\ProgramData\Far Mills
    [22/12/2008|14:00] C:\ProgramData\FarmFrenzy2
    [26/09/2008|20:56] C:\ProgramData\Favoris
    [21/08/2009|20:58] C:\ProgramData\Fighters
    [01/02/2009|12:33] C:\ProgramData\Flood Light Games
    [04/05/2009|14:23] C:\ProgramData\FloodLightGames
    [21/12/2008|15:55] C:\ProgramData\FlyWheelGames
    [23/08/2009|14:05] C:\ProgramData\F-Secure
    [23/08/2009|14:04] C:\ProgramData\fssg
    [29/04/2009|14:47] C:\ProgramData\Fugazo
    [14/08/2009|14:24] C:\ProgramData\GameXzone
    [18/08/2009|15:43] C:\ProgramData\GoBit Games
    [02/07/2009|12:01] C:\ProgramData\Gogii
    [29/04/2009|13:23] C:\ProgramData\Google
    [23/08/2009|18:10] C:\ProgramData\Google Updater
    [24/11/2008|20:31] C:\ProgramData\IM
    [24/11/2008|20:30] C:\ProgramData\IncrediMail
    [26/09/2008|20:31] C:\ProgramData\InstallShield
    [24/06/2009|14:54] C:\ProgramData\JollyBear
    [18/05/2009|13:01] C:\ProgramData\ma-config.com
    [26/09/2008|20:56] C:\ProgramData\Menu D‚marrer
    [29/05/2009|11:28] C:\ProgramData\Meridian93
    [27/03/2009|20:41] C:\ProgramData\Messenger Plus!
    [19/02/2009|12:37] C:\ProgramData\Microsoft
    [13/08/2009|11:05] C:\ProgramData\Microsoft Help
    [09/03/2009|16:00] C:\ProgramData\MissTeriTale2
    [26/09/2008|20:56] C:\ProgramData\ModŠles
    [11/08/2009|15:19] C:\ProgramData\MysteryChronicles
    [31/07/2009|13:00] C:\ProgramData\MythPeople
    [31/03/2009|13:28] C:\ProgramData\NeptunesAdve
    [26/07/2009|08:21] C:\ProgramData\NortonInstaller
    [29/04/2009|13:21] C:\ProgramData\NOS
    [19/06/2009|12:06] C:\ProgramData\NVIDIA
    [30/09/2008|16:28] C:\ProgramData\Oberon
    [09/06/2009|12:37] C:\ProgramData\PC Tools
    [01/04/2009|12:56] C:\ProgramData\PICTUREKA LA CHASSE AUX IMAGES
    [07/11/2008|22:23] C:\ProgramData\pixelStorm
    [11/08/2009|14:38] C:\ProgramData\Player Metaboli
    [05/08/2009|14:44] C:\ProgramData\PlayFirst
    [30/03/2009|14:17] C:\ProgramData\PlayPond
    [11/11/2008|19:27] C:\ProgramData\PopCap Games
    [07/05/2009|16:19] C:\ProgramData\Redrum
    [04/08/2009|11:13] C:\ProgramData\Roxio
    [27/06/2009|10:19] C:\ProgramData\Sandlot Games
    [26/09/2008|20:30] C:\ProgramData\Sonic
    [04/05/2009|13:12] C:\ProgramData\SpecialBit
    [02/04/2009|12:54] C:\ProgramData\SpecialBit Games
    [28/04/2009|15:27] C:\ProgramData\SpinTop Games
    [11/08/2009|14:55] C:\ProgramData\Symantec
    [19/05/2009|14:12] C:\ProgramData\Tages
    [24/08/2009|08:28] C:\ProgramData\TEMP
    [14/08/2009|13:20] C:\ProgramData\UClick
    [30/09/2008|07:43] C:\ProgramData\UDL
    [18/08/2009|14:12] C:\ProgramData\WildWestQuest2
    [27/11/2008|17:34] C:\ProgramData\WLInstaller
    [08/10/2008|18:15] C:\ProgramData\Zylom

