Trojan win32.agent.ctfk

Résolu
jolie63 Messages postés 36 Statut Membre -  
jolie63 Messages postés 36 Statut Membre -
Bonjour,
Je suis sous vista, j'ai un antivirus orange, il me trouve un trojan win32.agent.ctfk et je n'arrive pas le supprimer. J'ai avast aussi comme antivirus est il me trouve aucun trojan . Je ne sais plus quoi penser. Comment voir réellement si j'ai un trojan sur mon ordinateur. Merci d'avance pour toute aide..
A voir également:

58 réponses

Précédent
Réponse 21 / 58
jolie63 Messages postés 36 Statut Membre
 
ce matin combo.fix.exe n'a pas laissé d'icone sur mon bureau et je l'ai fait fonctionné comme j'ai pu pour t'envoyer le rapport. ou je peut l'avoir pour l'installer correctement.
0
Réponse 22 / 58
jolie63 Messages postés 36 Statut Membre
 
ça commence à faire orage chez nous, si tu me voit plus c'est que j'ai tout éteint. sinon on vera ça demain. bonne soirée
0
Réponse 23 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
ComboFix.exe (par sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel officiel de ComboFix, afin de l’utiliser correctement
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 24 / 58
jolie63 Messages postés 36 Statut Membre
 
bonjour,
Je n'arrive pas à mettre comboFix correctement sur mon ordi, il se lance directement quand je le télécharge. J'ai peur de faire une mauvaise mannippe. A se stade as-tu trouvé que mon pc été infecté?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
oui puisque je t'ai donné une manip à effectuer avec cet outil relis le post 20 et exécute les consignes stp
0
Réponse 26 / 58
jolie63 Messages postés 36 Statut Membre
 
j'ai fait comme tu m'as dis, j'ai fais glisser CFScript sur comboFix, un écan bleu est apparu mais ne pas indiqué un message et j'ai attendu voir si sa allé bougé, rien, toujours écran bleu. J'ai bien desactivé mes antivirus et internet. A ton avis que c'est il passait?
0
Réponse 27 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
supprime le combofix que tu as
retélécharge et relance avec le cfscript comme indiqué
vérifier que le script est bien enregistré sous le bon format : cfscript.txt et non pas cfscript.txt.txt
0
Réponse 28 / 58
jolie63 Messages postés 36 Statut Membre
 
j'ai réussi a faire marcher comboFix, il suffisait de faire 1 puis entrée même si il y avait pas de message, puis il te poser une question et il fallait répondre oui. Voilà le rapport:
ComboFix 09-08-24.06 - jean-francois 25/08/2009 14:08.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1863 [GMT 2:00]
Running from: c:\users\jean-francois\Desktop\ComboFix.exe
Command switches used :: c:\users\jean-francois\Desktop\cfscript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\program files\Winsudate\gibusr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Winsudate
c:\program files\Winsudate\gibcom.dll
c:\program files\Winsudate\gibidl.dll
c:\program files\Winsudate\gibsvc.exe
c:\program files\Winsudate\gibupt.exe
c:\programdata\Dekovir
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\angele.sav
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\curPlayerName.cfg
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\introWasPlayed.txt
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\players.txt
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\records_0.rec
c:\programdata\Dekovir\Can You See What I See Collectibles\_save\tutorialWasShown.txt
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\GameLog.txt
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\log.txt
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\button_click.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\count1.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\found_item.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\found_item1.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\found_item2.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\found_rare_item.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\hint.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\level_complete.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\level_lose.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\Memory_Finish2.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\Memory_Match.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\Memory_NoMatch.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\Memory_PickCard2.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\miss_click.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\PHRASE_OPENED.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\secret_code_block_turn_stop.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\secret_code_solve02.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\sort_error.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\sort_place.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\sort_select.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\zoom_in.wav
c:\programdata\Dekovir\Can You See What I See Collectibles\_temp\sounds\zoom_out.wav
c:\programdata\GameXzone
c:\programdata\GameXzone\Tibet Quest\TibetQuest.cfg
c:\programdata\GameXzone\Tibet Quest\TibetQuest.log
c:\users\Default\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{fb2ab057-8216-11dc-a74b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\jean-francois\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WinSvc