    --------------------\\ Listing des dossiers dans C:\Program Files

    [26/09/2008|21:15] C:\Program Files\ABBYY FineReader 6.0 Sprint
    [29/04/2009|13:23] C:\Program Files\Adobe
    [16/06/2009|15:25] C:\Program Files\AGEIA Technologies
    [27/09/2008|10:55] C:\Program Files\Alwil Software
    [23/08/2009|18:32] C:\Program Files\Avira
    [07/10/2008|15:57] C:\Program Files\Babylon
    [28/05/2009|14:02] C:\Program Files\bfgclient
    [20/08/2009|12:44] C:\Program Files\BoontyGames
    [07/12/2008|19:34] C:\Program Files\CCleaner
    [31/03/2009|17:45] C:\Program Files\CDBurnerXP
    [12/08/2009|10:15] C:\Program Files\Common Files
    [07/10/2008|15:55] C:\Program Files\Conduit
    [23/10/2008|10:31] C:\Program Files\denouvel
    [27/09/2008|09:43] C:\Program Files\Digital Video
    [27/09/2008|09:15] C:\Program Files\directx
    [11/11/2008|14:28] C:\Program Files\El Juky
    [11/08/2009|14:53] C:\Program Files\eMule
    [30/09/2008|07:42] C:\Program Files\epson
    [26/09/2008|20:56] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [23/08/2009|13:36] C:\Program Files\Fighters
    [29/04/2009|13:24] C:\Program Files\Google
    [23/06/2009|13:43] C:\Program Files\Gourmania
    [03/11/2008|11:04] C:\Program Files\Hip Interactive
    [31/03/2009|14:45] C:\Program Files\Incredijeux
    [16/06/2009|16:09] C:\Program Files\InstallShield Installation Information
    [29/07/2009|13:45] C:\Program Files\Internet Explorer
    [05/08/2009|12:33] C:\Program Files\Java
    [09/05/2009|08:26] C:\Program Files\La Malediction du Pharaon - Le Secret de Napoleon
    [27/04/2009|13:29] C:\Program Files\Les Chasseurs de Tresor - Reves d'Or
    [04/06/2009|13:04] C:\Program Files\Les Chasseurs de Tresor II - Les Toiles Enchantees
    [13/08/2009|13:46] C:\Program Files\Les Secrets de la Famille Flux - L'effet vague
    [11/08/2009|14:57] C:\Program Files\Lost in the City
    [05/05/2009|15:31] C:\Program Files\Lost Realms - L'Heritage de la Princesse du Soleil
    [11/11/2008|14:31] C:\Program Files\LudoSoft
    [31/03/2009|14:44] C:\Program Files\M6 Jeux
    [18/05/2009|13:01] C:\Program Files\ma-config.com
    [10/06/2009|18:34] C:\Program Files\Messenger Plus! Live
    [29/07/2009|15:58] C:\Program Files\Micro Application
    [08/01/2009|15:13] C:\Program Files\Microsoft
    [02/11/2006|14:35] C:\Program Files\Microsoft Games
    [08/08/2009|14:16] C:\Program Files\Microsoft IntelliPoint
    [17/10/2008|10:03] C:\Program Files\Microsoft Office
    [08/01/2009|15:13] C:\Program Files\Microsoft Office Outlook Connector
    [04/08/2009|10:20] C:\Program Files\Microsoft Silverlight
    [12/10/2008|18:06] C:\Program Files\Microsoft SQL Server Compact Edition
    [08/01/2009|17:36] C:\Program Files\Microsoft Sync Framework
    [17/10/2008|10:03] C:\Program Files\Microsoft Visual Studio
    [17/10/2008|10:01] C:\Program Files\Microsoft Visual Studio 8
    [01/05/2009|09:21] C:\Program Files\Microsoft Works
    [17/10/2008|10:02] C:\Program Files\Microsoft.NET
    [19/06/2009|11:56] C:\Program Files\Movie Maker
    [23/08/2009|19:12] C:\Program Files\Mozilla Firefox
    [17/10/2008|10:03] C:\Program Files\MSBuild
    [26/09/2008|22:17] C:\Program Files\MSXML 4.0
    [06/08/2009|21:00] C:\Program Files\Multiplication
    [07/10/2008|15:55] C:\Program Files\myBabylon_English
    [28/05/2009|14:09] C:\Program Files\Mystery Case Files - Prime Suspects
    [07/04/2009|13:40] C:\Program Files\Mystery PI - The New York Fortune
    [24/08/2009|08:33] C:\Program Files\Navilog1
    [26/07/2009|08:21] C:\Program Files\NortonInstaller
    [29/04/2009|13:20] C:\Program Files\NOS
    [15/05/2009|10:02] C:\Program Files\Nostradamus - La Derniere Prophetie
    [20/08/2009|12:59] C:\Program Files\Oberon Media
    [12/12/2008|09:30] C:\Program Files\orange
    [30/04/2009|17:12] C:\Program Files\Orange Toolbar FR
    [26/09/2008|21:39] C:\Program Files\OrangeHSS
    [09/06/2009|17:35] C:\Program Files\Pixia 4.3a FR
    [11/08/2009|14:54] C:\Program Files\Player Metaboli
    [20/08/2009|12:46] C:\Program Files\Pogo FR
    [11/08/2009|14:54] C:\Program Files\Postcard Maker
    [19/08/2009|12:27] C:\Program Files\QUAD Utilities
    [26/09/2008|20:43] C:\Program Files\Realtek
    [02/11/2006|14:35] C:\Program Files\Reference Assemblies
    [18/08/2009|15:42] C:\Program Files\ReflexiveArcade
    [21/08/2009|19:26] C:\Program Files\Registry Mechanic
    [31/03/2009|18:21] C:\Program Files\Rocket Division Software
    [05/03/2009|16:45] C:\Program Files\Roxio
    [26/09/2008|21:33] C:\Program Files\Securitoo
    [25/10/2007|13:15] C:\Program Files\SoftThinks
    [21/08/2009|12:46] C:\Program Files\Spyware Doctor
    [18/06/2009|13:05] C:\Program Files\Syberia
    [12/06/2009|13:33] C:\Program Files\Syberia II
    [18/05/2009|15:46] C:\Program Files\ubi.com
    [02/11/2006|14:58] C:\Program Files\Uninstall Information
    [19/06/2009|11:56] C:\Program Files\Windows Calendar
    [19/06/2009|11:56] C:\Program Files\Windows Collaboration
    [19/06/2009|11:56] C:\Program Files\Windows Defender
    [19/02/2009|12:37] C:\Program Files\Windows Live
    [08/01/2009|15:09] C:\Program Files\Windows Live SkyDrive
    [08/01/2009|15:12] C:\Program Files\Windows Live Toolbar
    [13/08/2009|11:04] C:\Program Files\Windows Mail
    [13/08/2009|11:11] C:\Program Files\Windows Media Player
    [26/09/2008|20:56] C:\Program Files\Windows NT
    [19/06/2009|11:56] C:\Program Files\Windows Photo Gallery
    [19/06/2009|11:56] C:\Program Files\Windows Sidebar
    [25/10/2007|13:09] C:\Program Files\Winqual Tools
    [17/10/2008|09:46] C:\Program Files\WinRAR
    [23/08/2009|19:11] C:\Program Files\Winsudate
    [23/08/2009|14:03] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [29/04/2009|13:23] C:\Program Files\Common Files\Adobe
    [11/11/2008|19:26] C:\Program Files\Common Files\BOONTY Shared
    [17/10/2008|10:03] C:\Program Files\Common Files\DESIGNER
    [26/09/2008|21:32] C:\Program Files\Common Files\France Telecom
    [27/09/2008|09:44] C:\Program Files\Common Files\InstallShield
    [07/10/2008|16:33] C:\Program Files\Common Files\Java
    [01/05/2009|09:22] C:\Program Files\Common Files\microsoft shared
    [30/09/2008|16:26] C:\Program Files\Common Files\Oberon Media
    [09/06/2009|12:38] C:\Program Files\Common Files\PC Tools
    [18/05/2009|15:46] C:\Program Files\Common Files\PocketSoft
    [26/09/2008|20:31] C:\Program Files\Common Files\PX Storage Engine
    [26/09/2008|20:30] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [27/09/2008|10:27] C:\Program Files\Common Files\Softwin
    [26/09/2008|20:30] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [26/09/2008|20:30] C:\Program Files\Common Files\SureThing Shared
    [19/06/2009|11:56] C:\Program Files\Common Files\System
    [08/01/2009|15:03] C:\Program Files\Common Files\Windows Live
    [12/10/2008|18:05] C:\Program Files\Common Files\WindowsLiveInstaller
    [19/05/2009|14:37] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 23 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-24 08:01:47
    Windows 5.1.2600 Service Pack 2 NTFS
    detected NTDLL code modification:
    ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
    scanning hidden processes ...
    scanning hidden files ...
    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-24 08:38:12
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 195

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\JEAN-F~1\AppData\Local\VirtualStore\Program Files\Agatha Christie - Death on the Nile\gameres\images\bonus_rosary\bead_crack.png
    C:\PROGRA~2\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav
    C:\PROGRA~2\SpecialBit\Haunted Hotel 2\cached\sounds\nearBoiler\WOOD CRACKING 1.wav

    [F:146][D:1]-> C:\Users\JEAN-F~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:494][D:7]-> C:\Users\JEAN-F~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:7][D:3]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 24/08/2009| 8:39 - Option : [2]

    --------------------\\ Fin du rapport a 8:39:19
    [ UAC => 1 ]
    0
  10. jolie63 Messages postés 36 Statut Membre
     
    le rapport tb

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : jean-francois ( Administrator )
    BOOT : Fail-safe boot
    C:\ (Local Disk) - NTFS - Total:224 Go (Free:185 Go)
    D:\ (Local Disk) - NTFS - Total:8 Go (Free:4 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 24/08/2009| 8:35 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\ProgramData\GamesBar\4_elements16x16.gif
    Supprime! - C:\ProgramData\GamesBar\about.gif
    Supprime! - C:\ProgramData\GamesBar\action.gif
    Supprime! - C:\ProgramData\GamesBar\airport_mania_first_flight16x16.gif
    Supprime! - C:\ProgramData\GamesBar\arcade.gif
    Supprime! - C:\ProgramData\GamesBar\bejeweled_twist16x16.gif
    Supprime! - C:\ProgramData\GamesBar\build_a_lot_316x16.gif
    Supprime! - C:\ProgramData\GamesBar\buy.gif
    Supprime! - C:\ProgramData\GamesBar\call_of_atlantis16x16.gif
    Supprime! - C:\ProgramData\GamesBar\cards.gif
    Supprime! - C:\ProgramData\GamesBar\cooking_dash16x16.gif
    Supprime! - C:\ProgramData\GamesBar\deals.gif
    Supprime! - C:\ProgramData\GamesBar\download.gif
    Supprime! - C:\ProgramData\GamesBar\dream_day_wedding_216x16.gif
    Supprime! - C:\ProgramData\GamesBar\farm_craft16x16.gif
    Supprime! - C:\ProgramData\GamesBar\feedback.gif
    Supprime! - C:\ProgramData\GamesBar\fitness_dash16x16.gif
    Supprime! - C:\ProgramData\GamesBar\green_valley_fun_on_the_farm16x16.gif
    Supprime! - C:\ProgramData\GamesBar\help.gif
    Supprime! - C:\ProgramData\GamesBar\highlight.gif
    Supprime! - C:\ProgramData\GamesBar\jewel_quest_316x16.gif
    Supprime! - C:\ProgramData\GamesBar\jigsaw.gif
    Supprime! - C:\ProgramData\GamesBar\kids.gif
    Supprime! - C:\ProgramData\GamesBar\mahjong.gif
    Supprime! - C:\ProgramData\GamesBar\mygames.gif
    Supprime! - C:\ProgramData\GamesBar\mystery_pi_the_vegas_heist16x16.gif
    Supprime! - C:\ProgramData\GamesBar\natalie_brooks16x16.gif
    Supprime! - C:\ProgramData\GamesBar\newGames.gif
    Supprime! - C:\ProgramData\GamesBar\oberonconfig.xm_
    Supprime! - C:\ProgramData\GamesBar\onload
    Supprime! - C:\ProgramData\GamesBar\partner.gif
    Supprime! - C:\ProgramData\GamesBar\popup_off.gif
    Supprime! - C:\ProgramData\GamesBar\popup_on.gif
    Supprime! - C:\ProgramData\GamesBar\puzzle.gif
    Supprime! - C:\ProgramData\GamesBar\saqqarah16x16.gif
    Supprime! - C:\ProgramData\GamesBar\search.gif
    Supprime! - C:\ProgramData\GamesBar\sendafriend.gif
    Supprime! - C:\ProgramData\GamesBar\sherlock_holmes16x16.gif
    Supprime! - C:\ProgramData\GamesBar\sports.gif
    Supprime! - C:\ProgramData\GamesBar\treasures_of_mystery_island16x16.gif
    Supprime! - C:\ProgramData\GamesBar\trial.gif
    Supprime! - C:\ProgramData\GamesBar\uninstall.gif
    Supprime! - C:\ProgramData\GamesBar\update.gif
    Supprime! - C:\ProgramData\GamesBar\womens_murder_club_fr16x16.gif
    Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar
    Supprime! - C:\Program Files\GamesBar\Localization2-French.ini
    Supprime! - C:\Program Files\GamesBar\uninst.exe
    Supprime! - C:\Program Files\Kiwee Toolbar\2.8.167
    Supprime! - C:\ProgramData\GamesBar
    Supprime! - C:\Program Files\GamesBar
    Supprime! - C:\Program Files\Kiwee Toolbar

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Start Page"="https://www.orange.fr/portail"
    "Search Bar"="https://www.orange.fr/portail?kw="
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\JEAN-F~1\AppData\Local\VirtualStore\Program Files\Agatha Christie - Death on the Nile\gameres\images\bonus_rosary\bead_crack.png
    C:\PROGRA~2\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav
    C:\PROGRA~2\SpecialBit\Haunted Hotel 2\cached\sounds\nearBoiler\WOOD CRACKING 1.wav

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 24/08/2009| 8:36 - Option : [2]

    -----------\\ Fin du rapport a 8:36:04,78

    0
  11. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    bon travail
    poste ce rapport maintenant
    • Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,
    http://images.malwareremoval.com/random/RSIT.exe
    • Double-clique sur RSIT.exe pour lancer le programme,
    • Clique sur continuer sur l'écran Disclaimer,
    • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
    0
  12. jolie63 Messages postés 36 Statut Membre
     