((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 12:17 . 2009-08-25 12:21 -------- d-----w- c:\users\jean-francois\AppData\Local\temp
2009-08-25 12:17 . 2009-08-25 12:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-08-25 12:17 . 2009-08-25 12:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-25 12:17 . 2009-08-25 12:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-25 12:17 . 2009-08-25 12:17 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2009-08-24 08:44 . 2009-08-24 08:45 -------- d-----w- c:\program files\trend micro
2009-08-24 08:44 . 2009-08-24 08:45 -------- d-----w- C:\rsit
2009-08-24 06:54 . 2009-08-24 07:31 -------- d-----w- C:\Genproc
2009-08-24 06:34 . 2009-08-24 06:36 -------- d-----w- C:\ToolBar SD
2009-08-24 06:32 . 2008-06-05 16:18 5737 ----a-w- c:\users\jean-francois\AppData\Local\gnc.exe
2009-08-24 06:08 . 2009-08-24 06:33 -------- d-----w- c:\program files\Navilog1
2009-08-24 05:58 . 2009-08-24 06:39 -------- d-----w- C:\Lop SD
2009-08-23 16:32 . 2009-08-24 07:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-23 16:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-23 16:32 . 2009-08-23 16:32 -------- d-----w- c:\programdata\Avira
2009-08-23 16:32 . 2009-08-23 16:32 -------- d-----w- c:\program files\Avira
2009-08-23 12:05 . 2009-08-23 12:20 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-23 12:05 . 2008-12-04 13:57 35552 ----a-w- c:\windows\system32\drivers\fses.sys
2009-08-23 12:05 . 2008-12-04 13:57 70944 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-08-21 20:16 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-08-21 18:58 . 2009-08-23 11:36 -------- d-----w- c:\program files\Fighters
2009-08-21 18:58 . 2009-08-21 18:58 -------- d-----w- c:\programdata\Fighters
2009-08-20 10:57 . 2009-06-30 12:03 100352 ----a-w- c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\YPlayer@yummy.net\components\FYPlayer.dll
2009-08-20 09:13 . 2009-08-20 09:13 -------- d-----w- c:\users\jean-francois\AppData\Local\MigWiz
2009-08-18 13:42 . 2009-08-18 13:42 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-18 12:12 . 2009-08-18 12:12 -------- d-----w- c:\programdata\WildWestQuest2
2009-08-18 08:54 . 2009-08-18 08:54 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Icones
2009-08-14 11:20 . 2009-08-14 11:20 -------- d-----w- c:\users\jean-francois\AppData\Roaming\UClick
2009-08-14 11:20 . 2009-08-14 11:20 -------- d-----w- c:\programdata\UClick
2009-08-13 11:45 . 2009-08-13 11:46 -------- d-----w- c:\program files\Les Secrets de la Famille Flux - L'effet vague
2009-08-13 09:33 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 09:33 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 09:33 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 09:33 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 09:33 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 09:33 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 09:33 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 09:33 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 05:41 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 05:41 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 05:41 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 05:41 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 05:40 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 05:40 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 05:40 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 05:40 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 08:29 . 2009-08-12 08:29 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Enchanted Katya
2009-08-11 13:19 . 2009-08-11 13:19 -------- d-----w- c:\programdata\MysteryChronicles
2009-08-11 12:39 . 2009-08-11 12:39 -------- d-----w- c:\users\jean-francois\AppData\Local\Yummy
2009-08-11 12:38 . 2008-08-20 12:20 350312 ----a-w- c:\windows\system32\SysCheck2.dll
2009-08-11 12:38 . 2008-08-20 12:20 40040 ----a-w- c:\windows\system32\SysChkVC.dll
2009-08-11 12:38 . 2009-08-11 12:38 -------- d-----w- C:\Metaboli
2009-08-11 12:14 . 2009-08-11 12:14 -------- d-----w- c:\users\jean-francois\AppData\Local\sowhat
2009-08-11 06:14 . 2009-08-11 06:14 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Lost in the City
2009-08-11 06:13 . 2009-08-11 12:57 -------- d-----w- c:\program files\Lost in the City
2009-08-10 12:41 . 2009-08-10 12:41 -------- d-----w- c:\programdata\Far Mills
2009-08-08 12:16 . 2009-08-08 12:16 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-08-06 19:00 . 2009-08-06 19:00 -------- d-----w- c:\program files\Multiplication
2009-08-05 13:31 . 2009-08-05 13:31 -------- d-----w- c:\programdata\BigFishSavedGames
2009-08-04 11:22 . 2009-08-04 11:22 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BigFishv1002