    voici les rapports

    info.txt logfile of random's system information tool 1.06 2009-08-24 10:45:09

    ======Uninstall list======

    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
    -->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
    -->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
    -->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
    -->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
    -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    -->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
    -->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    -->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    -->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
    -->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    -->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
    -->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Abra Academy fr-->"C:\Program Files\BoontyGames\Abra Academy\unins000.exe"
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    AntiVirus Firewall-->"C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    barre d'outils Orange-->C:\Program Files\Orange Toolbar FR\uninst.exe
    Big City Adventure Sydney-->"C:\Program Files\orange\jeux\Big City Adventure Sydney\Uninstall.exe" "C:\Program Files\orange\jeux\Big City Adventure Sydney\install.log"
    Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
    Bookworm Adventures fr-->"C:\Program Files\BoontyGames\Bookworm Adventures\unins000.exe"
    Burger Shop 2-->"C:\Program Files\orange\jeux\Burger Shop 2\Uninstall.exe" "C:\Program Files\orange\jeux\Burger Shop 2\install.log"
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Color Cross-->"C:\Program Files\orange\jeux\Color Cross\Uninstall.exe" "C:\Program Files\orange\jeux\Color Cross\install.log"
    Coloriage-->C:\Windows\GPInstall.exe "/UNINST=C:\Program Files\denouvel\Coloriage\UnInst.log" "/APPNAME=Coloriage"
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
    Digital Video-->C:\Program Files\InstallShield Installation Information\{C833C7B6-1140-471D-932B-391B5CA66D7D}\setup.exe -runfromtemp -l0x040c -removeonly
    EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
    EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
    Favorit-->c:\users\jean-francois\appdata\local\isaso.bat
    File Signature Verification-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Program Files\Winqual Tools\Chklogo\chklogo6UI.inf
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
    Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.39\Installer\setup.exe" --uninstall --system-level
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Gourmania-->"C:\Program Files\Gourmania\Uninstall.exe"
    HijackThis 2.0.2-->"C:\Genproc\outil\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSFRF.inf, Uninstall
    La Malédiction du Pharaon: Le Secret de Napoléon-->"C:\Program Files\La Malediction du Pharaon - Le Secret de Napoleon\Uninstall.exe"
    La Marmite du Chef 6.3.0-->"C:\Program Files\El Juky\La Marmite du Chef\unins000.exe"
    Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
    Les Chasseurs de Trésor II: Les Toiles Enchantées-->"C:\Program Files\Les Chasseurs de Tresor II - Les Toiles Enchantees\Uninstall.exe"
    Les Chasseurs de Trésor: Rêves d'Or ™-->"C:\Program Files\Les Chasseurs de Tresor - Reves d'Or\Uninstall.exe"
    Les Secrets de la Famille Flux: L'effet vague-->"C:\Program Files\Les Secrets de la Famille Flux - L'effet vague\Uninstall.exe"
    Lost Realms: L'Héritage de la Princesse du Soleil-->"C:\Program Files\Lost Realms - L'Heritage de la Princesse du Soleil\Uninstall.exe"
    Ma-Config.com-->MsiExec.exe /X{FACFAAB3-1443-427D-A0B0-1B55BB4F7FB2}
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Micro Application - Culture Gé, mon coach particulier-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Micro Application\CultureG\Uninst.isu"
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Multiplication-->"C:\Program Files\Multiplication\unins000.exe"
    myBabylon_English Toolbar-->C:\PROGRA~1\MYBABY~1\UNWISE.EXE C:\PROGRA~1\MYBABY~1\INSTALL.LOG
    Mystery Chronicles Murder Among Friends fr-->"C:\Program Files\BoontyGames\Mystery Chronicles Murder Among Friends\unins000.exe"
    Mystery P.I.: The New York Fortune-->"C:\Program Files\Mystery PI - The New York Fortune\Uninstall.exe"
    Mystery PI - The NY Fortune-->"C:\Program Files\orange\jeux\Mystery PI - The NY Fortune\Uninstall.exe" "C:\Program Files\orange\jeux\Mystery PI - The NY Fortune\install.log"
    Nostradamus: La Dernière Prophétie-->"C:\Program Files\Nostradamus - La Derniere Prophetie\Uninstall.exe"
    NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
    NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
    NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
    Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
    Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Recettes de Cuisine 2004-->"C:\Program Files\LudoSoft\Recettes de Cuisine 2004\unins000.exe"
    Roxio Creator 9.1 XE-->MsiExec.exe /I{683100FE-EDF8-403B-A234-B3EBEAF7BC82}
    Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
    Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
    Syberia II-->"C:\Program Files\Syberia II\Uninstall.exe"
    Syberia-->"C:\Program Files\Syberia\Uninstall.exe"
    Todae - Live Media-->C:\Program Files\Windows Media Player\Plugins\Todae\RMP\uninstall_fr.exe
    ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x40c UNINSTALL-L0x40c -uninst
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
    Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742}
    Vimicro USB PC Camera-->C:\Program Files\InstallShield Installation Information\{133EE96D-DBA6-4644-84A4-B2794505D669}\setup.exe -runfromtemp -l0x0009 -removeonly
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    XVID Codec Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534C6D59-D6E3-48A6-AD0B-747799019960}\Setup.exe" -l0x40c
    Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

    ======Security center information======

    AS: Windows Defender (disabled)

    ======System event log======

    Computer Name: PC-de-jean-fran
    Event Code: 10016
    Message: Les paramètres d'autorisation par défaut de l'ordinateur n'accordent pas d'autorisation Local Activation pour l'application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
    au SID PC-de-jean-fran\jean-francois de l'utilisateur (S-1-5-21-3170268387-4013735480-417762905-1000) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
    Record Number: 168013
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090407111505.000000-000
    Event Type: Erreur
    User: PC-de-jean-fran\jean-francois

    Computer Name: PC-de-jean-fran
    Event Code: 10016
    Message: Les paramètres d'autorisation par défaut de l'ordinateur n'accordent pas d'autorisation Local Activation pour l'application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
    au SID PC-de-jean-fran\jean-francois de l'utilisateur (S-1-5-21-3170268387-4013735480-417762905-1000) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
    Record Number: 168012
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090407111504.000000-000
    Event Type: Erreur
    User: PC-de-jean-fran\jean-francois

    Computer Name: PC-de-jean-fran
    Event Code: 10016
    Message: Les paramètres d'autorisation par défaut de l'ordinateur n'accordent pas d'autorisation Local Activation pour l'application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
    au SID PC-de-jean-fran\jean-francois de l'utilisateur (S-1-5-21-3170268387-4013735480-417762905-1000) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
    Record Number: 168011
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090407111504.000000-000
    Event Type: Erreur
    User: PC-de-jean-fran\jean-francois

    Computer Name: PC-de-jean-fran
    Event Code: 10016
    Message: Les paramètres d'autorisation par défaut de l'ordinateur n'accordent pas d'autorisation Local Activation pour l'application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
    au SID PC-de-jean-fran\jean-francois de l'utilisateur (S-1-5-21-3170268387-4013735480-417762905-1000) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
    Record Number: 168010
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090407111438.000000-000
    Event Type: Erreur
    User: PC-de-jean-fran\jean-francois

    Computer Name: PC-de-jean-fran
    Event Code: 10016
    Message: Les paramètres d'autorisation par défaut de l'ordinateur n'accordent pas d'autorisation Local Activation pour l'application serveur COM avec le CLSID
    {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
    au SID PC-de-jean-fran\jean-francois de l'utilisateur (S-1-5-21-3170268387-4013735480-417762905-1000) depuis l'adresse LocalHost (utilisation de LRPC). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil d'administration Services de composants.
    Record Number: 168009
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090407111438.000000-000
    Event Type: Erreur
    User: PC-de-jean-fran\jean-francois

    =====Application event log=====

    Computer Name: PC-de-jean-fran
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-3170268387-4013735480-417762905-1000_Classes:
    Process 872 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3170268387-4013735480-417762905-1000_CLASSES

    Record Number: 496
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20080926193744.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-jean-fran
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    2 user registry handles leaked from \Registry\User\S-1-5-21-3170268387-4013735480-417762905-1000:
    Process 872 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3170268387-4013735480-417762905-1000
    Process 1064 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3170268387-4013735480-417762905-1000\Software\Microsoft\RAS Autodial

    Record Number: 495
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20080926193744.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-jean-fran
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    2 user registry handles leaked from \Registry\User\S-1-5-21-3170268387-4013735480-417762905-1000:
    Process 544 (\Device\HarddiskVolume2\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3170268387-4013735480-417762905-1000
    Process 4012 (\Device\HarddiskVolume2\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3170268387-4013735480-417762905-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

    Record Number: 443
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20080926192426.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-jean-fran
    Event Code: 1533
    Message: Windows ne peut pas supprimer le répertoire de profils C:\Users\Administrateur. Ce problème peut être causé par des fichiers situés dans ce répertoire qui sont utilisés par un autre programme.

    DÉTAIL - Le répertoire n'est pas vide.
    Record Number: 400
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20080926185617.000000-000
    Event Type: Erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-jean-fran
    Event Code: 1008
    Message: Le service Windows Search tente de supprimer l’ancien catalogue.

    Record Number: 378
    Source Name: Microsoft-Windows-Search
    Time Written: 20080926185410.000000-000
    Event Type: Avertissement
    User:

    =====Security event log=====

    Computer Name: PC-de-jean-fran
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x24126

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 10298
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081122220944.628200-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-jean-fran
    Event Code: 1108
    Message: Le service de journalisation des événements a rencontré une erreur lors du traitement d’un événement entrant publié à partir de Microsoft-Windows-Security-Auditing.
    Record Number: 10297
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20081122220944.347400-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-jean-fran
    Event Code: 1108
    Message: Le service de journalisation des événements a rencontré une erreur lors du traitement d’un événement entrant publié à partir de Microsoft-Windows-Security-Auditing.
    Record Number: 10296
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20081122220944.347400-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-jean-fran
    Event Code: 1108
    Message: Le service de journalisation des événements a rencontré une erreur lors du traitement d’un événement entrant publié à partir de Microsoft-Windows-Security-Auditing.
    Record Number: 10295
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20081122220944.347400-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-jean-fran
    Event Code: 1108
    Message: Le service de journalisation des événements a rencontré une erreur lors du traitement d’un événement entrant publié à partir de Microsoft-Windows-Security-Auditing.
    Record Number: 10294
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20081122220944.347400-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=4b02
    "NUMBER_OF_PROCESSORS"=2
    "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

    -----------------EOF-----------------
    0
  13. jolie63 Messages postés 36 Statut Membre
     
    et log

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by jean-francois at 2009-08-24 10:44:46
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
    System drive C: has 190 GB (83%) free of 230 GB
    Total RAM: 2942 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:45:04, on 24/08/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Winsudate\gibsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
    C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
    C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\VM30xSnap.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\orange\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\jean-francois\Downloads\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\jean-francois.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~2.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S6306.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Notification de cadeaux MSN.lnk = jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\JEAN-F~1\AppData\Local\Temp\cce9B7.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: traduire la page - C:\Users\JEAN-F~1\AppData\Local\Temp\cce986.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\JEAN-F~1\AppData\Local\Temp\cce9A7.html
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c95c449a87d1c7) (gupdate1c95c449a87d1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
    0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    recherche et supprime par ajout suppression de programmes si tu le peux si non tu me le dis...
    favorit
    QUAD Utilities
    Winsudate
    attention l'outil que je vais te faire utiliser est très puissant donc tu suis bien les consignes
    il va te proposer d'installer la console de récupération sur son Pc accepte et suis les consignes, c'est très utile en cas de plantage...
    Télécharge ComboFix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Tutoriel officiel de ComboFix, afin de l’utiliser correctement
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
    Voir ici comment désactiver tes protections
    https://forum.pcastuces.com/default.asp
    Double clique sur ComboFix.exe (ComboFix)
    Tape 1 puis tape sur Entrée
    A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
    Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
    A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
    Pour tous les lecteurs :
    -- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
    -- Ne pas utiliser en dehors de ce cas de figure : dangereux!


    0
  15. jolie63 Messages postés 36 Statut Membre
     
    je n'arrive pas à enlever favorit, QUAD utilities et Winsuate
    0
  16. jolie63 Messages postés 36 Statut Membre
     
    je n'arrive à desactiver ccleaner
    0
  17. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    ccleaner? ce n'est pas un antivirus...
    fais la suite avec Combofix...
    0
  18. jolie63 Messages postés 36 Statut Membre
     
    et pour le reste que je n'arrive pas à supprimer favorit, quad utilitis , winsudate. Pour favorit je l'ai trouvé mais je n'arrive pas à la desinstaller et le reste je trouve pas ou c'est
    0
  19. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    attention l'outil que je vais te faire utiliser est très puissant donc tu suis bien les consignes
    il va te proposer d'installer la console de récupération sur son Pc accepte et suis les consignes, c'est très utile en cas de plantage...
    Télécharge ComboFix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Tutoriel officiel de ComboFix, afin de l’utiliser correctement
    http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix
    Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
    Voir ici comment désactiver tes protections
    https://forum.pcastuces.com/default.asp
    Double clique sur ComboFix.exe (ComboFix)
    Tape 1 puis tape sur Entrée
    A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
    Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
    A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
    Pour tous les lecteurs :
    -- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
    -- Ne pas utiliser en dehors de ce cas de figure : dangereux!
    0
  20. jolie63 Messages postés 36 Statut Membre
     
    voila le rapport

    ComboFix 09-08-23.01 - jean-francois 24/08/2009 13:23.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1795 [GMT 2:00]
    Running from: c:\users\jean-francois\Downloads\ComboFix.exe
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3170268387-4013735480-417762905-500
    c:\program files\QUAD Utilities
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
    c:\windows\Installer\16fafa3.msi

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RKHIT
    -------\Service_Boonty Games
    -------\Service_RkHit

    ((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
    .