2009-08-03 12:45 . 2009-08-03 12:45 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BrandX Games
2009-07-31 12:34 . 2009-07-31 12:34 -------- d-----w- c:\users\jean-francois\AppData\Roaming\SunRay Games
2009-07-31 11:00 . 2009-07-31 11:00 -------- d-----w- c:\programdata\MythPeople
2009-07-29 13:58 . 2009-07-29 13:58 -------- d-----w- c:\program files\Micro Application
2009-07-29 13:58 . 1998-11-13 10:16 308224 ----a-w- c:\windows\IsUn040c.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 11:15 . 2006-11-02 15:45 682012 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-25 11:15 . 2006-11-02 15:45 129362 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-25 08:26 . 2008-12-05 18:03 -------- d-----w- c:\program files\Spyware Doctor
2009-08-24 17:11 . 2008-12-05 17:56 -------- d-----w- c:\programdata\Google Updater
2009-08-24 05:41 . 2009-03-20 13:10 99 ----a-w- c:\users\jean-francois\AppData\Local\isaso.bat
2009-08-23 12:05 . 2008-12-12 07:31 -------- d-----w- c:\programdata\F-Secure
2009-08-23 12:04 . 2008-12-12 07:01 -------- d-----w- c:\programdata\fssg
2009-08-23 12:03 . 2008-12-07 17:33 -------- d-----w- c:\program files\Yahoo!
2009-08-21 17:27 . 2009-03-31 16:20 -------- d-----w- c:\users\jean-francois\AppData\Roaming\EoRezo
2009-08-20 10:59 . 2008-12-19 14:06 -------- d-----w- c:\program files\Oberon Media
2009-08-20 10:46 . 2009-02-01 10:32 -------- d-----w- c:\program files\Pogo FR
2009-08-20 10:44 . 2008-10-18 13:09 -------- d-----w- c:\program files\BoontyGames
2009-08-18 13:43 . 2008-12-20 20:42 -------- d-----w- c:\programdata\GoBit Games
2009-08-18 13:14 . 2008-09-29 16:21 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Zylom
2009-08-13 09:05 . 2008-10-17 08:00 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 12:33 . 2009-04-28 12:43 -------- d-----w- c:\programdata\AdventureChronicles1
2009-08-11 12:55 . 2009-06-03 13:42 -------- d-----w- c:\programdata\Symantec
2009-08-11 12:54 . 2009-03-05 11:30 -------- d-----w- c:\program files\Player Metaboli
2009-08-11 12:54 . 2009-02-25 13:43 -------- d-----w- c:\program files\Postcard Maker
2009-08-11 12:53 . 2008-10-17 08:08 -------- d-----w- c:\program files\eMule
2009-08-11 12:38 . 2009-03-05 11:31 68 ----a-w- c:\windows\GPlrLanc.dat
2009-08-11 12:38 . 2009-03-05 11:31 -------- d-----w- c:\programdata\Player Metaboli
2009-08-09 16:24 . 2008-09-26 19:02 116880 ----a-w- c:\users\jean-francois\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 13:34 . 2009-05-12 10:32 -------- d-----w- c:\users\jean-francois\AppData\Roaming\cerasus.media
2009-08-05 12:44 . 2008-12-21 13:33 -------- d-----w- c:\users\jean-francois\AppData\Roaming\PlayFirst
2009-08-05 12:44 . 2008-12-21 13:33 -------- d-----w- c:\programdata\PlayFirst
2009-08-05 10:33 . 2008-10-07 14:33 -------- d-----w- c:\program files\Java
2009-08-04 09:13 . 2008-09-26 18:28 -------- d-----w- c:\programdata\Roxio
2009-08-04 08:20 . 2008-11-11 10:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 06:21 . 2009-07-26 06:21 -------- d-----w- c:\programdata\NortonInstaller
2009-07-26 06:21 . 2009-07-26 06:21 -------- d-----w- c:\program files\NortonInstaller
2009-07-25 03:23 . 2009-01-03 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 11:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-03 11:43 . 2009-07-03 11:43 -------- d-----w- c:\users\jean-francois\AppData\Roaming\BloodTies
2009-07-02 10:01 . 2008-12-22 13:06 -------- d-----w- c:\programdata\Gogii
2009-07-02 09:43 . 2009-07-02 09:43 -------- d-----w- c:\users\jean-francois\AppData\Roaming\panoramik
2009-06-30 11:02 . 2009-06-30 11:02 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Gold Casual Games
2009-06-29 12:06 . 2009-02-02 12:34 -------- d-----w- c:\users\jean-francois\AppData\Roaming\YoudaGames
2009-06-29 10:07 . 2009-06-29 10:07 -------- d-----w- c:\users\jean-francois\AppData\Roaming\Skunk Studios
2009-06-27 08:19 . 2008-12-21 13:26 -------- d-----w- c:\programdata\Sandlot Games
2009-06-19 09:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 14:53 . 2009-07-26 06:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-26 06:27 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-26 06:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-26 06:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-26 06:27 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-20 21:03 1780248 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-05 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-06-13 228088]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-04-02 113400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-06-06 1133304]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"VM30xSnap"="VM30xSnap.exe" - c:\windows\VM30xSnap.exe [2007-02-15 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-23 40072]

c:\users\jean-francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-25 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):57,8f,30,a3,c4,f0,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3170268387-4013735480-417762905-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{76B785E5-050B-4C0D-9097-514139E68D2A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{17DD99CD-5368-423D-8B85-8B5DB3837C65}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{81F70EDB-EEA0-4808-A54E-BACA17E1D506}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{7CC6C224-C979-4A8F-9A74-16097DF8604C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{08644B87-6D2B-4787-AB6B-5616956D99A2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8154AD9B-1B6E-4199-9D60-142CFE87B867}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{E4EE40AD-288C-4A2E-8DFA-924FF08B7B8B}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{E1EEA8E2-D7F9-4EB8-A9BF-DB53BE8C662A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{166A78B9-8259-4318-A957-BEBDB6B86E8B}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{A66D2AC1-0C79-464B-BC11-15668CB64ED1}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{10D7D997-078D-4096-920B-62A6E84875B1}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{22658B20-CD2C-44BA-92EC-C1AE9A59EA65}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{BA379321-CF97-4C8E-9AA9-09A8328C7B56}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{809FAC91-F314-4800-9DC5-6B3398EEF847}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{888A3C4B-ACB3-482E-B03B-DD32E1C460E3}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{DB794183-DC2E-445B-B9A2-48E1C581D305}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{C0822370-9B90-4951-867E-FD02F7230097}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{53A5A5E9-2CFA-4CBD-B5D8-33C92E1CA7C2}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [23/08/2009 14:05 33920]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [09/06/2009 12:37 130936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\orange\AntivirusFirewall\HIPS\drivers\fshs.sys [23/08/2009 14:05 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [23/08/2009 14:05 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [23/08/2009 14:05 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [23/08/2009 14:04 12384]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2009 18:32 108289]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/01/2009 17:37 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [05/12/2008 20:03 348752]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [23/08/2009 14:04 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\orange\AntivirusFirewall\ORSP Client\fsorsp.exe [23/08/2009 14:05 55904]
R3 VM30xx86;Vimicro USB PC Camera (ZC0301);c:\windows\System32\drivers\vm30xx86.sys [08/11/2008 20:07 1294464]
S2 gupdate1c95c449a87d1c7;Google Update Service (gupdate1c95c449a87d1c7);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 12:30 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [29/04/2009 13:20 33176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/05/2009 14:37 234864]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/09/2008 21:34 28224]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [23/08/2009 14:04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [23/08/2009 14:04 25184]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:46]