    2009-08-24 08:44 . 2009-08-24 08:45 -------- d-----w- c:\program files\trend micro
    2009-08-24 08:44 . 2009-08-24 08:45 -------- d-----w- C:\rsit
    2009-08-24 07:03 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
    2009-08-24 07:03 . 2009-08-24 06:51 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
    2009-08-24 07:03 . 2009-08-24 06:51 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
    2009-08-24 07:03 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
    2009-08-24 07:03 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
    2009-08-24 07:03 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
    2009-08-24 07:03 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
    2009-08-24 06:54 . 2009-08-24 07:31 -------- d-----w- C:\Genproc
    2009-08-24 06:34 . 2009-08-24 06:36 -------- d-----w- C:\ToolBar SD
    2009-08-24 06:32 . 2008-06-05 16:18 5737 ----a-w- c:\users\jean-francois\AppData\Local\gnc.exe
    2009-08-24 06:08 . 2009-08-24 06:33 -------- d-----w- c:\program files\Navilog1
    2009-08-24 05:58 . 2009-08-24 06:39 -------- d-----w- C:\Lop SD
    2009-08-23 16:32 . 2009-08-24 07:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-23 16:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-08-23 16:32 . 2009-08-23 16:32 -------- d-----w- c:\programdata\Avira
    2009-08-23 16:32 . 2009-08-23 16:32 -------- d-----w- c:\program files\Avira
    2009-08-23 12:05 . 2009-08-23 12:20 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2009-08-23 12:05 . 2008-12-04 13:57 35552 ----a-w- c:\windows\system32\drivers\fses.sys
    2009-08-23 12:05 . 2008-12-04 13:57 70944 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2009-08-21 20:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
    2009-08-21 18:58 . 2009-08-23 11:36 -------- d-----w- c:\program files\Fighters
    2009-08-21 18:58 . 2009-08-21 18:58 -------- d-----w- c:\programdata\Fighters
    2009-08-20 10:57 . 2009-06-30 12:03 100352 ----a-w- c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\YPlayer@yummy.net\components\FYPlayer.dll
    2009-08-20 09:13 . 2009-08-20 09:13 -------- d-----w- c:\users\jean-francois\AppData\Local\MigWiz
    2009-08-18 13:42 . 2009-08-18 13:42 -------- d-----w- c:\program files\ReflexiveArcade
    2009-08-18 12:12 . 2009-08-18 12:12 -------- d-----w- c:\programdata\WildWestQuest2
    2009-08-18 08:54 . 2009-08-23 17:11 -------- d-----w- c:\program files\Winsudate
    2009-08-18 08:54 . 2009-08-18 08:54 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Icones
    2009-08-14 12:24 . 2009-08-14 12:24 -------- d-----w- c:\programdata\GameXzone
    2009-08-14 11:20 . 2009-08-14 11:20 -------- d-----w- c:\users\jean-francois\AppData\Roaming\UClick
    2009-08-14 11:20 . 2009-08-14 11:20 -------- d-----w- c:\programdata\UClick
    2009-08-13 11:45 . 2009-08-13 11:46 -------- d-----w- c:\program files\Les Secrets de la Famille Flux - L'effet vague
    2009-08-13 09:33 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-08-13 09:33 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-08-13 09:33 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-08-13 09:33 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-08-13 09:33 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-08-13 09:33 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-08-13 09:33 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2009-08-13 09:33 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-08-13 05:41 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
    2009-08-13 05:41 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-08-13 05:41 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-08-13 05:41 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-08-13 05:40 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-08-13 05:40 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-08-13 05:40 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-08-13 05:40 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-08-12 08:29 . 2009-08-12 08:29 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Enchanted Katya
    2009-08-11 13:19 . 2009-08-11 13:19 -------- d-----w- c:\programdata\MysteryChronicles
    2009-08-11 12:39 . 2009-08-11 12:39 -------- d-----w- c:\users\jean-francois\AppData\Local\Yummy
    2009-08-11 12:38 . 2008-08-20 12:20 350312 ----a-w- c:\windows\system32\SysCheck2.dll
    2009-08-11 12:38 . 2008-08-20 12:20 40040 ----a-w- c:\windows\system32\SysChkVC.dll
    2009-08-11 12:38 . 2009-08-11 12:38 -------- d-----w- C:\Metaboli
    2009-08-11 12:14 . 2009-08-11 12:14 -------- d-----w- c:\users\jean-francois\AppData\Local\sowhat
    2009-08-11 06:14 . 2009-08-11 06:14 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Lost in the City
    2009-08-11 06:13 . 2009-08-11 12:57 -------- d-----w- c:\program files\Lost in the City
    2009-08-10 12:41 . 2009-08-10 12:41 -------- d-----w- c:\programdata\Far Mills
    2009-08-08 12:16 . 2009-08-08 12:16 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2009-08-06 19:00 . 2009-08-06 19:00 -------- d-----w- c:\program files\Multiplication
    2009-08-05 13:31 . 2009-08-05 13:31 -------- d-----w- c:\programdata\BigFishSavedGames
    2009-08-04 11:22 . 2009-08-04 11:22 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BigFishv1002
    2009-08-03 13:52 . 2009-08-03 13:52 -------- d-----w- c:\programdata\Dekovir
    2009-08-03 12:45 . 2009-08-03 12:45 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BrandX Games
    2009-07-31 12:34 . 2009-07-31 12:34 -------- d-----w- c:\users\jean-francois\AppData\Roaming\SunRay Games
    2009-07-31 11:00 . 2009-07-31 11:00 -------- d-----w- c:\programdata\MythPeople
    2009-07-29 13:58 . 2009-07-29 13:58 -------- d-----w- c:\program files\Micro Application
    2009-07-29 13:58 . 1998-11-13 10:16 308224 ----a-w- c:\windows\IsUn040c.exe
    2009-07-26 06:27 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-26 06:27 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
    2009-07-26 06:27 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-26 06:27 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-26 06:27 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-26 06:21 . 2009-07-26 06:21 -------- d-----w- c:\programdata\NortonInstaller
    2009-07-26 06:21 . 2009-07-26 06:21 -------- d-----w- c:\program files\NortonInstaller

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-24 11:13 . 2006-11-02 15:45 682012 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-24 11:13 . 2006-11-02 15:45 129362 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-24 08:16 . 2008-12-05 18:03 -------- d-----w- c:\program files\Spyware Doctor
    2009-08-24 05:41 . 2009-03-20 13:10 99 ----a-w- c:\users\jean-francois\AppData\Local\isaso.bat
    2009-08-23 16:10 . 2008-12-05 17:56 -------- d-----w- c:\programdata\Google Updater
    2009-08-23 12:05 . 2008-12-12 07:31 -------- d-----w- c:\programdata\F-Secure
    2009-08-23 12:04 . 2008-12-12 07:01 -------- d-----w- c:\programdata\fssg
    2009-08-23 12:03 . 2008-12-07 17:33 -------- d-----w- c:\program files\Yahoo!
    2009-08-21 17:27 . 2009-03-31 16:20 -------- d-----w- c:\users\jean-francois\AppData\Roaming\EoRezo
    2009-08-20 10:59 . 2008-12-19 14:06 -------- d-----w- c:\program files\Oberon Media
    2009-08-20 10:46 . 2009-02-01 10:32 -------- d-----w- c:\program files\Pogo FR
    2009-08-20 10:44 . 2008-10-18 13:09 -------- d-----w- c:\program files\BoontyGames
    2009-08-18 13:43 . 2008-12-20 20:42 -------- d-----w- c:\programdata\GoBit Games
    2009-08-18 13:14 . 2008-09-29 16:21 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Zylom
    2009-08-13 09:05 . 2008-10-17 08:00 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-13 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-12 12:33 . 2009-04-28 12:43 -------- d-----w- c:\programdata\AdventureChronicles1
    2009-08-11 12:55 . 2009-06-03 13:42 -------- d-----w- c:\programdata\Symantec
    2009-08-11 12:54 . 2009-03-05 11:30 -------- d-----w- c:\program files\Player Metaboli
    2009-08-11 12:54 . 2009-02-25 13:43 -------- d-----w- c:\program files\Postcard Maker
    2009-08-11 12:53 . 2008-10-17 08:08 -------- d-----w- c:\program files\eMule
    2009-08-11 12:38 . 2009-03-05 11:31 68 ----a-w- c:\windows\GPlrLanc.dat
    2009-08-11 12:38 . 2009-03-05 11:31 -------- d-----w- c:\programdata\Player Metaboli
    2009-08-09 16:24 . 2008-09-26 19:02 116880 ----a-w- c:\users\jean-francois\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-05 13:34 . 2009-05-12 10:32 -------- d-----w- c:\users\jean-francois\AppData\Roaming\cerasus.media
    2009-08-05 12:44 . 2008-12-21 13:33 -------- d-----w- c:\users\jean-francois\AppData\Roaming\PlayFirst
    2009-08-05 12:44 . 2008-12-21 13:33 -------- d-----w- c:\programdata\PlayFirst
    2009-08-05 10:33 . 2008-10-07 14:33 -------- d-----w- c:\program files\Java
    2009-08-04 09:13 . 2008-09-26 18:28 -------- d-----w- c:\programdata\Roxio
    2009-08-04 08:20 . 2008-11-11 10:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-25 03:23 . 2009-01-03 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 21:52 . 2009-07-29 11:41 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-29 11:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-29 11:41 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-29 11:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-03 11:43 . 2009-07-03 11:43 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BloodTies
    2009-07-02 10:01 . 2008-12-22 13:06 -------- d-----w- c:\programdata\Gogii
    2009-07-02 09:43 . 2009-07-02 09:43 -------- d-----w- c:\users\jean-francois\AppData\Roaming\panoramik
    2009-06-30 11:02 . 2009-06-30 11:02 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Gold Casual Games
    2009-06-29 12:06 . 2009-02-02 12:34 -------- d-----w- c:\users\jean-francois\AppData\Roaming\YoudaGames
    2009-06-29 10:07 . 2009-06-29 10:07 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Skunk Studios
    2009-06-27 08:19 . 2008-12-21 13:26 -------- d-----w- c:\programdata\Sandlot Games
    2009-06-19 09:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-05-26 13:12 . 2009-07-03 08:18 589824 ----a-w- c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2008-08-20 21:03 1780248 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-05 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-06-13 228088]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-04-02 113400]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-06-06 1133304]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
    "F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]
    "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
    "VM30xSnap"="VM30xSnap.exe" - c:\windows\VM30xSnap.exe [2007-02-15 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-23 40072]

    c:\users\jean-francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Notification de cadeaux MSN.lnk - c:\users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-25 135680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):57,8f,30,a3,c4,f0,c9,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3170268387-4013735480-417762905-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{76B785E5-050B-4C0D-9097-514139E68D2A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{17DD99CD-5368-423D-8B85-8B5DB3837C65}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{81F70EDB-EEA0-4808-A54E-BACA17E1D506}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{7CC6C224-C979-4A8F-9A74-16097DF8604C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{08644B87-6D2B-4787-AB6B-5616956D99A2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{8154AD9B-1B6E-4199-9D60-142CFE87B867}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
    "{E4EE40AD-288C-4A2E-8DFA-924FF08B7B8B}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
    "{E1EEA8E2-D7F9-4EB8-A9BF-DB53BE8C662A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
    "{166A78B9-8259-4318-A957-BEBDB6B86E8B}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
    "{A66D2AC1-0C79-464B-BC11-15668CB64ED1}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
    "{10D7D997-078D-4096-920B-62A6E84875B1}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
    "{22658B20-CD2C-44BA-92EC-C1AE9A59EA65}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{BA379321-CF97-4C8E-9AA9-09A8328C7B56}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{809FAC91-F314-4800-9DC5-6B3398EEF847}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{888A3C4B-ACB3-482E-B03B-DD32E1C460E3}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{DB794183-DC2E-445B-B9A2-48E1C581D305}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{C0822370-9B90-4951-867E-FD02F7230097}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{53A5A5E9-2CFA-4CBD-B5D8-33C92E1CA7C2}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [23/08/2009 14:05 33920]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [09/06/2009 12:37 130936]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\orange\AntivirusFirewall\HIPS\drivers\fshs.sys [23/08/2009 14:05 67808]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [23/08/2009 14:05 35552]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [23/08/2009 14:05 70944]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [23/08/2009 14:04 12384]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2009 18:32 108289]
    R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/01/2009 17:37 55264]
    R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [05/12/2008 20:03 348752]
    R2 WinSvc;Gestionnaire de mise à jour Winsudate;c:\program files\Winsudate\gibsvc.exe [18/08/2009 10:54 70896]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [23/08/2009 14:04 99960]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\orange\AntivirusFirewall\ORSP Client\fsorsp.exe [23/08/2009 14:05 55904]
    R3 VM30xx86;Vimicro USB PC Camera (ZC0301);c:\windows\System32\drivers\vm30xx86.sys [08/11/2008 20:07 1294464]
    S2 gupdate1c95c449a87d1c7;Google Update Service (gupdate1c95c449a87d1c7);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 12:30 133104]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [29/04/2009 13:20 33176]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/05/2009 14:37 234864]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/09/2008 21:34 28224]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [23/08/2009 14:04 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [23/08/2009 14:04 25184]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:46]

    2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 20:46]

    2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 20:46]

    2009-08-24 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\Orange\ANTIVI~1\ANTI-V~1\fsav.exe [2009-08-23 13:57]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    HKCU-Run-WinUsr - c:\program files\Winsudate\gibusr.exe
    HKLM-Run-EoEngine - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.orange.fr/
    mWindow Title =
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: ajouter cette page à vos favoris Orange - c:\users\JEAN-F~1\AppData\Local\Temp\cce9B7.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: traduire la page - c:\users\JEAN-F~1\AppData\Local\Temp\cce986.html
    IE: traduire le texte sélectionné - c:\users\JEAN-F~1\AppData\Local\Temp\cce9A7.html
    IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\
    FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    FF - prefs.js: keyword.URL - hxxp://www.searcheo.fr/pratique?search&q=
    FF - component: c:\program files\Orange Toolbar FR\FirefoxContainer\components\CCLCXPCOMBridge.dll
    FF - component: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\YPlayer@yummy.net\components\FYPlayer.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: signed.applets.codebase_principal_support - true

    /* To avoid the user interaction, add the following lines: */
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

    /* GLDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

    /* BGFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

    /* BILD */
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

    /* BTUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

    /* CLIC */
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

    /* COUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.id - hxxp://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.id - hxxps://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

    /* MEDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.id - hxxps://www.metaboli.de/

    /* CUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

    /* EUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

    /* FUNR */
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

    /* GONE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

    /* GUDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

    /* META */
    FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

    /* MNDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

    /* MNFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

    /* MNUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

    /* NCNU */
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

    /* QPUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

    /* SFFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

    /* SPDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

    /* WOJ_ */
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.id - hxxps://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.id - hxxp://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.id - hxxps://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.id - hxxp://woj-int.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.id - hxxps://woj-int.jeu.orange.fr/

    user_pref(capability.principal.codebase.YummyPlayer_XX0001.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0001.id,hxxp://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.id,hxxps://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.id,hxxp://neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.id,hxxp://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.id,hxxps://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.id,hxxp://ads.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0007.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0007.id,hxxps://ads.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0008.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0008.id,hxxp://ads.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0009.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0009.id,hxxps://ads.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0010.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0010.id,hxxp://ads.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0011.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0011.id,hxxps://ads.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0012.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0012.id,hxxp://ag.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0013.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0013.id,hxxps://ag.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0014.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0014.id,hxxp://alice.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0015.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0015.id,hxxps://alice.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0016.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0016.id,hxxp://allocine.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0017.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0017.id,hxxps://allocine.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0018.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0018.id,hxxp://am.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0019.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0019.id,hxxps://am.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0020.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0020.id,hxxp://aol.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0021.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0021.id,hxxps://aol.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0022.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0022.id,hxxp://bc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0023.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0023.id,hxxps://bc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0024.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0024.id,hxxp://linternaute.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0025.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0025.id,hxxps://linternaute.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0026.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0026.id,hxxp://bild.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0027.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0027.id,hxxps://bild.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0028.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0028.id,hxxp://btvision.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0029.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0029.id,hxxps://btvision.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0030.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0030.id,hxxp://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0031.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0031.id,hxxp://cg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0032.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0032.id,hxxps://cg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0033.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0033.id,hxxp://cibleclick.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0034.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0034.id,hxxps://cibleclick.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0035.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0035.id,hxxp://cegetel.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0036.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0036.id,hxxps://cegetel.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0037.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0037.id,hxxp://choc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0038.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0038.id,hxxps://choc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0039.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0039.id,hxxp://cj.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0040.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0040.id,hxxps://cj.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0041.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0041.id,hxxp://cj.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0042.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0042.id,hxxps://cj.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0043.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0043.id,hxxp://cj.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0044.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0044.id,hxxps://cj.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0045.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0045.id,hxxp://cj.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0046.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0046.id,hxxps://cj.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0047.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0047.id,hxxp://metaboli.clubic.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0048.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0048.id,hxxps://metaboli.clubic.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0049.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0049.id,hxxp://metaboli.club-internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0050.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0050.id,hxxps://metaboli.club-internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0051.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0051.id,hxxp://coeur.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0052.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0052.id,hxxps://coeur.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0053.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0053.id,hxxp://come.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0054.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0054.id,hxxps://come.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0055.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0055.id,hxxp://lesaccros2.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0056.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0056.id,hxxps://lesaccros2.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0057.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0057.id,hxxp://surcouf.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0058.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0058.id,hxxps://surcouf.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0059.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0059.id,hxxp://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0060.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0060.id,hxxps://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0061.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0061.id,hxxp://cs.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0062.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0062.id,hxxps://cs.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0063.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0063.id,hxxp://custompc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0064.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0064.id,hxxps://custompc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0065.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0065.id,hxxp://cvg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0066.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0066.id,hxxps://cvg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0067.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0067.id,hxxp://daooda.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0068.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0068.id,hxxps://daooda.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0069.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0069.id,hxxp://daooda.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0070.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0070.id,hxxps://daooda.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0071.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0071.id,hxxp://daooda.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0072.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0072.id,hxxps://daooda.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0073.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0073.id,hxxp://digitaldownload.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0074.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0074.id,hxxps://digitaldownload.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0075.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0075.id,hxxp://eurogamer.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0076.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0076.id,hxxps://eurogamer.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0077.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0077.id,hxxp://eurogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0078.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0078.id,hxxps://eurogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0079.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0079.id,hxxp://exagame.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0080.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0080.id,hxxps://exagame.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0081.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0081.id,hxxp://fb.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0082.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0082.id,hxxps://fb.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0083.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0083.id,hxxp://fb.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0084.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0084.id,hxxps://fb.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0085.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0085.id,hxxp://fb.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0086.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0086.id,hxxps://fb.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0087.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0087.id,hxxp://firstcoffee.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0088.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0088.id,hxxps://firstcoffee.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0089.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0089.id,hxxp://fnac.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0090.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0090.id,hxxps://fnac.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0091.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0091.id,hxxp://fox.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0092.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0092.id,hxxps://fox.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0093.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0093.id,hxxp://fox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0094.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0094.id,hxxps://fox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0095.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0095.id,hxxp://fox.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0096.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0096.id,hxxps://fox.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0097.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0097.id,hxxp://free.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0098.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0098.id,hxxps://free.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0099.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0099.id,hxxp://funsta.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0100.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0100.id,hxxps://funsta.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0101.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0101.id,hxxp://funsta.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0102.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0102.id,hxxps://funsta.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0103.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0103.id,hxxp://metaboli.funradio.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0104.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0104.id,hxxps://metaboli.funradio.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0105.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0105.id,hxxp://fastweb.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0106.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0106.id,hxxps://fastweb.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0107.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0107.id,hxxp://god1.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0108.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0108.id,hxxps://god1
    0
  21. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    ceci a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
    Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
    Sélectionne le texte suivant (Ctrl+A):
    KillAll::
    Driver::
    Gestionnaire de mise à jour Winsudate
    WinSvc
    File::
    c:\program files\Winsudate\gibusr.exe
    Folder::
    c:\program files\Winsudate
    c:\programdata\GameXzone
    c:\programdata\Dekovir

    Copie le texte sélectionné (CTRL+C).
    Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).
    Colle le texte copié dans ce Bloc-notes (CTRL+V).
    Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)
    http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif
    Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)
    Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    Laisse ComboFix travailler
    Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le nettoyage n'est pas terminé.
    Un rapport va s'afficher: poste son contenu.
    Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
    ceci a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    fais examiner ces fichiers sur virus total
    https://www.virustotal.com/gui/
    C:\users\jean-francois\AppData\Local­\MigWiz
    c:\windows\system32\SysCheck2.dll
    c:\windows\system32\SysChkVC.dll
    c:\users\jean-francois\AppData\Local\isaso­.bat
    et poste les rapports obtenus
    0
  • 1
  • 2
  • 3