2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 20:46]

2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 20:46]

2009-08-25 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\Orange\ANTIVI~1\ANTI-V~1\fsav.exe [2009-08-23 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.fr/
mWindow Title =
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: ajouter cette page à vos favoris Orange - c:\users\JEAN-F~1\AppData\Local\Temp\cce236D.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: traduire la page - c:\users\JEAN-F~1\AppData\Local\Temp\cce233D.html
IE: traduire le texte sélectionné - c:\users\JEAN-F~1\AppData\Local\Temp\cce235D.html
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://www.searcheo.fr/pratique?search&q=
FF - component: c:\program files\Orange Toolbar FR\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\YPlayer@yummy.net\components\FYPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\users\jean-francois\AppData\Roaming\Mozilla\Firefox\Profiles\kf13c1ad.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */
FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */
FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */
FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */
FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */
FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.id - hxxp://www.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.id - hxxps://www.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */
FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.id - hxxps://www.metaboli.de/

/* CUUK */
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */
FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */
FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */
FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */
FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */
FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */
FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */
FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */
FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */
FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */
FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */
FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */
FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.id - hxxps://woj-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.id - hxxp://woj-pp.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.id - hxxps://woj-pp.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.id - hxxp://woj-int.jeu.orange.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.id - hxxps://woj-int.jeu.orange.fr/

user_pref(capability.principal.codebase.YummyPlayer_XX0001.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0001.id,hxxp://www.neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0002.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0002.id,hxxps://www.neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0003.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0003.id,hxxp://neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0004.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0004.id,hxxp://ad.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0005.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0005.id,hxxps://ad.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0006.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0006.id,hxxp://ads.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0007.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0007.id,hxxps://ads.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0008.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0008.id,hxxp://ads.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0009.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0009.id,hxxps://ads.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0010.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0010.id,hxxp://ads.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0011.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0011.id,hxxps://ads.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0012.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0012.id,hxxp://ag.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0013.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0013.id,hxxps://ag.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0014.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0014.id,hxxp://alice.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0015.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0015.id,hxxps://alice.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0016.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0016.id,hxxp://allocine.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0017.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0017.id,hxxps://allocine.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0018.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0018.id,hxxp://am.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0019.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0019.id,hxxps://am.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0020.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0020.id,hxxp://aol.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0021.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0021.id,hxxps://aol.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0022.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0022.id,hxxp://bc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0023.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0023.id,hxxps://bc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0024.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0024.id,hxxp://linternaute.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0025.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0025.id,hxxps://linternaute.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0026.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0026.id,hxxp://bild.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0027.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0027.id,hxxps://bild.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0028.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0028.id,hxxp://btvision.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0029.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0029.id,hxxps://btvision.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0030.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0030.id,hxxp://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0031.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0031.id,hxxp://cg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0032.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0032.id,hxxps://cg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0033.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0033.id,hxxp://cibleclick.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0034.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0034.id,hxxps://cibleclick.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0035.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0035.id,hxxp://cegetel.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0036.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0036.id,hxxps://cegetel.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0037.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0037.id,hxxp://choc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0038.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0038.id,hxxps://choc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0039.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0039.id,hxxp://cj.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0040.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0040.id,hxxps://cj.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0041.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0041.id,hxxp://cj.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0042.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0042.id,hxxps://cj.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0043.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0043.id,hxxp://cj.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0044.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0044.id,hxxps://cj.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0045.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0045.id,hxxp://cj.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0046.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0046.id,hxxps://cj.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0047.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0047.id,hxxp://metaboli.clubic.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0048.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0048.id,hxxps://metaboli.clubic.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0049.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0049.id,hxxp://metaboli.club-internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0050.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0050.id,hxxps://metaboli.club-internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0051.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0051.id,hxxp://coeur.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0052.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0052.id,hxxps://coeur.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0053.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0053.id,hxxp://come.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0054.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0054.id,hxxps://come.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0055.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0055.id,hxxp://lesaccros2.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0056.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0056.id,hxxps://lesaccros2.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0057.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0057.id,hxxp://surcouf.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0058.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0058.id,hxxps://surcouf.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0059.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0059.id,hxxp://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0060.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0060.id,hxxps://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0061.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0061.id,hxxp://cs.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0062.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0062.id,hxxps://cs.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0063.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0063.id,hxxp://custompc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0064.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0064.id,hxxps://custompc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0065.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0065.id,hxxp://cvg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0066.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0066.id,hxxps://cvg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0067.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0067.id,hxxp://daooda.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0068.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0068.id,hxxps://daooda.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0069.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0069.id,hxxp://daooda.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0070.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0070.id,hxxps://daooda.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0071.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0071.id,hxxp://daooda.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0072.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0072.id,hxxps://daooda.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0073.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0073.id,hxxp://digitaldownload.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0074.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0074.id,hxxps://digitaldownload.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0075.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0075.id,hxxp://eurogamer.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0076.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0076.id,hxxps://eurogamer.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0077.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0077.id,hxxp://eurogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0078.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0078.id,hxxps://eurogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0079.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0079.id,hxxp://exagame.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0080.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0080.id,hxxps://exagame.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0081.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0081.id,hxxp://fb.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0082.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0082.id,hxxps://fb.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0083.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0083.id,hxxp://fb.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0084.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0084.id,hxxps://fb.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0085.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0085.id,hxxp://fb.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0086.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0086.id,hxxps://fb.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0087.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0087.id,hxxp://firstcoffee.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0088.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0088.id,hxxps://firstcoffee.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0089.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0089.id,hxxp://fnac.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0090.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0090.id,hxxps://fnac.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0091.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0091.id,hxxp://fox.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0092.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0092.id,hxxps://fox.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0093.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0093.id,hxxp://fox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0094.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0094.id,hxxps://fox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0095.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0095.id,hxxp://fox.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0096.granted,UniversalXPConnect);
user_p
0
Réponse 29 / 58
jolie63 Messages postés 36 Statut Membre
 
rapport de c:\users\jean-francois\AppData\Local\MigWizz :
Fichier setuperr.log reçu le 2009.08.25 12:44:43 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.25 -
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.25 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.25 -
Avast 4.8.1335.0 2009.08.24 -
AVG 8.5.0.406 2009.08.25 -
BitDefender 7.2 2009.08.25 -
CAT-QuickHeal 10.00 2009.08.25 -
ClamAV 0.94.1 2009.08.25 -
Comodo 2090 2009.08.25 -
DrWeb 5.0.0.12182 2009.08.25 -
eSafe 7.0.17.0 2009.08.24 -
eTrust-Vet 31.6.6699 2009.08.25 -
F-Prot 4.4.4.56 2009.08.24 -
F-Secure 8.0.14470.0 2009.08.25 -
Fortinet 3.120.0.0 2009.08.25 -
GData 19 2009.08.25 -
Ikarus T3.1.1.68.0 2009.08.25 -
Jiangmin 11.0.800 2009.08.25 -
K7AntiVirus 7.10.826 2009.08.24 -
Kaspersky 7.0.0.125 2009.08.25 -
McAfee 5719 2009.08.24 -
McAfee+Artemis 5719 2009.08.24 -
McAfee-GW-Edition 6.8.5 2009.08.25 -
Microsoft 1.4903 2009.08.25 -
NOD32 4365 2009.08.25 -
Norman 2009.08.25 -
nProtect 2009.1.8.0 2009.08.25 -
Panda 10.0.2.2 2009.08.25 -
PCTools 4.4.2.0 2009.08.25 -
Prevx 3.0 2009.08.25 -
Rising 21.44.11.00 2009.08.25 -
Sophos 4.44.0 2009.08.25 -
Sunbelt 3.2.1858.2 2009.08.25 -
Symantec 1.4.4.12 2009.08.25 -
TheHacker 6.3.4.3.387 2009.08.25 -
TrendMicro 8.950.0.1094 2009.08.25 -
VBA32 3.12.10.10 2009.08.25 -
ViRobot 2009.8.25.1901 2009.08.25 -
VirusBuster 4.6.5.0 2009.08.24 -
Information additionnelle
File size: 79 bytes
MD5...: cebda25a7e15b1c22f832bf4d1a17a9c
SHA1..: dbfd4644c2df072a27f18c6569a5c11b204fcaa0
SHA256: 639f200cf2e387ce6f1dd2befbfbcd59e95fc31527bafa5c7819ed618ff1fbc7
ssdeep: 3:vczccJms/FFLCF2ULRuMrDv:Ezcc4s/y2ULoMrDv
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
0
Réponse 30 / 58
jolie63 Messages postés 36 Statut Membre
 
Pour le fichier C:\windows\system32\SysCheck2.dll et c:\windows\system32\SysChkVC.dll, virtustotal me dit que c'est les même fichier, rapport:
Fichier SysCheck2.dll reçu le 2009.08.25 12:50:11 (UTC)
Situation actuelle: terminé
Résultat: 1/40 (2.5%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.25 -
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.25 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.25 -
Avast 4.8.1335.0 2009.08.24 -
AVG 8.5.0.406 2009.08.25 -
BitDefender 7.2 2009.08.25 -
CAT-QuickHeal 10.00 2009.08.25 -
ClamAV 0.94.1 2009.08.25 -
Comodo 2090 2009.08.25 -
DrWeb 5.0.0.12182 2009.08.25 -
eSafe 7.0.17.0 2009.08.24 Suspicious File
eTrust-Vet 31.6.6699 2009.08.25 -
F-Prot 4.4.4.56 2009.08.24 -
Fortinet 3.120.0.0 2009.08.25 -
GData 19 2009.08.25 -
Ikarus T3.1.1.68.0 2009.08.25 -
Jiangmin 11.0.800 2009.08.25 -
K7AntiVirus 7.10.826 2009.08.24 -
Kaspersky 7.0.0.125 2009.08.25 -
McAfee 5719 2009.08.24 -
McAfee+Artemis 5719 2009.08.24 -
McAfee-GW-Edition 6.8.5 2009.08.25 -
Microsoft 1.4903 2009.08.25 -
NOD32 4365 2009.08.25 -
Norman 2009.08.25 -
nProtect 2009.1.8.0 2009.08.25 -
Panda 10.0.2.2 2009.08.25 -
PCTools 4.4.2.0 2009.08.25 -
Prevx 3.0 2009.08.25 -
Rising 21.44.11.00 2009.08.25 -
Sophos 4.44.0 2009.08.25 -
Sunbelt 3.2.1858.2 2009.08.25 -
Symantec 1.4.4.12 2009.08.25 -
TheHacker 6.3.4.3.387 2009.08.25 -
TrendMicro 8.950.0.1094 2009.08.25 -
VBA32 3.12.10.10 2009.08.25 -
ViRobot 2009.8.25.1901 2009.08.25 -
VirusBuster 4.6.5.0 2009.08.24 -
Information additionnelle
File size: 350312 bytes
MD5...: b39eb3080da20cb8be40d8b73b0a4973
SHA1..: 41b6d4c08d88bc5ddb532f5a2822d72ca0aae34b
SHA256: 2ec364432211dbc474aac2d6f2377f04a86d0c923443fea52a837ae035dec7cb
ssdeep: 6144:Oc4teeCwARMjt4VpwuhlwkyCqQoafWh/obC0Bc0tra0l6tI9Neuxy:Oc46R
MjqjliCNoafWhkC0Bcl+k+y
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
trid..: UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
0
Réponse 31 / 58
jolie63 Messages postés 36 Statut Membre
 
rapport pour c:\jean-francois\AppData\Local\isaso.bat :
Fichier isaso.bat reçu le 2009.08.25 13:01:40 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.25 -
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.25 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.25 -
Avast 4.8.1335.0 2009.08.24 -
AVG 8.5.0.406 2009.08.25 -
BitDefender 7.2 2009.08.25 -
CAT-QuickHeal 10.00 2009.08.25 -
ClamAV 0.94.1 2009.08.25 -
Comodo 2090 2009.08.25 -
DrWeb 5.0.0.12182 2009.08.25 -
eSafe 7.0.17.0 2009.08.24 -
eTrust-Vet 31.6.6699 2009.08.25 -
F-Prot 4.4.4.56 2009.08.24 -
F-Secure 8.0.14470.0 2009.08.25 -
Fortinet 3.120.0.0 2009.08.25 -
GData 19 2009.08.25 -
Ikarus T3.1.1.68.0 2009.08.25 -
Jiangmin 11.0.800 2009.08.25 -
K7AntiVirus 7.10.826 2009.08.24 -
Kaspersky 7.0.0.125 2009.08.25 -
McAfee 5719 2009.08.24 -
McAfee+Artemis 5719 2009.08.24 -
McAfee-GW-Edition 6.8.5 2009.08.25 -
Microsoft 1.4903 2009.08.25 -
NOD32 4366 2009.08.25 -
Norman 2009.08.25 -
nProtect 2009.1.8.0 2009.08.25 -
Panda 10.0.2.2 2009.08.25 -
PCTools 4.4.2.0 2009.08.25 -
Prevx 3.0 2009.08.25 -
Rising 21.44.11.00 2009.08.25 -
Sophos 4.44.0 2009.08.25 -
Sunbelt 3.2.1858.2 2009.08.25 -
Symantec 1.4.4.12 2009.08.25 -
TheHacker 6.3.4.3.387 2009.08.25 -
TrendMicro 8.950.0.1094 2009.08.25 -
VBA32 3.12.10.10 2009.08.25 -
ViRobot 2009.8.25.1901 2009.08.25 -
VirusBuster 4.6.5.0 2009.08.24 -
Information additionnelle
File size: 99 bytes
MD5...: 521445adecfbfd9c66dd125a16049d0a
SHA1..: 72f83210b7c5a31e296f62fb4e3a566107749dd8
SHA256: 7df297f35df2b1d97b049d8a5f814c4a5d41e42c7ff0d7437dcc03782e1f104b
ssdeep: 3:mwnEsLLkuPsGX+vE5ZwQHj:HEsLLKcnwQD
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
0
Réponse 32 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
fais un scan en ligne en suivant ce tuto
https://forum.pcastuces.com/kaspersky_online_scanner___tutoriel-f31s26.htm
0
Réponse 33 / 58
jolie63 Messages postés 36 Statut Membre
 
j'ai fait le scanne avec kaspersky, plus de 2h ça à durée, j'ai affiché le rapport rien n'était marqué. je me suis mis en tant qu'administrateur voilà se que me dit l'ordinateur :
"correct launch of kaspersky online 7.0 on a computer running microsoft windows vista requires starting the brower as administrator with the run as administrator command. ok, don't show again ou ok"
que doit-je faire?
0
Réponse 34 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
il a du mal avec vista essaie ici
http://www.eset.com/threat-center/cac.php
0
Réponse 35 / 58
jolie63 Messages postés 36 Statut Membre
 
ok je testerais demain à tête reposé, bonne nuit et merci pour tes conseilles
0
Réponse 36 / 58
jolie63 Messages postés 36 Statut Membre
 
coucou j'ai fait le scanne avec le dernier que tu m'as donné voilà ce qu'il donne :
scan results
no the reats found
scanned files: 151203
infected files : 0
cleanned files : 0
total scan time : 03:04:51
scan status : finished


au faite es ce que tu c'est comment on peut enlever searcheo comme moteur de recherche
0
Réponse 37 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
poste moi un rapport hijack this
0
Réponse 38 / 58
jolie63 Messages postés 36 Statut Membre
 
voilà le rapport :

oot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\VM30xSnap.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~2.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Notification de cadeaux MSN.lnk = jean-francois\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\JEAN-F~1\AppData\Local\Temp\cce370.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\Users\JEAN-F~1\AppData\Local\Temp\cce35E.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\JEAN-F~1\AppData\Local\Temp\cce35F.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95c449a87d1c7) (gupdate1c95c449a87d1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 39 / 58
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
lance hijack this pour un scan et coche ces lignes
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion!
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll => myBabylon English Toolbar
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll => myBabylon English Toolbar
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" => Roxio®Easy CD Creator
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" => Adobe®Acrobat Reader
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Google®Toolbar
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
tu fixes ces lignes si tu le souhaites car elles ne sont pas infectées...simplement inutiles..

si searcheo est toujours là tu peux faire ce qui est indiqué ici
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/searcheo-allocation-facile-sujet_205628_1.htm
0
Réponse 40 / 58
jolie63 Messages postés 36 Statut Membre
 
quand j'ai cocher les cases il faut que je fasse quoi: scan, fix cheked ou info on selected item. je suis pas douée en anglais
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses