2 pc infectés (résolu)

bonjour,

j\'ai passer malwarebeat hier soir, et j\'ai trouvé 14 fichiers infectés sur mon pc portable

comme je ne fais pas dans la dentelle , je l\'ai passer aussi sur le pc de bureau et il est infecté aussi: 8 fichiers

le premier est sur vista (14 fichiers) , l\'autre sur XP (/8fichiers)

j\'ai du faire une mauvaise manip sur vista, car je l\'ai repasser en mode complet ce matin , et plus de fichiers infectés , par contre 14 fichiers se retrouvent dans l\'onglet exclusion

j\'attends vos instructions , pour savoir comment enlever ces vilaines bébêtes
je vous remercie

Bonjour tamalou,

Pourrais-tu envoyer les rapports de malwarebytes dans ta prochaine réponse stp.

Pour ton pc sous vista, je pense que malwarabytes a bien supprimé les infections c\'est pour cela qu\'il n\'en trouve plus aujourd\'hui. Il est tout de même sage de vérifier la nature et le type d\'infection auxquelles tu as affaire.

rapport malwarebytes pour xp: si c\'est bien ca que je dois donner

Malwarebytes\' Anti-Malware 1.38
Version de la base de données: 2315
Windows 5.1.2600 Service Pack 3

30/11/2009 13:04:53
mbam-log-2009-11-30 (13-04-46).txt

Type de recherche: Examen complet (C:\\|)
Eléments examinés: 181609
Temps écoulé: 50 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ModuleUsage\\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\TypeLib\\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\Interface\\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\Interface\\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\CLSID\\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs\\c:\\WINDOWS\\downloaded program files\\popcaploader.dll (Adware.PopCap) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\\WINDOWS\\downloaded program files\\popcaploader.dll (Adware.PopCap) -> No action taken.

si ce n\'est pas ca qu\'il faut dis moi ou se trouve ce rapport

je t\'envoie le rapport pour vista sur le post qui suit , il faut que je change de pc

rapport pour vista


Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3259
Windows 6.0.6000

30/11/2009 13:14:55
mbam-log-2009-11-30 (13-14-41).txt

Type de recherche: Examen complet (C:\\|)
Eléments examinés: 229059
Temps écoulé: 1 hour(s), 3 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


pour les exclusions j\'ai fait une image

ok, on va procéder pc par pc.

Je te propose de commencer par celui de XP sur ce même fil :

On commence par le diagnostique habituel pour que je comprenne mieux ce qui se passe :

• Télécharge Random\'s system information tool (RSIT) et enregistre le sur ton bureau
  
• Sauvegarde tout travail en cours et fermes toutes les fenêtre actives avant de lancer RSIT
  
• Double clique sur RSIT.exe pour lancer l\'outil. (il est possible que le .exe ne soit pas visible sur ton ordinateur)
  
• Sous vista ,clique droit sur le fichier et choisis \"Exécuter en tant qu\'administrateur\".
  
• Clique sur \"continue\" à l\'écran Disclaimer.
  
• Si l\'outil HijackThis (version à jour) n\'est pas présent ou non détecté sur l\'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Une fois le scan fini , deux rapports vont être générés, un seul va apparaitre,c\'est le log.txt, le second info.txt sera ouvert mais dans la barre de tache.

les deux rapports sont enregistrés sur ton disque dur, à la racine de C:\\

voici les chemins d\'accès=> C:\\RSIT\\log.txt & C:\\RSIT\\info.txt

poste les dans ta réponse sur ce forum dans deux messages distincts,stp .

Rappel: (CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

voici pour xp:

info.txt logfile of random\'s system information tool 1.06 2009-11-30 13:40:15

======Uninstall list======

-->C:\\PROGRA~1\\Yahoo!\\Common\\UNYT_W~1.EXE
-->C:\\Program Files\\DivX\\DivXConverterUninstall.exe /CONVERTER
-->C:\\Program Files\\Nero\\Nero 7\\\\nero\\uninstall\\UNNERO.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroBackItUp.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroMediaHome.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroShowTime.exe /UNINSTALL
-->C:\\WINDOWS\\UNNeroVision.exe /UNINSTALL
-->C:\\WINDOWS\\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\\Program Files\\ATI Technologies\\UninstallAll\\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{BD1236D8-9B9E-4702-B067-FF11A8121E18}
ATI Display Driver-->rundll32 C:\\WINDOWS\\system32\\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\\setup.exe\"
avast! Antivirus-->C:\\Program Files\\Alwil Software\\Avast4\\aswRunDll.exe \"C:\\Program Files\\Alwil Software\\Avast4\\Setup\\setiface.dll\",RunSetup
AVS Update Manager 1.0-->\"C:\\Program Files\\AVS4YOU\\AVSUpdateManger\\unins000.exe\"
AVS Video Converter 6-->\"C:\\Program Files\\AVS4YOU\\AVSVideoConverter6\\unins000.exe\"
AVS4YOU Software Navigator 1.3-->\"C:\\Program Files\\AVS4YOU\\AVSSoftwareNavigator\\unins000.exe\"
AxCrypt (Désinstaller uniquement)-->\"C:\\Program Files\\Axon Data\\AxCrypt\\AxCryptU.exe\"
Babylonia-->\"C:\\Program Files\\Babylonia\\Uninstall.exe\"
Big Fish Games Client-->C:\\Program Files\\bfgclient\\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cate West: Les Clés de Velours-->\"C:\\Program Files\\Cate West - Les Cles de Velours\\Uninstall.exe\"
CCleaner (remove only)-->\"C:\\Program Files\\CCleaner\\uninst.exe\"
C-Media WDM Audio Driver-->C:\\WINDOWS\\system32\\cmirmdrv.exe
Codec Pack - All In 1 6.0.3.0-->C:\\WINDOWS\\iun6002.exe \"C:\\Program Files\\Codec Pack - All In 1\\irunin.ini\"
ConvertHelper 2.2-->\"C:\\Program Files\\ConvertHelper\\unins000.exe\"
Correctif pour Lecteur Windows Media 11 (KB939683)-->\"C:\\WINDOWS\\$NtUninstallKB939683$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB952287)-->\"C:\\WINDOWS\\$NtUninstallKB952287$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB961118)-->\"C:\\WINDOWS\\$NtUninstallKB961118$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB970653-v3)-->\"C:\\WINDOWS\\$NtUninstallKB970653-v3$\\spuninst\\spuninst.exe\"
Correctif pour Windows XP (KB976098-v2)-->\"C:\\WINDOWS\\$NtUninstallKB976098-v2$\\spuninst\\spuninst.exe\"
Département 42: Le Mystère des Neuf-->\"C:\\Program Files\\Departement 42 - Le Mystere des Neuf\\Uninstall.exe\"
DivX Codec-->C:\\Program Files\\DivX\\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\\Program Files\\DivX\\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\\Program Files\\DivX\\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\\Program Files\\DivX\\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\\Program Files\\DivX\\DivXWebPlayerUninstall.exe /PLUGIN
Drawn: La Tour d\'Iris ™-->\"C:\\Program Files\\Drawn - La Tour d\'Iris\\Uninstall.exe\"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Free Video Converter V 2.1-->\"C:\\Program Files\\Free Video Converter\\unins000.exe\"
Free Video to Mp3 Converter version 2.7-->\"C:\\Program Files\\DVDVIDEOSOFT\\Free Video to Mp3 Converter\\unins000.exe\"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HijackThis 2.0.2-->\"C:\\Program Files\\trend micro\\HijackThis.exe\" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"
Hotfix for Windows Media Format 11 SDK (KB929399)-->\"C:\\WINDOWS\\$NtUninstallKB929399$\\spuninst\\spuninst.exe\"
HP Customer Participation Program 7.0-->C:\\Program Files\\HP\\Digital Imaging\\ExtCapUninstall\\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\\Program Files\\HP\\Digital Imaging\\DocumentViewer\\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\\Program Files\\HP\\Digital Imaging\\DeviceManagement\\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Premier Software 6.5-->C:\\Program Files\\HP\\Digital Imaging\\uninstall\\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\\Program Files\\HP\\Digital Imaging\\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\\setup\\hpzscr01.exe -datfile hposcr11.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\\Program Files\\HP\\Digital Imaging\\eSupport\\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IncrediMail-->C:\\Program Files\\IncrediMail\\bin\\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Installation Windows Live-->C:\\Program Files\\Windows Live\\Installer\\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lame ACM MP3 Codec-->C:\\WINDOWS\\system32\\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\\WINDOWS\\INF\\LameACM.inf
Lecteur Windows Media 11-->\"C:\\Program Files\\Windows Media Player\\Setup_wm.exe\" /Uninstall
L\'Île Invisible-->\"C:\\Program Files\\L\'Ile Invisible\\Uninstall.exe\"
L\'Ile Noyée-->\"C:\\Program Files\\Micro Application\\L\'Ile Noyée\\unins000.exe\"
Logiciel QuickCam de Logitech-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\00\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\\setup.exe\" -l0x40c
Logitech Desktop Messenger-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\\Setup.exe\" -l0x40c UNINSTALL
Logitech Print Service-->C:\\PROGRA~1\\Logitech\\PRINTS~1\\UNWISE.EXE C:\\PROGRA~1\\Logitech\\PRINTS~1\\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{FACFAAB3-1443-427D-A0B0-1B55BB4F7FB2}
Malwarebytes\' Anti-Malware-->\"C:\\Program Files\\Malwarebytes\' Anti-Malware\\unins000.exe\"
MediaInfo 0.7.11-->C:\\Program Files\\MediaInfo\\uninst.exe
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->\"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Updates\\hotfix.exe\" \"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Updates\\M953297\\M953297Uninstall.msp\"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 SP1\\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->\"C:\\WINDOWS\\$NtUninstallMSCompPackV1$\\spuninst\\spuninst.exe\"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional-->MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->\"C:\\WINDOWS\\$NtUninstallWudf01000$\\spuninst\\spuninst.exe\"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->\"C:\\WINDOWS\\$NtUninstallKB959772_WM11$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->\"C:\\WINDOWS\\$NtUninstallKB952069_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->\"C:\\WINDOWS\\$NtUninstallKB954155_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->\"C:\\WINDOWS\\$NtUninstallKB968816_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->\"C:\\WINDOWS\\$NtUninstallKB973540_WM9$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->\"C:\\WINDOWS\\$NtUninstallKB936782_WMP11$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->\"C:\\WINDOWS\\$NtUninstallKB954154_WM11$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->\"C:\\WINDOWS\\ie8updates\\KB969897-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->\"C:\\WINDOWS\\ie8updates\\KB971961-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->\"C:\\WINDOWS\\ie8updates\\KB972260-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->\"C:\\WINDOWS\\ie8updates\\KB974455-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB923561)-->\"C:\\WINDOWS\\$NtUninstallKB923561$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\\WINDOWS\\system32\\MacroMed\\Flash\\genuinst.exe C:\\WINDOWS\\system32\\MacroMed\\Flash\\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->\"C:\\WINDOWS\\$NtUninstallKB938464-v2$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB941569)-->\"C:\\WINDOWS\\$NtUninstallKB941569$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB946648)-->\"C:\\WINDOWS\\$NtUninstallKB946648$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950760)-->\"C:\\WINDOWS\\$NtUninstallKB950760$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950762)-->\"C:\\WINDOWS\\$NtUninstallKB950762$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB950974)-->\"C:\\WINDOWS\\$NtUninstallKB950974$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951066)-->\"C:\\WINDOWS\\$NtUninstallKB951066$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->\"C:\\WINDOWS\\$NtUninstallKB951376-v2$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB951748)-->\"C:\\WINDOWS\\$NtUninstallKB951748$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB952004)-->\"C:\\WINDOWS\\$NtUninstallKB952004$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB952954)-->\"C:\\WINDOWS\\$NtUninstallKB952954$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB954459)-->\"C:\\WINDOWS\\$NtUninstallKB954459$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB954600)-->\"C:\\WINDOWS\\$NtUninstallKB954600$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB955069)-->\"C:\\WINDOWS\\$NtUninstallKB955069$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956572)-->\"C:\\WINDOWS\\$NtUninstallKB956572$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956744)-->\"C:\\WINDOWS\\$NtUninstallKB956744$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956802)-->\"C:\\WINDOWS\\$NtUninstallKB956802$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956803)-->\"C:\\WINDOWS\\$NtUninstallKB956803$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB956844)-->\"C:\\WINDOWS\\$NtUninstallKB956844$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB957097)-->\"C:\\WINDOWS\\$NtUninstallKB957097$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958644)-->\"C:\\WINDOWS\\$NtUninstallKB958644$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958687)-->\"C:\\WINDOWS\\$NtUninstallKB958687$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958690)-->\"C:\\WINDOWS\\$NtUninstallKB958690$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB958869)-->\"C:\\WINDOWS\\$NtUninstallKB958869$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB959426)-->\"C:\\WINDOWS\\$NtUninstallKB959426$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960225)-->\"C:\\WINDOWS\\$NtUninstallKB960225$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960715)-->\"C:\\WINDOWS\\$NtUninstallKB960715$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960803)-->\"C:\\WINDOWS\\$NtUninstallKB960803$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB960859)-->\"C:\\WINDOWS\\$NtUninstallKB960859$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961371)-->\"C:\\WINDOWS\\$NtUninstallKB961371$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961373)-->\"C:\\WINDOWS\\$NtUninstallKB961373$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB961501)-->\"C:\\WINDOWS\\$NtUninstallKB961501$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB968537)-->\"C:\\WINDOWS\\$NtUninstallKB968537$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969059)-->\"C:\\WINDOWS\\$NtUninstallKB969059$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969898)-->\"C:\\WINDOWS\\$NtUninstallKB969898$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB969947)-->\"C:\\WINDOWS\\$NtUninstallKB969947$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB970238)-->\"C:\\WINDOWS\\$NtUninstallKB970238$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971486)-->\"C:\\WINDOWS\\$NtUninstallKB971486$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971557)-->\"C:\\WINDOWS\\$NtUninstallKB971557$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971633)-->\"C:\\WINDOWS\\$NtUninstallKB971633$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB971657)-->\"C:\\WINDOWS\\$NtUninstallKB971657$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973346)-->\"C:\\WINDOWS\\$NtUninstallKB973346$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973354)-->\"C:\\WINDOWS\\$NtUninstallKB973354$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973507)-->\"C:\\WINDOWS\\$NtUninstallKB973507$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973525)-->\"C:\\WINDOWS\\$NtUninstallKB973525$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB973869)-->\"C:\\WINDOWS\\$NtUninstallKB973869$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB974112)-->\"C:\\WINDOWS\\$NtUninstallKB974112$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB974571)-->\"C:\\WINDOWS\\$NtUninstallKB974571$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB975025)-->\"C:\\WINDOWS\\$NtUninstallKB975025$\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows XP (KB975467)-->\"C:\\WINDOWS\\$NtUninstallKB975467$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows Internet Explorer 8 (KB969497)-->\"C:\\WINDOWS\\ie8updates\\KB969497-IE8\\spuninst\\spuninst.exe\"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->\"C:\\WINDOWS\\ie8updates\\KB976749-IE8\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB951978)-->\"C:\\WINDOWS\\$NtUninstallKB951978$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB955839)-->\"C:\\WINDOWS\\$NtUninstallKB955839$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB961503)-->\"C:\\WINDOWS\\$NtUninstallKB961503$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB967715)-->\"C:\\WINDOWS\\$NtUninstallKB967715$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB968389)-->\"C:\\WINDOWS\\$NtUninstallKB968389$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB973687)-->\"C:\\WINDOWS\\$NtUninstallKB973687$\\spuninst\\spuninst.exe\"
Mise à jour pour Windows XP (KB973815)-->\"C:\\WINDOWS\\$NtUninstallKB973815$\\spuninst\\spuninst.exe\"
Mozilla Firefox (3.5.5)-->C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Natalie Brooks: Secrets of Treasure House-->\"C:\\Program Files\\Natalie Brooks - Secrets of Treasure House\\Uninstall.exe\"
Nero 7 Essentials-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nocturnal: Boston Nightfall ™-->\"C:\\Program Files\\Nocturnal - Boston Nightfall\\Uninstall.exe\"
OCR Software by I.R.I.S 7.0-->C:\\Program Files\\HP\\Digital Imaging\\OCR\\hpzscr01.exe -datfile hpqbud11.dat
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pahelika: Légendes Secrètes-->\"C:\\Program Files\\Pahelika - Legendes Secretes\\Uninstall.exe\"
PhotoFiltre-->\"C:\\Program Files\\PhotoFiltre\\Uninst.exe\"
PhotoMail Maker-->MsiExec.exe /X{15382D89-6EF6-4D21-9484-B500F2B10E46}
PhotoMail Maker-->MsiExec.exe /X{15382D89-6EF6-4D21-9484-B500F2B10E46} ARPVAL=\"UnInst\" /qf /L*V \"%temp%\\PhotoMailUninstallLog.log\"
Picasa 3-->\"C:\\Program Files\\Picasa2\\Uninstall.exe\"
Player Metaboli-->\"C:\\Program Files\\Player Metaboli\\Uninstall.exe\"
Pocahontas: Princesse du Powhatan-->\"C:\\Program Files\\Pocahontas - Princesse du Powhatan\\Uninstall.exe\"
Princesse Isabella: Le Château Ensorcelé-->\"C:\\Program Files\\Princesse Isabella - Le Chateau Ensorcele\\Uninstall.exe\"
Programme de gestion Camera de Logitech®-->\"C:\\Program Files\\Fichiers communs\\Logitech\\QCDRV\\BIN\\SETUP.EXE\" UNINSTALL REMOVEPROMPT
PuppetShow: Le Mystère de Joyville ™-->\"C:\\Program Files\\PuppetShow - Le Mystere de Joyville\\Uninstall.exe\"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek AC\'97 Audio-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\PROFES~1\\RunTime\\11\\50\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{FB08F381-6533-4108-B7DD-039E11FBC27E}\\setup.exe\" -l0x40c -removeonly
Search Settings 1.2.1-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SIW version 2009-07-28-->\"C:\\Program Files\\SIW\\unins000.exe\"
Spotify-->\"C:\\Program Files\\Spotify\\uninstall.exe\"
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veoh Web Player-->\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\uninst.exe\"
VIA Gestionnaire de périphériques de plate-forme-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Video Edit Magic 4.4-->\"C:\\Program Files\\Deskshare\\Video Edit Magic 4.4\\unins000.exe\"
VLC media player 1.0.3-->C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe
Windows Imaging Component-->\"C:\\WINDOWS\\$NtUninstallWIC$\\spuninst\\spuninst.exe\"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->\"C:\\Program Files\\Windows Media Player\\wmsetsdk.exe\" /UninstallAll
Windows Media Format 11 runtime-->\"C:\\WINDOWS\\$NtUninstallWMFDist11$\\spuninst\\spuninst.exe\"
Windows Media Player 11-->\"C:\\WINDOWS\\$NtUninstallwmp11$\\spuninst\\spuninst.exe\"
Windows XP Service Pack 3-->\"C:\\WINDOWS\\$NtServicePackUninstall$\\spuninst\\spuninst.exe\"
WinRAR Archiveur-->C:\\Program Files\\WinRAR\\uninstall.exe
Xvid 1.1.2 final uninstall-->\"C:\\Program Files\\Xvid\\unins000.exe\"
Yahoo! Messenger-->C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\UNWISE.EXE /U C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\INSTALL.LOG
Yahoo! Toolbar-->C:\\PROGRA~1\\Yahoo!\\Common\\UNYT_W~1.EXE

======Hosts File======

192.168.0.6 HP001CC43F3376

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091130-0]

======System event log======

Computer Name: MARITY-0BD98F56
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 10429
Source Name: Service Control Manager
Time Written: 20090907181929.000000+120
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: MARITY-0BD98F56
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 10428
Source Name: Service Control Manager
Time Written: 20090907181929.000000+120
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: MARITY-0BD98F56
Event Code: 6005
Message: Le service d\'Enregistrement d\'événement a démarré.

Record Number: 10427
Source Name: EventLog
Time Written: 20090907181912.000000+120
Event Type: Informations
User:

Computer Name: MARITY-0BD98F56
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 10426
Source Name: EventLog
Time Written: 20090907181912.000000+120
Event Type: Informations
User:

Computer Name: MARITY-0BD98F56
Event Code: 6006
Message: Le service d\'Enregistrement d\'événement a été arrêté.

Record Number: 10425
Source Name: EventLog
Time Written: 20090907092610.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: MARITY-0BD98F56
Event Code: 105
Message: The service was started.

Record Number: 658
Source Name: ATI Smart
Time Written: 20090612092019.000000+120
Event Type: Informations
User:

Computer Name: MARITY-0BD98F56
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur MARITY-0BD98F56\\marity alors qu\'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l\'utilisateur n\'a pas été libérée. le Registre sera déchargé lorsqu\'il ne sera plus utilisé.


Cela est souvent causé par des services s\'exécutant en tant que compte d\'utilisateur, essayez de configurer les services pour s\'exécuter dans le compte service réseau ou service local.

Record Number: 657
Source Name: Userenv
Time Written: 20090611222427.000000+120
Event Type: Avertissement
User: AUTORITE NT\\SYSTEM

Computer Name: MARITY-0BD98F56
Event Code: 4097
Message: L\'application, C:\\Program Files\\Nero\\Nero 7\\Nero StartSmart\\NeroStartSmart.exe, a généré une erreur d\'application
L\'erreur s\'est produite le 06/11/2009 à 13:33:11.937
L\'exception générée était c0000005 à l\'adresse 013E0BC3 (<nosymbols>)

Record Number: 656
Source Name: DrWatson
Time Written: 20090611133312.000000+120
Event Type: Informations
User:

Computer Name: MARITY-0BD98F56
Event Code: 1000
Message: Application défaillante nerostartsmart.exe, version 3.10.1.7, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x013e0bc3.

Record Number: 655
Source Name: Application Error
Time Written: 20090611133309.000000+120
Event Type: erreur
User:

Computer Name: MARITY-0BD98F56
Event Code: 1002
Message: L\'environnement s\'est arrêté de façon inattendue et Explorer.exe a redémarré.

Record Number: 654
Source Name: Winlogon
Time Written: 20090611123637.000000+120
Event Type: Informations
User:

======Environment variables======

\"ComSpec\"=%SystemRoot%\\system32\\cmd.exe
\"Path\"=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;C:\\Program Files\\ATI Technologies\\ATI.ACE\\;C:\\Program Files\\Fichiers communs\\DivX Shared\\;C:\\Program Files\\QuickTime\\QTSystem\\
\"windir\"=%SystemRoot%
\"FP_NO_HOST_CHECK\"=NO
\"OS\"=Windows_NT
\"PROCESSOR_ARCHITECTURE\"=x86
\"PROCESSOR_LEVEL\"=15
\"PROCESSOR_IDENTIFIER\"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
\"PROCESSOR_REVISION\"=2c02
\"NUMBER_OF_PROCESSORS\"=1
\"PATHEXT\"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
\"TEMP\"=%SystemRoot%\\TEMP
\"TMP\"=%SystemRoot%\\TEMP
\"CLASSPATH\"=.;C:\\Program Files\\Java\\jre6\\lib\\ext\\QTJava.zip
\"QTJAVA\"=C:\\Program Files\\Java\\jre6\\lib\\ext\\QTJava.zip

-----------------EOF-----------------

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by marity at 2009-11-30 13:40:00
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:12, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\WINDOWS\\system32\\LVCOMSX.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Logitech\\Video\\LogiTray.exe
C:\\Program Files\\Search Settings\\SearchSettings.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Logitech\\Video\\FxSvr2.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\IncrediMail\\bin\\IMApp.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Documents and Settings\\marity\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\marity.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\\Program Files\\Search Settings\\kb128\\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\\Program Files\\Search Settings\\kb128\\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [LogitechVideoTray] C:\\Program Files\\Logitech\\Video\\LogiTray.exe
O4 - HKLM\\..\\Run: [SearchSettings] C:\\Program Files\\Search Settings\\SearchSettings.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/marity/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\WINDOWS\\system32\\pr2ajbeb.exe

--
End of file - 9905 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-06-12 41368]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\\Program Files\\Search Settings\\kb128\\SearchSettings.dll [2009-04-09 1091584]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-06-12 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LVCOMSX\"=C:\\WINDOWS\\system32\\LVCOMSX.EXE [2004-10-08 221184]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-11-25 81000]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"LogitechVideoTray\"=C:\\Program Files\\Logitech\\Video\\LogiTray.exe [2004-10-08 217088]
\"SearchSettings\"=C:\\Program Files\\Search Settings\\SearchSettings.exe [2009-04-09 970240]
\"QuickTime Task\"=C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]
\"iTunesHelper\"=C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]
\"Adobe ARM\"=C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-13 4351216]
\"LDM\"=C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe [2009-05-21 20480]
\"LogitechSoftwareUpdate\"=C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe [2004-10-08 196608]
\"MSMSGS\"=C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ATICCC]
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-04-16 251264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\iTunesHelper]
C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LogitechVideoRepair]
C:\\Program Files\\Logitech\\Video\\ISStart.exe [2004-10-08 458752]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMan]
C:\\WINDOWS\\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-06-12 148888]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VeohPlugin]
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2009-05-20 3561720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2006-02-19 288472]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
Logitech Desktop Messenger.lnk - C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\AtiExtEvent]
C:\\WINDOWS\\system32\\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\"=\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe\"=\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger\"
\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe\"=\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup\"
\"C:\\Documents and Settings\\marity\\Local Settings\\Temp\\Nero Web\\SetupXu.exe\"=\"C:\\Documents and Settings\\marity\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup\"
\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"=\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player \"
\"D:\\setup\\HPZnet01.exe\"=\"D:\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe\"
\"D:\\setup\\hponicifs01.exe\"=\"D:\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe\"
\"C:\\WINDOWS\\system32\\spoolsv.exe\"=\"C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\LimeWire\\LimeWire.exe\"=\"C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire\"
\"C:\\Program Files\\Spotify\\spotify.exe\"=\"C:\\Program Files\\Spotify\\spotify.exe:*:Enabled:Spotify\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"
\"C:\\Program Files\\iTunes\\iTunes.exe\"=\"C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\"
\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe\"=\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"

======List of files/folders created in the last 1 months======

2009-11-30 13:40:01 ----D---- C:\\Program Files\\trend micro
2009-11-30 13:40:00 ----D---- C:\\rsit
2009-11-25 22:12:34 ----HDC---- C:\\WINDOWS\\$NtUninstallKB976098-v2$
2009-11-25 22:12:23 ----HDC---- C:\\WINDOWS\\$NtUninstallKB973687$
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xinput1_1.dll
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xactengine2_2.dll
2009-11-17 10:08:04 ----A---- C:\\WINDOWS\\system32\\xactengine2_1.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\xactengine2_0.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\x3daudio1_0.dll
2009-11-17 10:07:51 ----A---- C:\\WINDOWS\\system32\\d3dx9_29.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\xinput9_1_0.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\d3dx9_27.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_26.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_25.dll
2009-11-17 10:07:45 ----A---- C:\\WINDOWS\\system32\\d3dx9_24.dll
2009-11-17 09:48:59 ----D---- C:\\Program Files\\Micro Application
2009-11-14 18:19:38 ----D---- C:\\Program Files\\iPod
2009-11-14 18:19:32 ----D---- C:\\Program Files\\iTunes
2009-11-14 18:19:32 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 11:42:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\PhotoMail
2009-11-14 11:42:46 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-14 10:39:52 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Twintale Entertainment
2009-11-11 21:56:00 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-10 12:30:22 ----D---- C:\\Documents and Settings\\marity\\Application Data\\vlc
2009-11-08 14:01:08 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Gamenauts
2009-11-07 12:19:40 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Hidden Island Data
2009-11-07 11:23:28 ----D---- C:\\Program Files\\L\'Ile Invisible
2009-11-07 11:18:39 ----D---- C:\\Program Files\\PuppetShow - Le Mystere de Joyville
2009-11-07 11:03:34 ----D---- C:\\Program Files\\Pocahontas - Princesse du Powhatan
2009-11-07 10:59:04 ----D---- C:\\Program Files\\Cate West - Les Cles de Velours
2009-11-07 10:52:05 ----D---- C:\\Program Files\\Departement 42 - Le Mystere des Neuf
2009-11-06 06:43:00 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Princess Isabella
2009-11-06 05:42:23 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Babylonia
2009-11-02 11:14:15 ----D---- C:\\Program Files\\QuickTime
2009-10-31 22:24:31 ----D---- C:\\Program Files\\Princesse Isabella - Le Chateau Ensorcele
2009-10-31 22:17:06 ----D---- C:\\Program Files\\Babylonia

======List of files/folders modified in the last 1 months======

2009-11-30 13:40:05 ----D---- C:\\WINDOWS\\Prefetch
2009-11-30 13:40:01 ----D---- C:\\Program Files
2009-11-30 13:36:17 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-30 13:29:59 ----D---- C:\\WINDOWS\\Temp
2009-11-29 22:36:37 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-26 18:14:53 ----D---- C:\\WINDOWS\\system32
2009-11-26 14:40:07 ----D---- C:\\WINDOWS
2009-11-25 22:12:36 ----HD---- C:\\WINDOWS\\inf
2009-11-25 22:12:32 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-25 22:12:26 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-25 22:12:12 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-25 22:12:11 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-25 22:12:05 ----SHD---- C:\\WINDOWS\\Installer
2009-11-25 22:12:05 ----HD---- C:\\Config.Msi
2009-11-25 22:12:03 ----D---- C:\\WINDOWS\\WinSxS
2009-11-25 00:54:29 ----A---- C:\\WINDOWS\\system32\\aswBoot.exe
2009-11-24 13:20:46 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Adobe
2009-11-19 19:43:55 ----D---- C:\\Program Files\\Fichiers communs\\Adobe
2009-11-17 10:08:10 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-17 10:08:04 ----RSD---- C:\\WINDOWS\\assembly
2009-11-17 10:07:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-11-17 10:07:38 ----D---- C:\\WINDOWS\\system32\\DirectX
2009-11-14 18:20:25 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE
2009-11-14 18:19:37 ----D---- C:\\Program Files\\Fichiers communs\\Apple
2009-11-14 11:37:53 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-10 11:32:45 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-08 14:00:55 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\BigFishGamesCache
2009-11-07 11:19:15 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Games
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 03:00:35 ----D---- C:\\WINDOWS\\ie8updates
2009-10-31 20:27:11 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Big Fish Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\\WINDOWS\\system32\\drivers\\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\\WINDOWS\\system32\\drivers\\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\\WINDOWS\\system32\\drivers\\aswMon2.sys [2009-11-25 94160]
R2 mdmxsdk;mdmxsdk; C:\\WINDOWS\\system32\\DRIVERS\\mdmxsdk.sys [2004-08-03 11868]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\\WINDOWS\\system32\\drivers\\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\\WINDOWS\\system32\\drivers\\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\\WINDOWS\\system32\\DRIVERS\\ati2mtag.sys [2006-05-03 1540608]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\WINDOWS\\system32\\DRIVERS\\Camdrl.sys [2004-10-08 326656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\\WINDOWS\\system32\\DRIVERS\\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\\WINDOWS\\system32\\DRIVERS\\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\\WINDOWS\\system32\\DRIVERS\\HSFBS2S2.sys [2004-08-03 220032]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\\WINDOWS\\system32\\drivers\\lvusbsta.sys [2004-10-08 22016]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\\WINDOWS\\system32\\DRIVERS\\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
R3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\\WINDOWS\\system32\\DRIVERS\\HSFCXTS2.sys [2004-08-03 685056]
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmuda.sys [2005-12-15 1368000]
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\\WINDOWS\\System32\\Drivers\\usbaapl.sys [2009-06-05 39424]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\\WINDOWS\\system32\\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-06-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe [2006-12-14 61440]
R2 MDM;Machine Debug Manager; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe [2001-02-23 270336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\WINDOWS\\system32\\HPZipm12.exe [2007-08-09 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\\Program Files\\iPod\\bin\\iPodService.exe [2009-10-28 545568]
S2 ATI Smart;ATI Smart; C:\\WINDOWS\\system32\\ati2sgag.exe [2006-05-03 520192]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\WINDOWS\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 aspnet_state;ASP.NET State Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2007-01-04 136120]
S3 HP Status Server;HP Status Server; C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-05-13 234864]
S3 NBService;NBService; C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe [2008-01-22 275752]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Sur ce premier pc, on peut voir quelques infections.

Tu es ou ta famille adepte des jeux en ligne gratuits qui sont souvent sources d\'infections.

Tu as aussi des toolbars infectées qui sont présente et tu as des trace de l\'installation d\'un faux programme de sécurité.

On va commencer par supprimer les toolbars.

Prévention : Lorsque tu installe un logiciel, fait attention de bien déocher ou cocher des cases pour empêcher les toolbars proposées de s\'installer. Il faut bien lire chaque fenêtre lors de l\'installation avant de cliquer sur suivant.

A lire sur les toolbars

Fais ceci :

• Télécharge ToolbarSD (de Team IDN) sur ton Bureau
  
  
• Lance l\'installation du programme en exécutant le fichier téléchargé.
  
  
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
  
  
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  
  
• Choisis maintenant l\'option 1 (Recherche). Patiente jusqu\'à la fin de la recherche.
  
  
• Poste le rapport généré. (C:\\TB.txt)
  

oui , c\'est moi que veut tu , faut bien passer le temps parfois et je pense que tu vas rencontrer la même chose sur l\'autre pc

voici , le rapport demander pour xp toujours


-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3300+ )
BIOS : Award Modular BIOS v6.00PG
USER : marity ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 091130-0] 4.8.1368 (Activated)
A:\\ (USB)
C:\\ (Local Disk) - NTFS - Total:74 Go (Free:31 Go)
D:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 30/11/2009|14:04 )

-----------\\\\ Recherche de Fichiers / Dossiers ...

C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\GamesBar
C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\GamesBar\\onload
C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\GamesBar\\onload\\loading.gif
C:\\Program Files\\GamesBar
C:\\Program Files\\GamesBar\\Localization2-French.ini
C:\\Program Files\\GamesBar\\oberontb.dll
C:\\Program Files\\GamesBar\\uninst.exe
C:\\DOCUME~1\\ALLUSE~1\\MENUDM~1\\PROGRA~1\\GamesBar
C:\\WINDOWS\\Prefetch\\SEARCHSETTINGS.EXE-253CB611.pf
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com\\CHROME\\CONTENT\\searchsettingsplugin.js
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com\\CHROME\\CONTENT\\searchsettingsplugin.xul
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com\\CHROME\\LOCALE\\EN-US\\searchsettingsplugin.dtd
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com\\CHROME\\LOCALE\\EN-US\\searchsettingsplugin.properties
C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com\\COMPONENTS\\SearchSettingsFF.dll
C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings
C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings\\kb128
C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings\\kb128\\temp
C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings\\kb128\\temp\\ws-14574.log
C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings
C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings\\kb128
C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings\\kb128\\temp
C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings\\kb128\\temp\\ws-14576.log
C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings\\kb128\\temp\\ws-14578.log
C:\\Program Files\\Search Settings
C:\\Program Files\\Search Settings\\kb128
C:\\Program Files\\Search Settings\\SearchSettings.exe
C:\\Program Files\\Search Settings\\kb128\\res
C:\\Program Files\\Search Settings\\kb128\\SearchSettings.dll
C:\\Program Files\\Search Settings\\kb128\\SearchSettingsRes409.dll
C:\\Program Files\\Search Settings\\kb128\\temp
C:\\WINDOWS\\iun6002.exe
C:\\DOCUME~1\\marity\\LOCALS~1\\Temp\\nsv28F.tmp

-----------\\\\ Extensions

(Invit‚) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(marity) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(marity) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://mystart.incredimail.com/\"
\"Search Page\"=\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\"
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Start Page Redirect Cache\"=\"http://fr.msn.com/?ocid=iehp\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Default_Search_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Search Page\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"


--------------------\\\\ Recherche d\'autres infections


Aucune autre infection trouvée !


1 - \"C:\\ToolBar SD\\TB_1.txt\" - 30/11/2009|14:04 - Option : [1]

-----------\\\\ Fin du rapport a 14:04:54,23

oui , c\'est moi que veut tu , faut bien passer le temps parfois et je pense que tu vas rencontrer la même chose sur l\'autre pc

J\'en suis aussi sur que toi

Tu vas supprimer ces premières infections :

• Relance Toolbar-S&D en double-cliquant sur le raccourci.
  
  
• Tape sur \"2\" puis valide en appuyant sur \"Entrée\".
  
  /!\\ Ne ferme pas la fenêtre lors de la suppression /!\\
  
  
• Un rapport sera généré, poste son contenu ici.
  

* NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l\'onglet \"Processus\". Clique en haut à gauche sur Fichier et choisis \"Exécuter...\"
Tape explorer puis valide.

-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3300+ )
BIOS : Award Modular BIOS v6.00PG
USER : marity ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 091130-0] 4.8.1368 (Activated)
A:\\ (USB)
C:\\ (Local Disk) - NTFS - Total:74 Go (Free:31 Go)
D:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 30/11/2009|15:22 )

-----------\\\\ SUPPRESSION

Supprime! - C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\GamesBar\\onload
Supprime! - C:\\Program Files\\GamesBar\\Localization2-French.ini
Supprime! - C:\\Program Files\\GamesBar\\oberontb.dll
Supprime! - C:\\Program Files\\GamesBar\\uninst.exe
Supprime! - C:\\DOCUME~1\\ALLUSE~1\\MENUDM~1\\PROGRA~1\\GamesBar
Supprime! - C:\\Program Files\\Mozilla Firefox\\extensions\\search@searchsettings.com
Supprime! - C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings\\kb128
Supprime! - C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings\\kb128
Supprime! - C:\\Program Files\\Search Settings\\kb128
Supprime! - C:\\Program Files\\Search Settings\\SearchSettings.exe
Supprime! - C:\\WINDOWS\\iun6002.exe
Supprime! - C:\\DOCUME~1\\marity\\LOCALS~1\\Temp\\nsv28F.tmp
Supprime! - C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\GamesBar
Supprime! - C:\\Program Files\\GamesBar
Supprime! - C:\\DOCUME~1\\INVIT~1\\APPLIC~1\\Search Settings
Supprime! - C:\\DOCUME~1\\marity\\APPLIC~1\\Search Settings
Supprime! - C:\\Program Files\\Search Settings

-----------\\\\ Recherche de Fichiers / Dossiers ...


-----------\\\\ Extensions

(Invit‚) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(marity) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(marity) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://mystart.incredimail.com/\"
\"Search Page\"=\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\"
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Start Page Redirect Cache\"=\"http://fr.msn.com/?ocid=iehp\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Default_Page_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=69157\"
\"Default_Search_URL\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Search Page\"=\"http://go.microsoft.com/fwlink/?LinkId=54896\"
\"Local Page\"=\"C:\\\\WINDOWS\\\\system32\\\\blank.htm\"
\"Start Page\"=\"http://www.msn.com/\"


--------------------\\\\ Recherche d\'autres infections


Aucune autre infection trouvée !


1 - \"C:\\ToolBar SD\\TB_1.txt\" - 30/11/2009|14:04 - Option : [1]
2 - \"C:\\ToolBar SD\\TB_2.txt\" - 30/11/2009|15:24 - Option : [2]

-----------\\\\ Fin du rapport a 15:24:14,40

Tu vas continuer avec cette procédure pour parfaire la désinfection de ces toolbars :

• Télécharge AD-Remover sur ton bureau
  
  
• Double clique sur le fichier d\'installation de AD-Remover, le programme s\'installera automatiquement.
  
  
• Sous Vista : clic droit sur AD-Remover et sélectionner \"Exécuter en tant qu\'administrateur\"
  
  
• Au menu principal choisi l\'option \"L\" et tape sur [entrée] .
  
  
• Laisse travailler l\'outil et ne touche à rien ...
  
  
• Poste le rapport qui apparait à la fin.
  

( le rapport est sauvegardé aussi sous C:\\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s\'agit pas d\'un virus, mais d\'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d\'où l\'alerte émise par ces antivirus.

.
======= RAPPORT D\'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 25.11.2009 à 18:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:33:03, 30/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\\Program Files\\Ad-Remover\\
Système d\'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: MARITY-0BD98F56 | Utilisateur actuel: marity
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\\DOCUME~1\\marity\\APPLIC~1\\Mozilla\\Firefox\\Profiles\\oxze7o25.default\\searchplugins\\ask.xml
C:\\Program Files\\Mozilla FireFox\\Components\\AskSearch.js
C:\\Windows\\Installer\\2363023.msi
C:\\DOCUME~1\\marity\\Cookies\\marity@ask[2].txt
.
HKLM\\Software\\Classes\\CLSID\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\\software\\classes\\SearchSettings.BHO
HKLM\\software\\classes\\SearchSettings.BHO.1
HKLM\\Software\\Classes\\TypeLib\\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\\software\\microsoft\\windows\\currentversion\\uninstall\\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

-- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: oxze7o25.default (marity)
.
(marity, prefs.js) Browser.download.dir, C:\\Documents and Settings\\marity\\Mes documents
(marity, prefs.js) Browser.download.lastDir, C:\\Documents and Settings\\marity\\Bureau
(marity, prefs.js) Browser.search.defaultenginename, MyStart Search
(marity, prefs.js) Browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
(marity, prefs.js) Browser.search.selectedEngine, Google
(marity, prefs.js) Browser.startup.homepage, hxxp://www.memoclic.com/forum/bistrot/|hxxp://www.orange.fr/|hxxp://forum.lamijardin.net/|hxxp://www.google.fr/|hxxp://www.aujardin.org/|hxxp://www.programme-tv.net/#|hxxp://www.tutoriels-animes.com/traitement-video.html|hxxp://cyclurba.fr/forum-velo/6/velos-assistes-motorises.html|hxxp://www.ameli.fr/assures/droits-et-demarches/par-situation-medicale/en-cas-de-maladie-professionnelle/comment-declarer-votre-maladie-professionnelle.php|hxxp://www.facebook.com/home.php|hxxp://www.programme-tv.net/
.
(marity, prefs.js) EFFACE - Capability.policy.maonoscript.sites, 1bis.com 2ememain.be 2mdn.net addons.mozilla.org addthis.com adobe.com advertising.com ask.com atraxio.com aujardin.org avem.fr bluestreak.com cine-solutions.com clic-location.com culturevelo.com decathlon.fr digitick.com doubleclick.net dring-voyant.fr edintorni.net federal-hotel.com flashgot.net free.fr google-analytics.com google.com googleadservices.com googlesyndication.com gstatic.com hotmail.com ibishotel.com informaction.com lamijardin.net le-regent.fr live.com maone.net mappy.com memoclic.com mondovelo.fr msn.com nano-farm.com noscript.net oberon-media.com orange.fr orangeads.fr orangepublicite.fr passport.com passport.net passportimages.com pcastuces.com prixrikiki.com programme-tv.net roulonspourlavenir.com wanadoo.fr warnerdvdshop.com warnervideolive.com woopic.com yahoo.com yimg.com zmags.com about: about:blank about:certerror about:config about:credits about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: hxxp://1bis.com hxxp://2ememain.be hxxp://2mdn.net hxxp://addthis.com hxxp://adobe.com hxxp://advertising.com hxxp://ask.com hxxp://atraxio.com hxxp://aujardin.org hxxp://avem.fr hxxp://bluestreak.com hxxp://cine-solutions.com hxxp://clic-location.com hxxp://culturevelo.com hxxp://decathlon.fr hxxp://digitick.com hxxp://doubleclick.net hxxp://dring-voyant.fr hxxp://edintorni.net hxxp://federal-hotel.com hxxp://flashgot.net hxxp://free.fr hxxp://google-analytics.com hxxp://google.com hxxp://googleadservices.com hxxp://googlesyndication.com hxxp://gstatic.com hxxp://hotmail.com hxxp://ibishotel.com hxxp://informaction.com hxxp://lamijardin.net hxxp://le-regent.fr hxxp://live.com hxxp://maone.net hxxp://mappy.com hxxp://memoclic.com hxxp://mondovelo.fr hxxp://msn.com hxxp://nano-farm.com hxxp://noscript.net hxxp://oberon-media.com hxxp://orange.fr hxxp://orangeads.fr hxxp://orangepublicite.fr hxxp://passport.com hxxp://passport.net hxxp://passportimages.com hxxp://pcastuces.com hxxp://prixrikiki.com hxxp://programme-tv.net hxxp://roulonspourlavenir.com hxxp://wanadoo.fr hxxp://warnerdvdshop.com hxxp://warnervideolive.com hxxp://woopic.com hxxp://yahoo.com hxxp://yimg.com hxxp://zmags.com hxxps://1bis.com hxxps://2ememain.be hxxps://2mdn.net hxxps://addthis.com hxxps://adobe.com hxxps://advertising.com hxxps://ask.com hxxps://atraxio.com hxxps://aujardin.org hxxps://avem.fr hxxps://bluestreak.com hxxps://cine-solutions.com hxxps://clic-location.com hxxps://culturevelo.com hxxps://decathlon.fr hxxps://digitick.com hxxps://doubleclick.net hxxps://dring-voyant.fr hxxps://edintorni.net hxxps://federal-hotel.com hxxps://flashgot.net hxxps://free.fr hxxps://google-analytics.com hxxps://google.com hxxps://googleadservices.com hxxps://googlesyndication.com hxxps://gstatic.com hxxps://hotmail.com hxxps://ibishotel.com hxxps://informaction.com hxxps://lamijardin.net hxxps://le-regent.fr hxxps://live.com hxxps://maone.net hxxps://mappy.com hxxps://memoclic.com hxxps://mondovelo.fr hxxps://msn.com hxxps://nano-farm.com hxxps://noscript.net hxxps://oberon-media.com hxxps://orange.fr hxxps://orangeads.fr hxxps://orangepublicite.fr hxxps://passport.com hxxps://passport.net hxxps://passportimages.com hxxps://pcastuces.com hxxps://prixrikiki.com hxxps://programme-tv.net hxxps://roulonspourlavenir.com hxxps://wanadoo.fr hxxps://warnerdvdshop.com hxxps://warnervideolive.com hxxps://woopic.com hxxps://yahoo.com hxxps://yimg.com hxxps://zmags.com resource:
(marity, prefs.js) EFFACE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
(marity, prefs.js) EFFACE - Extensions.veohsearchrecs.SupportedSites, <?xml version=\\1.0\\ ?>\\r\\n<results revision=\\1.5.1\\>\\r\\n <sites>\\r\\n <searchsite MatchesDomain=\\google.\\ MatchesPath=\\/search\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\google.\\ MatchesPath=\\/search\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\bing.com\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\news.google.com\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\news.google.com\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\youtube.com\\ HasInUrl=\\search_query=\\ SearchQuery=\\search_query=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\search.yahoo.com\\ HasInUrl=\\?p=\\ SearchQuery=\\?p=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\search.yahoo.com\\ HasInUrl=\\&ampp=\\ SearchQuery=\\&ampp=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\ask.com\\ MatchesPath=\\/web\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\ask.com\\ MatchesPath=\\/web\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\ask.com\\ MatchesPath=\\/video\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\search.live.com\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\search.msn.com\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\wikipedia.org\\ SearchQuery=\\?search=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\amazon.com\\ HasInUrl=\\field-keywords=\\ SearchQuery=\\field-keywords=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\amazon.com\\ HasInUrl=\\&ampkeywords=\\ SearchQuery=\\&ampkeywords=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\bestbuy.com\\ HasInUrl=\\&ampst=\\ SearchQuery=\\&ampst=\\ CannotHaveInUrl=\\skuId=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\bestbuy.com\\ HasInUrl=\\&ampsearchterm=\\ SearchQuery=\\&ampsearchterm=\\ CannotHaveInUrl=\\skuId=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\.aol.\\ HasInUrl=\\&ampquery=\\ SearchQuery=\\&ampquery=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\.aol.\\ MatchesPath=\\/search\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\music.yahoo.com\\ MatchesPath=\\/search\\ HasInUrl=\\&ampp=\\ SearchQuery=\\&ampp=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\walmart.com\\ MatchesPath=\\/search\\ SearchQuery=\\search_query=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\imdb.com\\ MatchesPath=\\/find\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\searchservice.myspace.com\\ HasInUrl=\\&ampqry=\\ SearchQuery=\\&ampqry=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\last.fm\\ MatchesPath=\\/search\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\last.fm\\ MatchesPath=\\/search\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\ebay.com\\ SearchQuery=\\_nkw=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\craigslist.org\\ HasInUrl=\\search/\\ SearchQuery=\\query=\\ CannotHaveInUrl=\\/ers/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\craigslist.org\\ HasInUrl=\\search/\\ SearchQuery=\\query=\\ CannotHaveInUrl=\\/cas/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\craigslist.org\\ HasInUrl=\\search/\\ SearchQuery=\\query=\\ CannotHaveInUrl=\\/apa/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\craigslist.org\\ HasInUrl=\\search/\\ SearchQuery=\\query=\\ CannotHaveInUrl=\\/stp/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\dailymotion.com\\ HasInUrl=\\/search/\\ SearchQuery=\\/search/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\fancast.com\\ HasInUrl=\\/search/?s=\\ SearchQuery=\\?s=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\metacafe.com\\ HasInUrl=\\/tags/\\ SearchQuery=\\/tags/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\search.twitter.com\\ HasInUrl=\\/search?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\hulu.com\\ HasInUrl=\\?query=\\ SearchQuery=\\?query=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\cnn.com\\ HasInUrl=\\/search.jsp\\ SearchQuery=\\query=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\flickr.com\\ MatchesPath=\\/search\\ HasInUrl=\\?q=\\ SearchQuery=\\?q=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\flickr.com\\ MatchesPath=\\/search\\ HasInUrl=\\&ampq=\\ SearchQuery=\\&ampq=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\photobucket.com\\ HasInUrl=\\/images/\\ SearchQuery=\\/images/\\></searchsite>\\r\\n <searchsite MatchesDomain=\\digg.com\\ HasInUrl=\\search?s=\\ SearchQuery=\\search?s=\\></searchsite>\\r\\n <searchsite MatchesDomain=\\megavideo.com\\ HasInUrl=\\?c=search\\ SearchQuery=\\&amps=\\></searchsite>\\r\\n </sites>\\r\\n\\r\\n\\r\\n <browsesites>\\r\\n <excludedsite Url=\\hxxp://www.wikipedia.org/\\/>\\r\\n <excludedsite Url=\\hxxp://www.amazon.com/\\/>\\r\\n <excludedsite Url=\\hxxp://wikipedia.org/\\/>\\r\\n <excludedsite Url=\\hxxp://amazon.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.imeem.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.walmart.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.bestbuy.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.ebay.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.imdb.com/\\/>\\r\\n <excludedsite Url=\\hxxp://vids.myspace.com/\\/>\\r\\n <excludedsite Url=\\hxxp://new.music.yahoo.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.aol.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.imdb.com/\\/>\\r\\n <excludedsite Url=\\hxxp://www.aol.com/main.adp?adp=1\\/>\\r\\n <excludedsite Url=\\hxxp://www.bestbuy.com/site/olspage.jsp?type=category&ampid=cat00000\\/>\\r\\n <excludedsite Url=\\hxxp://it.wikipedia.org/wiki/Pagina_principale\\/>\\r\\n <excludedsite Url=\\hxxp://fr.wikipedia.org/wiki/Accueil\\/>\\r\\n <excludedsite Url=\\hxxp://ja.wikipedia.org/wiki/\\/>\\r\\n <excludedsite Url=\\hxxp://es.wikipedia.org/wiki/Wikipedia:Portada\\/>\\r\\n <excludedsite Url=\\hxxp://en.wikipedia.org/wiki/Portal:Contents\\/>\\r\\n <excludedsite Url=\\hxxp://en.wikipedia.org/wiki/Main_Page\\/>\\r\\n <excludedsite Url=\\hxxp://de.wikipedia.org/wiki/Hauptseite\\/>\\r\\n <excludedsite Url=\\hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite\\/>\\r\\n <excludedsite Url=\\hxxp://i.media-imdb.com/3pads/kanoodle-title-sky.html\\/>\\r\\n <excludedsite Url=\\hxxp://i.media-imdb.com/3pads/kanoodle-name-sky.html\\/>\\r\\n\\r\\n <browsesite MatchesDomain=\\www.google.com\\ HasInUrl=\\#hl=\\>\\r\\n <PageQuery><![CDATA[ try { var nFind = objTab.url.indexOf\'=Google+Search\' ifnFind == -1 { nFind = objTab.url.indexOf\'=Google Search\' } ifnFind != -1 { var split = objTab.url.substringobjTab.url.indexOf\'&q=\'+3 split = split.substring0,split.indexOf\'&\' this.m_objCurrentDocument.location.replace\'hxxp://www.google.com/search?q=\' + split } }catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\wikipedia.org\\ CannotHaveInUrl=\\Main_Page\\>\\r\\n <PageQuery><![CDATA[try{ifobjTab.parts.path.indexOf\':\' < 0{strQuery = objVVCTabManager.GetTabKeywordsobjTab,1.toString}}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\amazon.com\\ CannotHaveInUrl=\\homepage.html\\ HasInUrl=\\?\\>\\r\\n <PageQuery><![CDATA[try{var metaTags = objTab.document.getElementsByTagName\'META\'for var i=0 i<metaTags.length ++i {if metaTags[i].name.toLowerCase == \'keywords\' {var delimIndex = metaTags[i].content.indexOf\',\'if delimIndex > 0 {strQuery = strQuery = metaTags[i].content.substring0, delimIndexifstrQuery.indexOf\':\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\':\'ifstrQuery.indexOf\'\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\'\'}}} }catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imeem.com\\ CannotHaveInUrl=\\/video/\\ HasInUrl=\\/tag/\\>\\r\\n <PageQuery><![CDATA[try{split = objTab.url.toString.split\'/tag/\'split = split[1].split\'/\'strQuery=split[0]}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imeem.com\\ CannotHaveInUrl=\\/video/\\ HasInUrl=\\/artists/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'for var i=0 i<metaTags.length ++i {if metaTags[i].name.toLowerCase == \'keywords\' {var delimIndex = metaTags[i].content.indexOf\',\'if delimIndex > 0 {strQuery = metaTags[i].content.substring0, delimIndexifstrQuery.indexOf\':\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\':\'ifstrQuery.indexOf\'\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\'\' }}}ifstrQuery.toLowerCase==\'browse\'strQuery=\'\'}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imeem.com\\ CannotHaveInUrl=\\/video/\\ HasInUrl=\\/music/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'for var i=0 i<metaTags.length ++i {if metaTags[i].name.toLowerCase == \'keywords\' {var delimIndex = metaTags[i].content.indexOf\',\'if delimIndex > 0 {strQuery = metaTags[i].content.substring0, delimIndexifstrQuery.indexOf\':\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\':\'ifstrQuery.indexOf\'\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\'\' }}}ifstrQuery.toLowerCase==\'browse\'strQuery=\'\'}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\music.yahoo.com\\ CannotHaveInUrl=\\/videos/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'for var i=0 i<metaTags.length ++i {if metaTags[i].name.toLowerCase == \'keywords\' {var delimIndex = metaTags[i].content.indexOf\',\'if delimIndex > 0 { strQuery = metaTags[i].content.substring0, delimIndexifstrQuery.indexOf\':\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\':\'ifstrQuery.indexOf\'\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\'\' }}}}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\walmart.com\\ HasInUrl=\\?product_id=\\ MainPageUrl=\\hxxp://www.walmart.com/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'for var i=0 i<metaTags.length ++i {if metaTags[i].name.toLowerCase == \'keywords\' {var delimIndex = metaTags[i].content.indexOf\',\'if delimIndex > 0 {strQuery = metaTags[i].content.substring0, delimIndexifstrQuery.indexOf\':\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\':\'ifstrQuery.indexOf\'\' > 0 strQuery = strQuery.substring0,strQuery.indexOf\'\' }}} }catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\bestbuy.com\\ CannotHaveInUrl=\\skuId=\\>\\r\\n <PageQuery><![CDATA[try{var titleTags=objTab.document.getElementsByTagName\'title\'iftitleTags.length>0{strQuery=titleTags[0].textvar split=strQuery.split\'- BestBuy\'ifsplit.length>1{strQuery=split[0]split=strQuery.split\':\'ifsplit.length>1{strQuery=split[1]}}}strQuery=strQuery.replace/^\\s+|\\s+$/g,\'\'}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\music.aol.com\\>\\r\\n <PageQuery><![CDATA[try{strQuery=objVVCTabManager.GetTabKeywordsobjTab,1.toString}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imdb.com\\ HasInUrl=\\title\\ CannotHaveInUrl=\\/doubleclick/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'forvar i=0 i<metaTags.length ++i{ifmetaTags[i].name.toLowerCase == \'title\'{var content = metaTags[i].content.replace/^\\s+|\\s+$/g, \'\'var delimIndex = content.indexOf\',\'ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\\.*\\/g, \'\'break} }}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imdb.com\\ HasInUrl=\\name\\ CannotHaveInUrl=\\/doubleclick/\\>\\r\\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName\'META\'forvar i=0 i<metaTags.length ++i{ifmetaTags[i].name.toLowerCase == \'title\'{var content = metaTags[i].content.replace/^\\s+|\\s+$/g, \'\'var delimIndex = content.indexOf\',\'ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\\.*\\/g, \'\'break}} }catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\imdb.com\\ HasInUrl=\\/Sections/Genres/\\>\\r\\n <PageQuery><![CDATA[ try {var split = objTab.parts.path.split\'/\'strQuery = split[3]}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n <browsesite MatchesDomain=\\last.fm\\ HasInUrl=\\/music/\\>\\r\\n <PageQuery><![CDATA[ try{var split = objTab.parts.path.split\'/\'ifsplit.length>1strQuery = split[2]}catche{}]]></PageQuery>\\r\\n </browsesite>\\r\\n </browsesites>\\r\\n \\r\\n <fallback>\\r\\n <replace url=\\hxxp://gdata.youtube.com/feeds/api/videos?start-index=1&ampmax-results=50&ampv=2&ampformat=5&ampq=\\>\\r\\n <replaceid>BF4C0C4D-1219-409d-886F-436D68306B7B</replaceid>\\r\\n <replaceframe>veohrecs_fr</replaceframe>\\r\\n </replace>\\r\\n </fallback>\\r\\n</results>\\r\\n\\r\\n\\r\\n\\r\\n
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\\..\\Internet Explorer\\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: NARY cac1b9281edac901
Start Page Redirect Cache AcceptLangs: fr
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\\..\\Internet Explorer\\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\\..\\Internet Explorer\\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\\Documents and Settings\\marity\\Bureau\\Drivers\\Others\\EXE68\\patch_tool\\RTPATCH.EXE
C:\\Documents and Settings\\marity\\Bureau\\Drivers\\Others\\Novell. client-8169(114)\\patch\\RTPATCH.EXE
.
===================================
.
20030 Octet(s) - C:\\Ad-Report-CLEAN[1].log
.
281 Fichier(s) - C:\\DOCUME~1\\marity\\LOCALS~1\\Temp
60 Fichier(s) - C:\\WINDOWS\\Temp
.
19 Fichier(s) - C:\\Program Files\\Ad-Remover\\BACKUP
4 Fichier(s) - C:\\Program Files\\Ad-Remover\\QUARANTINE
.
Fin à: 15:41:33 | 30/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.

bien,

Fais un nouveau rapport avec RSIT, cette fois-ci seul le rapport log.txt va apparaître, postes le dans ta prochaine réponse, je n\'ai besoin que de celui-ci.

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by marity at 2009-11-30 17:12:45
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 36 GB (48%) free of 76 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:52, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\WINDOWS\\system32\\LVCOMSX.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Logitech\\Video\\LogiTray.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
C:\\Program Files\\Logitech\\Video\\FxSvr2.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\WINDOWS\\explorer.exe
C:\\WINDOWS\\system32\\notepad.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Documents and Settings\\marity\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\marity.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\\..\\Run: [LogitechVideoTray] C:\\Program Files\\Logitech\\Video\\LogiTray.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/marity/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\WINDOWS\\system32\\pr2ajbeb.exe

--
End of file - 9186 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-06-12 41368]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-06-12 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LVCOMSX\"=C:\\WINDOWS\\system32\\LVCOMSX.EXE [2004-10-08 221184]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-11-25 81000]
\"Cmaudio\"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
\"LogitechVideoTray\"=C:\\Program Files\\Logitech\\Video\\LogiTray.exe [2004-10-08 217088]
\"QuickTime Task\"=C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]
\"iTunesHelper\"=C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]
\"Adobe ARM\"=C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-13 4351216]
\"LDM\"=C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe [2009-05-21 20480]
\"LogitechSoftwareUpdate\"=C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe [2004-10-08 196608]
\"MSMSGS\"=C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ATICCC]
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-04-16 251264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\iTunesHelper]
C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LogitechVideoRepair]
C:\\Program Files\\Logitech\\Video\\ISStart.exe [2004-10-08 458752]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMan]
C:\\WINDOWS\\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-06-12 148888]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VeohPlugin]
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2009-05-20 3561720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2006-02-19 288472]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
Logitech Desktop Messenger.lnk - C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\AtiExtEvent]
C:\\WINDOWS\\system32\\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\"=\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe\"=\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger\"
\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe\"=\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup\"
\"C:\\Documents and Settings\\marity\\Local Settings\\Temp\\Nero Web\\SetupXu.exe\"=\"C:\\Documents and Settings\\marity\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup\"
\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"=\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player \"
\"D:\\setup\\HPZnet01.exe\"=\"D:\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe\"
\"D:\\setup\\hponicifs01.exe\"=\"D:\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe\"
\"C:\\WINDOWS\\system32\\spoolsv.exe\"=\"C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\LimeWire\\LimeWire.exe\"=\"C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire\"
\"C:\\Program Files\\Spotify\\spotify.exe\"=\"C:\\Program Files\\Spotify\\spotify.exe:*:Enabled:Spotify\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"
\"C:\\Program Files\\iTunes\\iTunes.exe\"=\"C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\"
\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe\"=\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"

======List of files/folders created in the last 1 months======

2009-11-30 15:33:01 ----D---- C:\\Program Files\\Ad-Remover
2009-11-30 14:04:00 ----A---- C:\\TB.txt
2009-11-30 14:03:29 ----D---- C:\\ToolBar SD
2009-11-30 13:40:01 ----D---- C:\\Program Files\\trend micro
2009-11-30 13:40:00 ----D---- C:\\rsit
2009-11-25 22:12:34 ----HDC---- C:\\WINDOWS\\$NtUninstallKB976098-v2$
2009-11-25 22:12:23 ----HDC---- C:\\WINDOWS\\$NtUninstallKB973687$
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xinput1_1.dll
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xactengine2_2.dll
2009-11-17 10:08:04 ----A---- C:\\WINDOWS\\system32\\xactengine2_1.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\xactengine2_0.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\x3daudio1_0.dll
2009-11-17 10:07:51 ----A---- C:\\WINDOWS\\system32\\d3dx9_29.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\xinput9_1_0.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\d3dx9_27.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_26.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_25.dll
2009-11-17 10:07:45 ----A---- C:\\WINDOWS\\system32\\d3dx9_24.dll
2009-11-17 09:48:59 ----D---- C:\\Program Files\\Micro Application
2009-11-14 18:19:38 ----D---- C:\\Program Files\\iPod
2009-11-14 18:19:32 ----D---- C:\\Program Files\\iTunes
2009-11-14 18:19:32 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 11:42:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\PhotoMail
2009-11-14 11:42:46 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-14 10:39:52 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Twintale Entertainment
2009-11-11 21:56:00 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-10 12:30:22 ----D---- C:\\Documents and Settings\\marity\\Application Data\\vlc
2009-11-08 14:01:08 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Gamenauts
2009-11-07 12:19:40 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Hidden Island Data
2009-11-07 11:23:28 ----D---- C:\\Program Files\\L\'Ile Invisible
2009-11-07 11:18:39 ----D---- C:\\Program Files\\PuppetShow - Le Mystere de Joyville
2009-11-07 11:03:34 ----D---- C:\\Program Files\\Pocahontas - Princesse du Powhatan
2009-11-07 10:59:04 ----D---- C:\\Program Files\\Cate West - Les Cles de Velours
2009-11-07 10:52:05 ----D---- C:\\Program Files\\Departement 42 - Le Mystere des Neuf
2009-11-06 06:43:00 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Princess Isabella
2009-11-06 05:42:23 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Babylonia
2009-11-02 11:14:15 ----D---- C:\\Program Files\\QuickTime
2009-10-31 22:24:31 ----D---- C:\\Program Files\\Princesse Isabella - Le Chateau Ensorcele
2009-10-31 22:17:06 ----D---- C:\\Program Files\\Babylonia

======List of files/folders modified in the last 1 months======

2009-11-30 15:51:46 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-30 15:41:48 ----D---- C:\\WINDOWS\\Temp
2009-11-30 15:41:37 ----D---- C:\\WINDOWS\\Prefetch
2009-11-30 15:38:49 ----SHD---- C:\\WINDOWS\\Installer
2009-11-30 15:33:01 ----D---- C:\\Program Files
2009-11-30 15:23:08 ----D---- C:\\WINDOWS
2009-11-29 22:36:37 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-26 18:14:53 ----D---- C:\\WINDOWS\\system32
2009-11-25 22:12:36 ----HD---- C:\\WINDOWS\\inf
2009-11-25 22:12:32 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-25 22:12:26 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-25 22:12:12 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-25 22:12:11 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-25 22:12:05 ----HD---- C:\\Config.Msi
2009-11-25 22:12:03 ----D---- C:\\WINDOWS\\WinSxS
2009-11-25 00:54:29 ----A---- C:\\WINDOWS\\system32\\aswBoot.exe
2009-11-24 13:20:46 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Adobe
2009-11-19 19:43:55 ----D---- C:\\Program Files\\Fichiers communs\\Adobe
2009-11-17 10:08:10 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-17 10:08:04 ----RSD---- C:\\WINDOWS\\assembly
2009-11-17 10:07:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-11-17 10:07:38 ----D---- C:\\WINDOWS\\system32\\DirectX
2009-11-14 18:20:25 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE
2009-11-14 18:19:37 ----D---- C:\\Program Files\\Fichiers communs\\Apple
2009-11-14 11:37:53 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-10 11:32:45 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-08 14:00:55 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\BigFishGamesCache
2009-11-07 11:19:15 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Games
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 03:00:35 ----D---- C:\\WINDOWS\\ie8updates
2009-10-31 20:27:11 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Big Fish Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\\WINDOWS\\system32\\drivers\\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\\WINDOWS\\system32\\drivers\\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\\WINDOWS\\system32\\drivers\\aswMon2.sys [2009-11-25 94160]
R2 mdmxsdk;mdmxsdk; C:\\WINDOWS\\system32\\DRIVERS\\mdmxsdk.sys [2004-08-03 11868]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\\WINDOWS\\system32\\drivers\\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\\WINDOWS\\system32\\drivers\\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\\WINDOWS\\system32\\DRIVERS\\ati2mtag.sys [2006-05-03 1540608]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\WINDOWS\\system32\\DRIVERS\\Camdrl.sys [2004-10-08 326656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\\WINDOWS\\system32\\DRIVERS\\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\\WINDOWS\\system32\\DRIVERS\\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\\WINDOWS\\system32\\DRIVERS\\HSFBS2S2.sys [2004-08-03 220032]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\\WINDOWS\\system32\\drivers\\lvusbsta.sys [2004-10-08 22016]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\\WINDOWS\\system32\\DRIVERS\\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
R3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\\WINDOWS\\system32\\DRIVERS\\HSFCXTS2.sys [2004-08-03 685056]
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmuda.sys [2005-12-15 1368000]
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\\WINDOWS\\System32\\Drivers\\usbaapl.sys [2009-06-05 39424]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\\WINDOWS\\system32\\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-06-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe [2006-12-14 61440]
R2 MDM;Machine Debug Manager; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe [2001-02-23 270336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\WINDOWS\\system32\\HPZipm12.exe [2007-08-09 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\\Program Files\\iPod\\bin\\iPodService.exe [2009-10-28 545568]
S2 ATI Smart;ATI Smart; C:\\WINDOWS\\system32\\ati2sgag.exe [2006-05-03 520192]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\WINDOWS\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 aspnet_state;ASP.NET State Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2007-01-04 136120]
S3 HP Status Server;HP Status Server; C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-05-13 234864]
S3 NBService;NBService; C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe [2008-01-22 275752]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

fais ceci maintenant :

A l\'attention de ceux qui passent sur ce sujet

Le logiciel qui suit n\'est pas à utiliser à la légère et peut faire des dégâts s\'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l\'a recommandé.

/!\\ Désactive tous tes logiciels de protection /!\\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
  
• Double-clique sur ComboFix.exe afin de le lancer.
  
• Il va te demander d\'installer la console de récupération : accepte.
  
• Ne touche à rien pendant le scan.
  
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix :www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Je dois m\'absenter

A plus tard !

ComboFix 09-11-29.06 - marity 30/11/2009 17:38.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.443 [GMT 1:00]
Lancé depuis: c:\\documents and settings\\marity\\Bureau\\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\docume~1\\marity\\LOCALS~1\\Temp\\IadHide4.dll
c:\\documents and settings\\marity\\Local Settings\\Temp\\IadHide4.dll
c:\\program files\\QUAD Utilities
c:\\program files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll
c:\\program files\\QUAD Utilities\\QUAD Driver Fix\\QUAD Driver Fix.dat
c:\\program files\\QUAD Utilities\\QUAD Driver Fix\\QUAD Driver Fix.exe
c:\\program files\\QUAD Utilities\\QUAD Driver Fix\\Uninstall QUAD Driver Fix.exe
c:\\windows\\Downloaded Program Files\\popcaploader.dll
c:\\windows\\Downloaded Program Files\\popcaploader.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.

2009-11-30 14:33 . 2009-11-30 14:41 -------- d-----w- c:\\program files\\Ad-Remover
2009-11-30 13:03 . 2009-11-30 14:24 -------- d-----w- C:\\ToolBar SD
2009-11-30 12:40 . 2009-11-30 16:12 -------- d-----w- c:\\program files\\trend micro
2009-11-30 12:40 . 2009-11-30 12:40 -------- d-----w- C:\\rsit
2009-11-26 16:57 . 2009-11-26 16:57 -------- d-----w- c:\\documents and settings\\marity\\Local Settings\\Application Data\\RcIncidents
2009-11-17 09:07 . 2005-05-26 14:34 2297552 ----a-w- c:\\windows\\system32\\d3dx9_26.dll
2009-11-17 08:48 . 2009-11-17 08:48 -------- d-----w- c:\\program files\\Micro Application
2009-11-14 17:19 . 2009-11-14 17:19 -------- d-----w- c:\\program files\\iPod
2009-11-14 17:19 . 2009-11-14 17:20 -------- d-----w- c:\\program files\\iTunes
2009-11-14 17:19 . 2009-11-14 17:20 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 17:11 . 2009-11-14 17:11 79144 ----a-w- c:\\documents and settings\\All Users\\Application Data\\Apple Computer\\Installer Cache\\iTunes 9.0.2.25\\SetupAdmin.exe
2009-11-14 10:42 . 2009-11-14 10:42 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\PhotoMail
2009-11-14 10:42 . 2009-11-14 10:42 -------- d-----w- c:\\program files\\PhotoMail Maker
2009-11-14 09:39 . 2009-11-14 09:39 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Twintale Entertainment
2009-11-10 11:30 . 2009-11-10 11:32 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\vlc
2009-11-08 13:01 . 2009-11-08 13:01 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Gamenauts
2009-11-07 11:19 . 2009-11-13 10:48 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Hidden Island Data
2009-11-07 10:23 . 2009-11-07 10:23 -------- d-----w- c:\\program files\\L\'Ile Invisible
2009-11-07 10:18 . 2009-11-07 10:23 -------- d-----w- c:\\program files\\PuppetShow - Le Mystere de Joyville
2009-11-07 10:03 . 2009-11-14 09:37 -------- d-----w- c:\\program files\\Pocahontas - Princesse du Powhatan
2009-11-07 09:59 . 2009-11-07 09:59 -------- d-----w- c:\\program files\\Cate West - Les Cles de Velours
2009-11-07 09:52 . 2009-11-07 09:52 -------- d-----w- c:\\program files\\Departement 42 - Le Mystere des Neuf
2009-11-06 05:43 . 2009-11-06 05:43 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\Princess Isabella
2009-11-06 04:42 . 2009-11-06 05:37 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Babylonia
2009-11-02 10:14 . 2009-11-02 10:14 -------- d-----w- c:\\program files\\QuickTime
2009-10-31 21:24 . 2009-11-06 05:42 -------- d-----w- c:\\program files\\Princesse Isabella - Le Chateau Ensorcele
2009-10-31 21:17 . 2009-10-31 21:18 -------- d-----w- c:\\program files\\Babylonia

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 23:54 . 2009-05-21 10:45 1280480 ----a-w- c:\\windows\\system32\\aswBoot.exe
2009-11-24 23:51 . 2009-05-21 10:45 93424 ----a-w- c:\\windows\\system32\\drivers\\aswmon.sys
2009-11-24 23:50 . 2009-05-21 10:45 94160 ----a-w- c:\\windows\\system32\\drivers\\aswmon2.sys
2009-11-24 23:50 . 2009-05-21 14:05 114768 ----a-w- c:\\windows\\system32\\drivers\\aswSP.sys
2009-11-24 23:50 . 2009-05-21 14:05 20560 ----a-w- c:\\windows\\system32\\drivers\\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-21 10:45 48560 ----a-w- c:\\windows\\system32\\drivers\\aswTdi.sys
2009-11-24 23:48 . 2009-05-21 10:45 23120 ----a-w- c:\\windows\\system32\\drivers\\aswRdr.sys
2009-11-24 23:47 . 2009-05-21 10:45 27408 ----a-w- c:\\windows\\system32\\drivers\\aavmker4.sys
2009-11-24 23:47 . 2009-05-21 10:45 97480 ----a-w- c:\\windows\\system32\\AVASTSS.scr
2009-11-19 18:43 . 2009-05-22 22:11 -------- d-----w- c:\\program files\\Fichiers communs\\Adobe
2009-11-14 17:19 . 2009-06-27 05:06 -------- d-----w- c:\\program files\\Fichiers communs\\Apple
2009-11-14 10:37 . 2009-06-12 20:48 -------- d---a-w- c:\\documents and settings\\All Users\\Application Data\\TEMP
2009-11-08 13:00 . 2009-08-22 10:35 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\BigFishGamesCache
2009-11-07 10:19 . 2009-09-08 09:48 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Games
2009-10-31 19:27 . 2009-06-22 09:16 -------- d-----w- c:\\documents and settings\\marity\\Application Data\\Big Fish Games
2009-10-25 12:07 . 2004-08-05 12:00 89122 ----a-w- c:\\windows\\system32\\perfc00C.dat
2009-10-25 12:07 . 2004-08-05 12:00 520092 ----a-w- c:\\windows\\system32\\perfh00C.dat
2009-10-20 20:27 . 2009-10-20 20:24 -------- d-----w- c:\\program files\\Microsoft
2009-10-20 20:27 . 2009-05-21 10:38 -------- d-----w- c:\\program files\\Windows Live
2009-09-28 08:03 . 2009-06-15 17:50 68 ----a-w- c:\\windows\\GPlrLanc.dat
2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\\windows\\system32\\msv1_0.dll
2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\\windows\\system32\\msasn1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\\program files\\mozilla firefox\\plugins\\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\\program files\\mozilla firefox\\plugins\\ssldivx.dll
2006-05-03 09:06 . 2009-05-21 20:51 163328 --sh--r- c:\\windows\\system32\\flvDX.dll
2007-02-21 10:47 . 2009-05-21 20:51 31232 --sh--r- c:\\windows\\system32\\msfDX.dll
2008-03-16 12:30 . 2009-05-21 20:51 216064 --sh--r- c:\\windows\\system32\\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"msnmsgr\"=\"c:\\program files\\Windows Live\\Messenger\\msnmsgr.exe\" [2009-07-26 3883856]
\"LDM\"=\"c:\\program files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe\" [2009-05-21 20480]
\"LogitechSoftwareUpdate\"=\"c:\\program files\\Logitech\\Video\\ManifestEngine.exe\" [2004-10-08 196608]
\"MSMSGS\"=\"c:\\program files\\Messenger\\msmsgs.exe\" [2008-04-14 1695232]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LVCOMSX\"=\"c:\\windows\\system32\\LVCOMSX.EXE\" [2004-10-08 221184]
\"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2009-11-24 81000]
\"LogitechVideoTray\"=\"c:\\program files\\Logitech\\Video\\LogiTray.exe\" [2004-10-08 217088]
\"QuickTime Task\"=\"c:\\program files\\QuickTime\\QTTask.exe\" [2009-09-05 417792]
\"iTunesHelper\"=\"c:\\program files\\iTunes\\iTunesHelper.exe\" [2009-10-28 141600]
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\" [2009-10-03 35696]
\"Adobe ARM\"=\"c:\\program files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\" [2009-09-04 935288]

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]

c:\\documents and settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\
Logitech Desktop Messenger.lnk - c:\\program files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe [2009-5-21 450560]

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=c:\\documents and settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Démarrage rapide de HP Photosmart Premier.lnk
backup=c:\\windows\\pss\\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\\documents and settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk
backup=c:\\windows\\pss\\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\wlcsdk.exe\"=
\"c:\\\\Program Files\\\\Yahoo!\\\\Messenger\\\\YahooMessenger.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\IncrediMail\\\\bin\\\\ImApp.exe\"=
\"c:\\\\Program Files\\\\IncrediMail\\\\bin\\\\IncMail.exe\"=
\"c:\\\\Program Files\\\\IncrediMail\\\\bin\\\\ImpCnt.exe\"=
\"c:\\\\Program Files\\\\Logitech\\\\Desktop Messenger\\\\8876480\\\\Program\\\\backWeb-8876480.exe\"=
\"c:\\\\Program Files\\\\Fichiers communs\\\\Ahead\\\\Nero Web\\\\SetupX.exe\"=
\"c:\\\\Program Files\\\\Veoh Networks\\\\VeohWebPlayer\\\\veohwebplayer.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\spoolsv.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpofxm08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposfx08.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqscnvw.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqCopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpfccopy.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpzwiz01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqPhUnl.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqDIA.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpoews01.exe\"=
\"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqnrs08.exe\"=
\"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"c:\\\\Program Files\\\\LimeWire\\\\LimeWire.exe\"=
\"c:\\\\Program Files\\\\Spotify\\\\spotify.exe\"=
\"c:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=
\"c:\\\\Program Files\\\\Windows Live\\\\Sync\\\\WindowsLiveSync.exe\"=
\"c:\\\\Program Files\\\\iTunes\\\\iTunes.exe\"=
\"c:\\\\WINDOWS\\\\pchealth\\\\helpctr\\\\binaries\\\\helpctr.exe\"=

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\\windows\\system32\\drivers\\pe3ajbeb.sys [22/08/2007 17:31 64632]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\\windows\\system32\\drivers\\ps7ajbeb.sys [22/08/2007 17:30 68736]
R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [21/05/2009 15:05 114768]
R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [21/05/2009 15:05 20560]
R2 X4HSX32Ex;X4HSX32Ex;c:\\program files\\Player Metaboli\\X4HSX32Ex.sys [15/06/2009 18:50 29856]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);c:\\windows\\system32\\pr2ajbeb.exe svc --> c:\\windows\\system32\\pr2ajbeb.exe svc [?]
S3 maconfservice;Ma-Config Service;c:\\program files\\ma-config.com\\maconfservice.exe [13/05/2009 13:37 234864]
.
Contenu du dossier \'Tâches planifiées\'

2009-11-28 c:\\windows\\Tasks\\AppleSoftwareUpdate.job
- c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\\windows\\system32\\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\\progra~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
Handler: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} -
FF - ProfilePath - c:\\documents and settings\\marity\\Application Data\\Mozilla\\Firefox\\Profiles\\oxze7o25.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.memoclic.com/forum/bistrot/|http://www.orange.fr/|http://forum.lamijardin.net/|http://www.google.fr/|http://www.aujardin.org/|http://www.programme-tv.net/#|http://www.tutoriels-animes.com/traitement-video.html|http://cyclurba.fr/forum-velo/6/velos-assistes-motorises.html|http://www.ameli.fr/assures/droits-et-demarches/par-situation-medicale/en-cas-de-maladie-professionnelle/comment-declarer-votre-maladie-professionnelle.php|http://www.facebook.com/home.php|http://www.programme-tv.net/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_std_alone&search=
FF - component: c:\\program files\\Mozilla Firefox\\extensions\\YPlayer@yummy.net\\components\\FYPlayer.dll
FF - plugin: c:\\program files\\ma-config.com\\nphardwaredetection.dll
FF - plugin: c:\\program files\\Microsoft\\Office Live\\npOLW.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npExentCtl.dll
FF - plugin: c:\\program files\\Picasa2\\npPicasa3.dll
FF - plugin: c:\\program files\\Veoh Networks\\VeohWebPlayer\\NPVeohTVPlugin.dll
FF - plugin: c:\\program files\\Veoh Networks\\VeohWebPlayer\\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\\program files\\Windows Live\\Photo Gallery\\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\

---- PARAMETRES FIREFOX ----
FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */
FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */
FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */
FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */
FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */
FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.id - hxxp://www.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.id - hxxps://www.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */
FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.id - hxxps://www.metaboli.de/

/* CUUK */
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */
FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */
FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */
FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */
FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */
FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */
FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */
FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */
FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */
FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */
FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */
FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */
FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.id - hxxps://woj-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.id - hxxp://woj-pp.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.id - hxxps://woj-pp.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.id - hxxp://woj-int.jeu.orange.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.id - hxxps://woj-int.jeu.orange.fr/

user_pref(capability.principal.codebase.YummyPlayer_XX0001.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0001.id,hxxp://www.neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0002.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0002.id,hxxps://www.neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0003.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0003.id,hxxp://neufgame.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0004.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0004.id,hxxp://ad.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0005.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0005.id,hxxps://ad.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0006.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0006.id,hxxp://ads.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0007.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0007.id,hxxps://ads.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0008.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0008.id,hxxp://ads.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0009.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0009.id,hxxps://ads.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0010.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0010.id,hxxp://ads.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0011.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0011.id,hxxps://ads.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0012.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0012.id,hxxp://ag.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0013.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0013.id,hxxps://ag.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0014.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0014.id,hxxp://alice.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0015.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0015.id,hxxps://alice.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0016.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0016.id,hxxp://allocine.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0017.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0017.id,hxxps://allocine.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0018.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0018.id,hxxp://am.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0019.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0019.id,hxxps://am.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0020.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0020.id,hxxp://aol.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0021.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0021.id,hxxps://aol.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0022.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0022.id,hxxp://bc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0023.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0023.id,hxxps://bc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0024.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0024.id,hxxp://linternaute.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0025.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0025.id,hxxps://linternaute.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0026.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0026.id,hxxp://bild.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0027.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0027.id,hxxps://bild.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0028.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0028.id,hxxp://btvision.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0029.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0029.id,hxxps://btvision.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0030.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0030.id,hxxp://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0031.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0031.id,hxxp://cg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0032.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0032.id,hxxps://cg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0033.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0033.id,hxxp://cibleclick.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0034.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0034.id,hxxps://cibleclick.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0035.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0035.id,hxxp://cegetel.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0036.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0036.id,hxxps://cegetel.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0037.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0037.id,hxxp://choc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0038.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0038.id,hxxps://choc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0039.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0039.id,hxxp://cj.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0040.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0040.id,hxxps://cj.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0041.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0041.id,hxxp://cj.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0042.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0042.id,hxxps://cj.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0043.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0043.id,hxxp://cj.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0044.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0044.id,hxxps://cj.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0045.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0045.id,hxxp://cj.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0046.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0046.id,hxxps://cj.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0047.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0047.id,hxxp://metaboli.clubic.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0048.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0048.id,hxxps://metaboli.clubic.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0049.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0049.id,hxxp://metaboli.club-internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0050.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0050.id,hxxps://metaboli.club-internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0051.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0051.id,hxxp://coeur.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0052.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0052.id,hxxps://coeur.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0053.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0053.id,hxxp://come.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0054.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0054.id,hxxps://come.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0055.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0055.id,hxxp://lesaccros2.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0056.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0056.id,hxxps://lesaccros2.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0057.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0057.id,hxxp://surcouf.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0058.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0058.id,hxxps://surcouf.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0059.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0059.id,hxxp://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0060.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0060.id,hxxps://www.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0061.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0061.id,hxxp://cs.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0062.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0062.id,hxxps://cs.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0063.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0063.id,hxxp://custompc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0064.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0064.id,hxxps://custompc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0065.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0065.id,hxxp://cvg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0066.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0066.id,hxxps://cvg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0067.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0067.id,hxxp://daooda.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0068.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0068.id,hxxps://daooda.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0069.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0069.id,hxxp://daooda.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0070.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0070.id,hxxps://daooda.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0071.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0071.id,hxxp://daooda.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0072.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0072.id,hxxps://daooda.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0073.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0073.id,hxxp://digitaldownload.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0074.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0074.id,hxxps://digitaldownload.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0075.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0075.id,hxxp://eurogamer.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0076.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0076.id,hxxps://eurogamer.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0077.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0077.id,hxxp://eurogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0078.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0078.id,hxxps://eurogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0079.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0079.id,hxxp://exagame.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0080.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0080.id,hxxps://exagame.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0081.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0081.id,hxxp://fb.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0082.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0082.id,hxxps://fb.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0083.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0083.id,hxxp://fb.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0084.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0084.id,hxxps://fb.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0085.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0085.id,hxxp://fb.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0086.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0086.id,hxxps://fb.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0087.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0087.id,hxxp://firstcoffee.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0088.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0088.id,hxxps://firstcoffee.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0089.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0089.id,hxxp://fnac.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0090.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0090.id,hxxps://fnac.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0091.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0091.id,hxxp://fox.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0092.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0092.id,hxxps://fox.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0093.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0093.id,hxxp://fox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0094.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0094.id,hxxps://fox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0095.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0095.id,hxxp://fox.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0096.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0096.id,hxxps://fox.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0097.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0097.id,hxxp://free.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0098.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0098.id,hxxps://free.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0099.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0099.id,hxxp://funsta.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0100.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0100.id,hxxps://funsta.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0101.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0101.id,hxxp://funsta.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0102.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0102.id,hxxps://funsta.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0103.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0103.id,hxxp://metaboli.funradio.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0104.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0104.id,hxxps://metaboli.funradio.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0105.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0105.id,hxxp://fastweb.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0106.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0106.id,hxxps://fastweb.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0107.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0107.id,hxxp://god1.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0108.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0108.id,hxxps://god1.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0109.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0109.id,hxxp://god2.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0110.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0110.id,hxxps://god2.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0111.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0111.id,hxxp://god3.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0112.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0112.id,hxxps://god3.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0113.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0113.id,hxxp://gamona.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0114.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0114.id,hxxps://gamona.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0115.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0115.id,hxxp://giga.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0116.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0116.id,hxxps://giga.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0117.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0117.id,hxxp://gameseek.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0118.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0118.id,hxxps://gameseek.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0119.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0119.id,hxxp://www.gamesflatrate.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0120.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0120.id,hxxps://www.gamesflatrate.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0121.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0121.id,hxxp://games24.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0122.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0122.id,hxxps://games24.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0123.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0123.id,hxxp://ondemand.game.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0124.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0124.id,hxxps://ondemand.game.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0125.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0125.id,hxxp://google.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0126.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0126.id,hxxps://google.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0127.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0127.id,hxxp://google.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0128.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0128.id,hxxps://google.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0129.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0129.id,hxxp://gameone.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0130.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0130.id,hxxps://gameone.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0131.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0131.id,hxxp://google.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0132.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0132.id,hxxps://google.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0133.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0133.id,hxxp://goog.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0134.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0134.id,hxxps://goog.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0135.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0135.id,hxxp://google.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0136.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0136.id,hxxps://google.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0137.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0137.id,hxxp://gameplay.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0138.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0138.id,hxxps://gameplay.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0139.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0139.id,hxxp://gamesonradar.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0140.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0140.id,hxxps://gamesonradar.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0141.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0141.id,hxxp://gameshadow.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0142.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0142.id,hxxps://gameshadow.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0143.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0143.id,hxxp://gametap.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0144.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0144.id,hxxps://gametap.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0145.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0145.id,hxxp://gametap2.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0146.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0146.id,hxxps://gametap2.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0147.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0147.id,hxxp://gamespot.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0148.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0148.id,hxxps://gamespot.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0149.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0149.id,hxxp://gamerunlimited.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0150.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0150.id,hxxps://gamerunlimited.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0151.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0151.id,hxxp://guts.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0152.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0152.id,hxxps://guts.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0153.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0153.id,hxxp://gameswelt.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0154.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0154.id,hxxps://gameswelt.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0155.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0155.id,hxxp://gmx.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0156.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0156.id,hxxps://gmx.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0157.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0157.id,hxxp://hoaxbuster.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0158.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0158.id,hxxps://hoaxbuster.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0159.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0159.id,hxxp://incgamers.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0160.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0160.id,hxxps://incgamers.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0161.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0161.id,hxxp://imbogames.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0162.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0162.id,hxxps://imbogames.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0163.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0163.id,hxxp://ja.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0164.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0164.id,hxxps://ja.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0165.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0165.id,hxxp://janews.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0166.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0166.id,hxxps://janews.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0167.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0167.id,hxxp://jvfr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0168.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0168.id,hxxps://jvfr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0169.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0169.id,hxxp://jeux-pc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0170.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0170.id,hxxps://jeux-pc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0171.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0171.id,hxxp://kelkoo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0172.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0172.id,hxxps://kelkoo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0173.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0173.id,hxxp://gamekult.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0174.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0174.id,hxxps://gamekult.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0175.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0175.id,hxxp://ld.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0176.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0176.id,hxxps://ld.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0177.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0177.id,hxxp://leguide.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0178.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0178.id,hxxps://leguide.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0179.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0179.id,hxxp://leguide.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0180.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0180.id,hxxps://leguide.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0181.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0181.id,hxxp://leguide.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0182.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0182.id,hxxps://leguide.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0183.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0183.id,hxxp://leguide.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0184.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0184.id,hxxps://leguide.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0185.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0185.id,hxxp://jeuvideo.m6jeux.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0186.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0186.id,hxxps://jeuvideo.m6jeux.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0187.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0187.id,hxxp://magcity.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0188.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0188.id,hxxps://magcity.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0189.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0189.id,hxxp://medion.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0190.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0190.id,hxxps://medion.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0191.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0191.id,hxxp://medion.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0192.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0192.id,hxxps://medion.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0193.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0193.id,hxxp://www.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0194.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0194.id,hxxps://www.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0195.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0195.id,hxxp://medion.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0196.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0196.id,hxxps://medion.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0197.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0197.id,hxxp://www.metaboli.es);
user_pref(capability.principal.codebase.YummyPlayer_XX0198.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0198.id,hxxps://www.metaboli.es);
user_pref(capability.principal.codebase.YummyPlayer_XX0199.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0199.id,hxxp://www.metaboli.es);
user_pref(capability.principal.codebase.YummyPlayer_XX0200.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0200.id,hxxp://www.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0201.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0201.id,hxxps://www.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0202.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0202.id,hxxp://www.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0203.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0203.id,hxxp://www.metaboli.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0204.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0204.id,hxxps://www.metaboli.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0205.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0205.id,hxxp://www.metaboli.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0206.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0206.id,hxxp://www.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0207.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0207.id,hxxps://www.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0208.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0208.id,hxxp://mirago.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0209.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0209.id,hxxps://mirago.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0210.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0210.id,hxxp://msn-games.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0211.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0211.id,hxxps://msn-games.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0212.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0212.id,hxxp://msn-jeux.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0213.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0213.id,hxxps://msn-jeux.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0214.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0214.id,hxxp://msn-games.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0215.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0215.id,hxxps://msn-games.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0216.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0216.id,hxxp://multiplayer.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0217.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0217.id,hxxps://multiplayer.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0218.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0218.id,hxxp://msn.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0219.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0219.id,hxxps://msn.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0220.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0220.id,hxxp://msn.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0221.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0221.id,hxxps://msn.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0222.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0222.id,hxxp://metaboli.msn.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0223.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0223.id,hxxps://metaboli.msn.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0224.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0224.id,hxxp://msn.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0225.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0225.id,hxxps://msn.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0226.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0226.id,hxxp://miva.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0227.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0227.id,hxxps://miva.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0228.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0228.id,hxxp://miva.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0229.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0229.id,hxxps://miva.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0230.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0230.id,hxxp://miva.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0231.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0231.id,hxxps://miva.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0232.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0232.id,hxxp://maxim.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0233.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0233.id,hxxps://maxim.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0234.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0234.id,hxxp://modulonet.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0235.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0235.id,hxxps://modulonet.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0236.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0236.id,hxxp://ncn.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0237.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0237.id,hxxps://ncn.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0238.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0238.id,hxxp://news.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0239.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0239.id,hxxps://news.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0240.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0240.id,hxxp://news.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0241.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0241.id,hxxps://news.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0242.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0242.id,hxxp://news.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0243.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0243.id,hxxps://news.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0244.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0244.id,hxxp://news.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0245.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0245.id,hxxps://news.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0246.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0246.id,hxxp://metaboli.noos.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0247.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0247.id,hxxps://metaboli.noos.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0248.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0248.id,hxxp://newprice.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0249.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0249.id,hxxps://newprice.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0250.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0250.id,hxxp://onlyplanet.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0251.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0251.id,hxxps://onlyplanet.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0252.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0252.id,hxxp://orange.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0253.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0253.id,hxxps://orange.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0254.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0254.id,hxxp://onlinewelten.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0255.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0255.id,hxxps://onlinewelten.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0256.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0256.id,hxxp://playart1.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0257.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0257.id,hxxps://playart1.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0258.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0258.id,hxxp://playart2.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0259.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0259.id,hxxps://playart2.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0260.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0260.id,hxxp://packardbell.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0261.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0261.id,hxxps://packardbell.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0262.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0262.id,hxxp://packardbell.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0263.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0263.id,hxxps://packardbell.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0264.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0264.id,hxxp://packardbell.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0265.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0265.id,hxxps://packardbell.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0266.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0266.id,hxxp://playart3.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0267.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0267.id,hxxps://playart3.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0268.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0268.id,hxxp://packardbell.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0269.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0269.id,hxxps://packardbell.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0270.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0270.id,hxxp://playart5.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0271.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0271.id,hxxps://playart5.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0272.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0272.id,hxxp://playart6.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0273.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0273.id,hxxps://playart6.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0274.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0274.id,hxxp://sevengamesbe.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0275.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0275.id,hxxps://sevengamesbe.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0276.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0276.id,hxxp://sevengames.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0277.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0277.id,hxxps://sevengames.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0278.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0278.id,hxxp://sevengames.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0279.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0279.id,hxxps://sevengames.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0280.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0280.id,hxxp://sevengamesnl.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0281.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0281.id,hxxps://sevengamesnl.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0282.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0282.id,hxxp://sevengamesno.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0283.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0283.id,hxxps://sevengamesno.metaboli.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0284.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0284.id,hxxp://sevengames.metaboli.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0285.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0285.id,hxxps://sevengames.metaboli.se);
user_pref(capability.principal.codebase.YummyPlayer_XX0286.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0286.id,hxxp://playart8.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0287.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0287.id,hxxps://playart8.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0288.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0288.id,hxxp://playart9.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0289.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0289.id,hxxps://playart9.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0290.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0290.id,hxxp://packardbell.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0291.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0291.id,hxxps://packardbell.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0292.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0292.id,hxxp://packardbell.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0293.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0293.id,hxxps://packardbell.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0294.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0294.id,hxxp://packardbell.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0295.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0295.id,hxxps://packardbell.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0296.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0296.id,hxxp://packardbell.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0297.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0297.id,hxxps://packardbell.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0298.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0298.id,hxxp://puntaeclicca.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0299.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0299.id,hxxps://puntaeclicca.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0300.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0300.id,hxxp://pg.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0301.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0301.id,hxxps://pg.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0302.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0302.id,hxxp://pg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0303.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0303.id,hxxps://pg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0304.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0304.id,hxxp://pg.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0305.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0305.id,hxxps://pg.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0306.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0306.id,hxxp://pg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0307.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0307.id,hxxps://pg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0308.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0308.id,hxxp://gameplazza.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0309.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0309.id,hxxps://gameplazza.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0310.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0310.id,hxxp://partner.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0311.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0311.id,hxxps://partner.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0312.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0312.id,hxxp://videogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0313.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0313.id,hxxps://videogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0314.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0314.id,hxxp://pr.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0315.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0315.id,hxxps://pr.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0316.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0316.id,hxxp://pr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0317.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0317.id,hxxps://pr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0318.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0318.id,hxxp://pro.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0319.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0319.id,hxxps://pro.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0320.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0320.id,hxxp://pr.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0321.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0321.id,hxxps://pr.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0322.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0322.id,hxxp://pixmania.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0323.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0323.id,hxxps://pixmania.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0324.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0324.id,hxxp://quintplay.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0325.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0325.id,hxxps://quintplay.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0326.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0326.id,hxxp://rap.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0327.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0327.id,hxxps://rap.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0328.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0328.id,hxxp://videogamesondemand.rossoalice.alice.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0329.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0329.id,hxxps://videogamesondemand.rossoalice.alice.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0330.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0330.id,hxxp://metaboli.rtl.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0331.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0331.id,hxxps://metaboli.rtl.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0332.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0332.id,hxxp://rueducommerce.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0333.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0333.id,hxxps://rueducommerce.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0334.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0334.id,hxxp://sat1spiele.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0335.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0335.id,hxxps://sat1spiele.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0336.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0336.id,hxxp://sfr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0337.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0337.id,hxxps://sfr.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0338.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0338.id,hxxp://sg.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0339.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0339.id,hxxps://sg.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0340.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0340.id,hxxp://sg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0341.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0341.id,hxxps://sg.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0342.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0342.id,hxxp://sg.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0343.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0343.id,hxxps://sg.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0344.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0344.id,hxxp://sg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0345.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0345.id,hxxps://sg.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0346.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0346.id,hxxp://shopping.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0347.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0347.id,hxxps://shopping.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0348.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0348.id,hxxp://shopping.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0349.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0349.id,hxxps://shopping.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0350.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0350.id,hxxp://shoot.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0351.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0351.id,hxxps://shoot.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0352.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0352.id,hxxp://shopping.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0353.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0353.id,hxxps://shopping.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0354.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0354.id,hxxp://spieletipps.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0355.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0355.id,hxxps://spieletipps.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0356.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0356.id,hxxp://sqoops.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0357.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0357.id,hxxps://sqoops.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0358.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0358.id,hxxp://tiscali.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0359.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0359.id,hxxps://tiscali.metaboli.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0360.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0360.id,hxxp://tradedoubler.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0361.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0361.id,hxxps://tradedoubler.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0362.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0362.id,hxxp://metaboli.tele2internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0363.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0363.id,hxxps://metaboli.tele2internet.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0364.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0364.id,hxxp://www.metaboli.fr:8889);
user_pref(capability.principal.codebase.YummyPlayer_XX0365.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0365.id,hxxps://www.metaboli.fr:8889);
user_pref(capability.principal.codebase.YummyPlayer_XX0366.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0366.id,hxxp://telecharger.tomsgames.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0367.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0367.id,hxxps://telecharger.tomsgames.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0368.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0368.id,hxxp://to-record.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0369.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0369.id,hxxps://to-record.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0370.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0370.id,hxxp://turbo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0371.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0371.id,hxxps://turbo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0372.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0372.id,hxxp://twenga.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0373.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0373.id,hxxps://twenga.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0374.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0374.id,hxxp://vc.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0375.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0375.id,hxxps://vc.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0376.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0376.id,hxxp://vc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0377.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0377.id,hxxps://vc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0378.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0378.id,hxxp://vc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0379.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0379.id,hxxps://vc.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0380.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0380.id,hxxp://videogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0381.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0381.id,hxxps://videogamer.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0382.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0382.id,hxxp://jeuxvideopc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0383.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0383.id,hxxps://jeuxvideopc.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0384.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0384.id,hxxp://virginmega.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0385.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0385.id,hxxps://virginmega.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0386.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0386.id,hxxp://virginmedia.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0387.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0387.id,hxxps://virginmedia.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0388.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0388.id,hxxp://metaboli.goa.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0389.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0389.id,hxxps://metaboli.goa.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0390.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0390.id,hxxp://webde.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0391.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0391.id,hxxps://webde.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0392.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0392.id,hxxp://metaboli.libero.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0393.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0393.id,hxxps://metaboli.libero.it);
user_pref(capability.principal.codebase.YummyPlayer_XX0394.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0394.id,hxxp://metaboli.goa.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0395.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0395.id,hxxps://metaboli.goa.com);
user_pref(capability.principal.codebase.YummyPlayer_XX0396.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0396.id,hxxp://jeuxvideo.orange.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0397.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0397.id,hxxps://jeuxvideo.orange.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0398.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0398.id,hxxp://yahoo.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0399.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0399.id,hxxps://yahoo.metaboli.de);
user_pref(capability.principal.codebase.YummyPlayer_XX0400.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0400.id,hxxp://yahoo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0401.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0401.id,hxxps://yahoo.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0402.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0402.id,hxxp://yahoo.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0403.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0403.id,hxxps://yahoo.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0404.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0404.id,hxxp://yahooclic.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0405.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0405.id,hxxps://yahooclic.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0406.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0406.id,hxxp://zanox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0407.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0407.id,hxxps://zanox.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0408.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0408.id,hxxp://zavvi.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0409.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0409.id,hxxps://zavvi.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0410.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0410.id,hxxp://go.metaboli.fr);
user_pref(capability.principal.codebase.YummyPlayer_XX0411.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0411.id,hxxps://go.metaboli.fr);

/* added 17-03-09 */
user_pref(capability.principal.codebase.YummyPlayer_XX0412.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0412.id,hxxp://cnet.metaboli.co.uk);
user_pref(capability.principal.codebase.YummyPlayer_XX0413.granted,UniversalXPConnect);
user_pref(capability.principal.codebase.YummyPlayer_XX0413.id,hxxps://cnet.metaboli.co.uk);

/* GWDE */
FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.id - hxxp://gwde.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.id - hxxp://gwde.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.id - hxxps://gwde.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.id - hxxps://gwde.int.metaboli.fr/

/* GMUK */
FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.id - hxxp://game.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.id - hxxp://gmuk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.id - hxxps://game.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.id - hxxps://gmuk.int.metaboli.fr/

/* CNET */
FF - user.js: capability.principal.codebase.YummyPlayer_CNET.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CNET.id - hxxp://cnet.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.id - hxxp://cnet.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.id - hxxps://cnet.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.id - hxxps://cnet.int.metaboli.fr/

/* IGUK */
FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.id - hxxp://iguk.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.id - hxxp://iguk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.id - hxxps://iguk.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.id - hxxps://iguk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.id - hxxp://Incgamers.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.id - hxxps://Incgamers.metaboli.co.uk/

/* SKFR */
FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.id - hxxp://skfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.id - hxxp://skfr.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.id - hxxps://skfr.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.id - hxxps://skfr.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.id - hxxp://Skyrock.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.id - hxxps://Skyrock.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.id - hxxp://free-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.id - hxxps://free-int.metaboli.fr/

/* GNUK */
FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.id - hxxp://gamestation.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.id - hxxps://gamestation.metaboli.co.uk/

/* NEW MSN UK DE */
FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.id - hxxp://playnow.tech.uk.msn.com/
FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.id - hxxps://playnow.tech.uk.msn.com/
FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.id - hxxp://pc-spiele-flatrate.msn.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.id - hxxps://pc-spiele-flatrate.msn.de/

/* VMUK */
FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.id - hxxp://virginmedia.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.id - hxxps://virginmedia.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.id - hxxp://vmuk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.id - hxxps://vmuk.int.metaboli.fr/

/* WDDE (web de) INT */
FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.id - hxxp://wdde.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.id - hxxps://wdde.int.metaboli.fr/

/* ORUK */
FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.id - hxxp://orange.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.id - hxxps://orange.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.id - hxxp://oruk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.id - hxxps://oruk.int.metaboli.fr/

/* MEDI int */
FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.id - hxxp://medi.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.id - hxxps://medi.int.metaboli.fr/

/* SAT1 */
FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.id - hxxp://spieleflatrate.sat1.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.id - hxxps://spieleflatrate.sat1.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.id - hxxp://sat1.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.id - hxxps://sat1.int.metaboli.fr/

/* OWDE */
FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.id - hxxp://onlinewelten.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.id - hxxps://onlinewelten.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.id - hxxp://owde.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.id - hxxps://owde.int.metaboli.fr/

/* GRAD INT */
FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.id - hxxp://grad.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.id - hxxps://grad.int.metaboli.fr/

/* RTLN */
FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.id - hxxp://rtl.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.id - hxxps://rtl.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.id - hxxp://rtln.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.id - hxxps://rtln.int.metaboli.fr/

/* MNIT */
FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.id - hxxp://pcgames.msn.it/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.id - hxxps://pcgames.msn.it/
FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.id - hxxp://mnit.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.id - hxxps://mnit.int.metaboli.fr/

/* CUUK */
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://atheneum.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://atheneum.metaboli.co.uk/
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk.int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.id - hxxps://cuuk.int.metaboli.fr/

/* SCDE */
FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.id - hxxp://schueler.metaboli.de/
FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.id - hxxps://schueler.metaboli.de/

c:\\program files\\Mozilla Firefox\\greprefs\\security-prefs.js - pref(\"security.ssl3.rsa_seed_sha\", true);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Cool\'s_Codec_pack_4.12 - c:\\windows\\iun6002.exe
AddRemove-QcDrv - c:\\program files\\Fichiers communs\\Logitech\\QCDRV\\BIN\\SETUP.EXE UNINSTALL REMOVEPROMPT



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 17:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d\'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > \'winlogon.exe\'(548)
c:\\windows\\system32\\Ati2evxx.dll

- - - - - - - > \'explorer.exe\'(2164)
c:\\windows\\system32\\eappprxy.dll
c:\\windows\\system32\\webcheck.dll
c:\\windows\\system32\\WPDShServiceObj.dll
c:\\windows\\system32\\PortableDeviceTypes.dll
c:\\windows\\system32\\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\\windows\\system32\\Ati2evxx.exe
c:\\program files\\Alwil Software\\Avast4\\aswUpdSv.exe
c:\\program files\\Alwil Software\\Avast4\\ashServ.exe
c:\\program files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
c:\\program files\\Bonjour\\mDNSResponder.exe
c:\\program files\\Java\\jre6\\bin\\jqs.exe
c:\\program files\\Fichiers communs\\LightScribe\\LSSrvc.exe
c:\\program files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
c:\\windows\\system32\\IoctlSvc.exe
c:\\windows\\system32\\HPZipm12.exe
c:\\program files\\Alwil Software\\Avast4\\ashMaiSv.exe
c:\\program files\\Alwil Software\\Avast4\\ashWebSv.exe
c:\\windows\\system32\\Ati2evxx.exe
c:\\windows\\system32\\wscntfy.exe
c:\\progra~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE
c:\\program files\\Logitech\\Video\\FxSvr2.exe
c:\\program files\\iPod\\bin\\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-11-30 17:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-30 16:59

Avant-CF: 37 970 051 072 octets libres
Après-CF: 38 694 645 760 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professionnel\" /noexecute=optin /fastdetect

- - End Of File - - 0716621AC7A9E02DDE114EA56CBC1C0F

Fais un nouveau rapport RSIT et ne poste que le rapport log.txt stp

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by marity at 2009-11-30 20:08:02
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 37 GB (48%) free of 76 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:09, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\\LVCOMSX.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Logitech\\Video\\LogiTray.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE
C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Logitech\\Video\\FxSvr2.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\explorer.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Documents and Settings\\marity\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\marity.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [LogitechVideoTray] C:\\Program Files\\Logitech\\Video\\LogiTray.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\WINDOWS\\system32\\pr2ajbeb.exe

--
End of file - 8846 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-06-12 41368]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-06-12 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll [2008-07-28 882416]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"LVCOMSX\"=C:\\WINDOWS\\system32\\LVCOMSX.EXE [2004-10-08 221184]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-11-25 81000]
\"LogitechVideoTray\"=C:\\Program Files\\Logitech\\Video\\LogiTray.exe [2004-10-08 217088]
\"QuickTime Task\"=C:\\Program Files\\QuickTime\\QTTask.exe [2009-09-05 417792]
\"iTunesHelper\"=C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]
\"Adobe ARM\"=C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-13 4351216]
\"LDM\"=C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe [2009-05-21 20480]
\"LogitechSoftwareUpdate\"=C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe [2004-10-08 196608]
\"MSMSGS\"=C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ATICCC]
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-04-16 251264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\iTunesHelper]
C:\\Program Files\\iTunes\\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\LogitechVideoRepair]
C:\\Program Files\\Logitech\\Video\\ISStart.exe [2004-10-08 458752]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
C:\\Program Files\\QuickTime\\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMan]
C:\\WINDOWS\\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-06-12 148888]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VeohPlugin]
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2009-05-20 3561720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2006-02-19 288472]

C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage
Logitech Desktop Messenger.lnk - C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\AtiExtEvent]
C:\\WINDOWS\\system32\\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=323
\"NoDriveAutoRun\"=67108863
\"NoDrives\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"NoDrives\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\"=\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe\"=\"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe\"=\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger\"
\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe\"=\"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup\"
\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"=\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player \"
\"C:\\WINDOWS\\system32\\spoolsv.exe\"=\"C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe\"
\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe\"=\"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe\"
\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"=\"C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour\"
\"C:\\Program Files\\LimeWire\\LimeWire.exe\"=\"C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire\"
\"C:\\Program Files\\Spotify\\spotify.exe\"=\"C:\\Program Files\\Spotify\\spotify.exe:*:Enabled:Spotify\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"
\"C:\\Program Files\\iTunes\\iTunes.exe\"=\"C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\"
\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe\"=\"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe\"=\"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare\"

======List of files/folders created in the last 1 months======

2009-11-30 17:59:14 ----A---- C:\\ComboFix.txt
2009-11-30 17:35:40 ----A---- C:\\Boot.bak
2009-11-30 17:35:33 ----RASHD---- C:\\cmdcons
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\zip.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\SWSC.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\SWREG.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\sed.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\PEV.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\NIRCMD.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\MBR.exe
2009-11-30 17:34:27 ----A---- C:\\WINDOWS\\grep.exe
2009-11-30 17:34:26 ----A---- C:\\WINDOWS\\SWXCACLS.exe
2009-11-30 17:34:19 ----D---- C:\\WINDOWS\\ERDNT
2009-11-30 17:33:51 ----D---- C:\\Qoobox
2009-11-30 15:33:01 ----D---- C:\\Program Files\\Ad-Remover
2009-11-30 14:04:00 ----A---- C:\\TB.txt
2009-11-30 14:03:29 ----D---- C:\\ToolBar SD
2009-11-30 13:40:01 ----D---- C:\\Program Files\\trend micro
2009-11-30 13:40:00 ----D---- C:\\rsit
2009-11-25 22:12:34 ----HDC---- C:\\WINDOWS\\$NtUninstallKB976098-v2$
2009-11-25 22:12:23 ----HDC---- C:\\WINDOWS\\$NtUninstallKB973687$
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xinput1_1.dll
2009-11-17 10:08:05 ----A---- C:\\WINDOWS\\system32\\xactengine2_2.dll
2009-11-17 10:08:04 ----A---- C:\\WINDOWS\\system32\\xactengine2_1.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\xactengine2_0.dll
2009-11-17 10:07:52 ----A---- C:\\WINDOWS\\system32\\x3daudio1_0.dll
2009-11-17 10:07:51 ----A---- C:\\WINDOWS\\system32\\d3dx9_29.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\xinput9_1_0.dll
2009-11-17 10:07:49 ----A---- C:\\WINDOWS\\system32\\d3dx9_27.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_26.dll
2009-11-17 10:07:47 ----A---- C:\\WINDOWS\\system32\\d3dx9_25.dll
2009-11-17 10:07:45 ----A---- C:\\WINDOWS\\system32\\d3dx9_24.dll
2009-11-17 09:48:59 ----D---- C:\\Program Files\\Micro Application
2009-11-14 18:19:38 ----D---- C:\\Program Files\\iPod
2009-11-14 18:19:32 ----D---- C:\\Program Files\\iTunes
2009-11-14 18:19:32 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 11:42:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\PhotoMail
2009-11-14 11:42:46 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-14 10:39:52 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Twintale Entertainment
2009-11-11 21:56:00 ----HDC---- C:\\WINDOWS\\$NtUninstallKB969947$
2009-11-10 12:30:22 ----D---- C:\\Documents and Settings\\marity\\Application Data\\vlc
2009-11-08 14:01:08 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Gamenauts
2009-11-07 12:19:40 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Hidden Island Data
2009-11-07 11:23:28 ----D---- C:\\Program Files\\L\'Ile Invisible
2009-11-07 11:18:39 ----D---- C:\\Program Files\\PuppetShow - Le Mystere de Joyville
2009-11-07 11:03:34 ----D---- C:\\Program Files\\Pocahontas - Princesse du Powhatan
2009-11-07 10:59:04 ----D---- C:\\Program Files\\Cate West - Les Cles de Velours
2009-11-07 10:52:05 ----D---- C:\\Program Files\\Departement 42 - Le Mystere des Neuf
2009-11-06 06:43:00 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Princess Isabella
2009-11-06 05:42:23 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Babylonia
2009-11-02 11:14:15 ----D---- C:\\Program Files\\QuickTime
2009-10-31 22:24:31 ----D---- C:\\Program Files\\Princesse Isabella - Le Chateau Ensorcele
2009-10-31 22:17:06 ----D---- C:\\Program Files\\Babylonia

======List of files/folders modified in the last 1 months======

2009-11-30 20:02:58 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-30 19:33:17 ----D---- C:\\WINDOWS\\Prefetch
2009-11-30 17:59:18 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-30 17:59:17 ----D---- C:\\WINDOWS\\Temp
2009-11-30 17:58:09 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-30 17:53:27 ----D---- C:\\WINDOWS
2009-11-30 17:53:27 ----A---- C:\\WINDOWS\\system.ini
2009-11-30 17:43:19 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-30 17:43:19 ----D---- C:\\Program Files
2009-11-30 17:41:39 ----D---- C:\\WINDOWS\\system32
2009-11-30 17:41:39 ----D---- C:\\WINDOWS\\AppPatch
2009-11-30 17:41:36 ----D---- C:\\Program Files\\Fichiers communs
2009-11-30 17:35:40 ----RASH---- C:\\boot.ini
2009-11-30 17:34:39 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-30 15:38:49 ----SHD---- C:\\WINDOWS\\Installer
2009-11-25 22:12:36 ----HD---- C:\\WINDOWS\\inf
2009-11-25 22:12:32 ----A---- C:\\WINDOWS\\imsins.BAK
2009-11-25 22:12:26 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-25 22:12:12 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-25 22:12:05 ----D---- C:\\Config.Msi
2009-11-25 22:12:03 ----D---- C:\\WINDOWS\\WinSxS
2009-11-25 00:54:29 ----A---- C:\\WINDOWS\\system32\\aswBoot.exe
2009-11-24 13:20:46 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Adobe
2009-11-19 19:43:55 ----D---- C:\\Program Files\\Fichiers communs\\Adobe
2009-11-17 10:08:04 ----RSD---- C:\\WINDOWS\\assembly
2009-11-17 10:07:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-11-17 10:07:38 ----D---- C:\\WINDOWS\\system32\\DirectX
2009-11-14 18:20:25 ----DC---- C:\\WINDOWS\\system32\\DRVSTORE
2009-11-14 18:19:37 ----D---- C:\\Program Files\\Fichiers communs\\Apple
2009-11-14 11:37:53 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-10 11:32:45 ----A---- C:\\WINDOWS\\NeroDigital.ini
2009-11-08 14:00:55 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\BigFishGamesCache
2009-11-07 11:19:15 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Games
2009-11-05 18:36:21 ----A---- C:\\WINDOWS\\system32\\MRT.exe
2009-11-04 03:00:35 ----D---- C:\\WINDOWS\\ie8updates
2009-10-31 20:27:11 ----D---- C:\\Documents and Settings\\marity\\Application Data\\Big Fish Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\\WINDOWS\\system32\\drivers\\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\\WINDOWS\\system32\\drivers\\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\\WINDOWS\\system32\\drivers\\aswMon2.sys [2009-11-25 94160]
R2 mdmxsdk;mdmxsdk; C:\\WINDOWS\\system32\\DRIVERS\\mdmxsdk.sys [2004-08-03 11868]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\\WINDOWS\\system32\\drivers\\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\\WINDOWS\\system32\\drivers\\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\\WINDOWS\\system32\\DRIVERS\\ati2mtag.sys [2006-05-03 1540608]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\WINDOWS\\system32\\DRIVERS\\Camdrl.sys [2004-10-08 326656]
R3 catchme;catchme; \\??\\C:\\ComboFix\\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\\WINDOWS\\system32\\DRIVERS\\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\\WINDOWS\\system32\\DRIVERS\\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\\WINDOWS\\system32\\DRIVERS\\HSFBS2S2.sys [2004-08-03 220032]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\\WINDOWS\\system32\\drivers\\lvusbsta.sys [2004-10-08 22016]
R3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2004-08-05 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\\WINDOWS\\system32\\DRIVERS\\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\WINDOWS\\system32\\DRIVERS\\serscan.sys [2001-08-23 6912]
R3 usbaudio;Pilote USB audio (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\\WINDOWS\\system32\\DRIVERS\\HSFCXTS2.sys [2004-08-03 685056]
S3 CCDECODE;Décodeur sous-titre fermé; C:\\WINDOWS\\system32\\DRIVERS\\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\\WINDOWS\\system32\\drivers\\cmuda.sys [2005-12-15 1368000]
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 mbr;mbr; \\??\\C:\\DOCUME~1\\marity\\LOCALS~1\\Temp\\mbr.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\WINDOWS\\system32\\drivers\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\\WINDOWS\\system32\\DRIVERS\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\\WINDOWS\\system32\\DRIVERS\\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\\WINDOWS\\system32\\DRIVERS\\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\\WINDOWS\\System32\\Drivers\\usbaapl.sys [2009-06-05 39424]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\\WINDOWS\\system32\\DRIVERS\\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\\WINDOWS\\system32\\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\\Program Files\\Bonjour\\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-06-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe [2006-12-14 61440]
R2 MDM;Machine Debug Manager; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe [2001-02-23 270336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\\WINDOWS\\system32\\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\WINDOWS\\system32\\HPZipm12.exe [2007-08-09 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\\Program Files\\iPod\\bin\\iPodService.exe [2009-10-28 545568]
S2 ATI Smart;ATI Smart; C:\\WINDOWS\\system32\\ati2sgag.exe [2006-05-03 520192]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\WINDOWS\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 aspnet_state;ASP.NET State Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2007-01-04 136120]
S3 HP Status Server;HP Status Server; C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-05-13 234864]
S3 NBService;NBService; C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe [2008-01-22 275752]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tu vas faire un rapport HijakcThis, ce programme est déjà présent sur ton ordinateur puisqu\'il a été installé en même temps que RSIT.

• Suis ce chemin d\'accès : C:\\Program Files\\trend micro\\marity.exe
  
• HijakcThis a été renommé marity, il faut lancer HijakcThis en cliquant sur cet icône renommé.
  
• clique ensuite sur \"Do a system scan and save a log file\"
  
• postes le rapport généré dans ta prochaine réponse

On va passer à la finalisation de la désinfection.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:37, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\\LVCOMSX.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Logitech\\Video\\LogiTray.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE
C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Logitech\\Video\\FxSvr2.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\explorer.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\WINDOWS\\system32\\NOTEPAD.EXE
C:\\Program Files\\trend micro\\marity.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [LogitechVideoTray] C:\\Program Files\\Logitech\\Video\\LogiTray.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\WINDOWS\\system32\\pr2ajbeb.exe

--
End of file - 8829 bytes

Avant de finaliser, mets malwarebyte à jour, supprime la quarantaine et fais une nouvelle analyse, en mode rapide ce sera suffisant.

Poste le nouveau rapport généré, et un nouveau HijackThis en même temps.

Merci.

Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3

30/11/2009 21:18:26
mbam-log-2009-11-30 (21-18-26).txt

Type de recherche: Examen rapide
Eléments examinés: 102195
Temps écoulé: 6 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:05, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
C:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\IoctlSvc.exe
C:\\WINDOWS\\system32\\HPZipm12.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\\LVCOMSX.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Logitech\\Video\\LogiTray.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE
C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Logitech\\Video\\FxSvr2.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\explorer.exe
C:\\Program Files\\IncrediMail\\bin\\IMApp.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe
C:\\WINDOWS\\system32\\NOTEPAD.EXE
C:\\Program Files\\trend micro\\marity.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [LogitechVideoTray] C:\\Program Files\\Logitech\\Video\\LogiTray.exe
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKLM\\..\\RunOnce: [Malwarebytes\' Anti-Malware] C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe /install /silent
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\WINDOWS\\system32\\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\WINDOWS\\system32\\pr2ajbeb.exe

--
End of file - 8999 bytes

ok,

Voici la phase finale de la désinfection de ton pc sous XP, rapide finalement.

Suis les recommandations à la lettre et dans l\'ordre s\'il-te-plait. Si tu as des questions n\'hésites pas à les poser.

• Lance à nouveau HijackThis
  
• cette fois tu vas cliquer sur \"Do a system scan only\"
  
• tu vas cocher sur la gauche les cases correspondants aux lignes que je te désigne ci-dessous :
  
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
  O4 - HKLM\\..\\Run: [LVCOMSX] C:\\WINDOWS\\system32\\LVCOMSX.EXE
  O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
  O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
  O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
  O4 - HKCU\\..\\Run: [LDM] C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe
  O4 - HKCU\\..\\Run: [LogitechSoftwareUpdate] \"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot
  O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
  O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe
  O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
  O18 - Protocol: quad-driver-fix - {B774851D-1762-4EE9-A549-BF30323FEC13} - C:\\Program Files\\QUAD Utilities\\QUAD Driver Fix\\DriversFix.dll (file missing)
  
  
• Une fois toutes ces lignes cochées, clique sur Fix checked

============================================================================

Ta version de java n\'est pas à jour. C\'est une faille de sécurité.

Rends toi sur le site de java www.java.com/fr/download/installed.jsp, télécharges la version 1.6.17 et laisse toi guider pour son installation.
Une fois cette version installée, rends toi dans ajout/suppression de programme et supprime les anciennes version de java, ne conserve que la version 1.6.17.

============================================================================

Pour suppirmer combofix :

• appuies simultanément sur les touches windows+R
  
• dans la fenêtre qui s\'ouvre, copie/colle cette ligne de commande :
  
  combofix /u
  
  
• cliques sur ok pour valider.

============================================================================

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

• Télécharge ToolsCleaner sur ton Bureau
  
• Double-clique sur ToolsCleaner2.exe et laisse le travailler
  
• Clique sur Recherche et laisse le scan se terminer.
  
• Clique sur Suppression pour finaliser.
  
• Tu peux, si tu le souhaites, te servir des Options facultatives.
  
• Clique sur Quitter, pour que le rapport puisse se créer.
  
• Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\\)...colle le dans ta prochaine réponse

============================================================================

Télécharges et installes C Cleaner

• Lance CCleaner puis Clique sur \"Options\", \"Avancé\" et décoche la case \"Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 24 heures\".
  
• Dans le menu nettoyeur , clique sur \"Analyse.
  
• Ensuite clique sur le bouton \"Lancer le nettoyage\" et laisse le faire.
  
• Maintenant dans l\'onglet \"Registre\" , clique sur \"Chercher des erreurs\"
  
• Réponds a OUI a la question qui te sera posée.
  
• Enfin , répare les erreurs en cliquant sur \" Réparer les erreurs sélectionnés \"
  
• recommence la recherche et la suppression des erreurs jusqu\'à ce qu\'il ne reste plus rien.
  
• un tutoriel pour t\'aider

Tu peux conserver ce logiciel et l\'utiliser régulièrement.

============================================================================

Cette étape est indispensable pour finaliser la désinfection, elle permet de supprimer les points de restauration et du même coup les éventuels malwares qui s\'y seraient logés.

/!\\ Très Important / !\\

• Il faut désactiver et réactiver la restauration système suis ce tutoriel pour t\'aider.
  
• Il faut ensuite créer un point de restauration manuellement, pour t\'aider suis celui là

============================================================================

Information :

Depuis 2006 le nombre de malwares et les technologies ont évolué de manière sensible toujours pour servir l\'économie souterraine lucrative qui sert les auteurs de malwares.
A ce jour, il n\'existe pas de technologies capables de protéger efficacement votre ordinateur si l\'internaute n\'est pas instruit sur les risques encourus sur la toile. Ce transfert de connaissances est indispensable pour construire l\'Internet.

C\'est pour cela que je t\'invite à lire ce fichier PDF qui traite de la sécurité informatique. Ce fichier est issu du forum de malekal_morte, qui a mis en place un Projet Antimalware pour sensibiliser l\'opinion publique et les politiques sur les dangers des malwares. J\'adhère à 100% sur ce projet. N\'hésites pas à le diffuser autour de toi pour que le maximum de personnes soient prévenues.

============================================================================

Quand tu auras fait toutes ces manipulations, ton ordinateur sera désinfecté.

Envoies moi le rapport généré par toolscleaner que je puisse vérifier que tous les outils utilisés ont bien été supprimés. Il n\'est pas nécessaire de les conserver, puisqu\'ils sont mis à jour régulièrement par leurs auteurs. De plus ils sont potentiellement dangereux pour les ordinateurs s\'ils sont mal utilisés.

A plus tard pour le rapport et pour ton second ordinateur.

Je te propose de continuer sur ce fil pour le deuxième.

j\'ai fait , et dans l\'ordre tout ce que tu m\'a dis plus haut ,

j\'en suis a la suppression de combofix:

la je fais bien touches simultanés windows+R ,ca ouvre la commande executer , la je colle exactement combofix /u comme tu l\'a mis plus haut , mais ca repart pour un scan et ca me génère une page mais pas de suppression... c\'est normal?
j\'attends ta réponse pour continuer et ne pas faire de bêtises

Non tu laisse comme ça, c\'est combofix qui se supprime.

Fais toolscleaner ensuite et continue la procédure.

combofix /u[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\\Combofix.txt: trouvé !
C:\\TB.txt: trouvé !
C:\\Combofix: trouvé !
C:\\Qoobox: trouvé !
C:\\Toolbar SD: trouvé !
C:\\Rsit: trouvé !
C:\\Documents and Settings\\marity\\Bureau\\ComboFix.exe: trouvé !
C:\\Documents and Settings\\marity\\Bureau\\Ad-R.exe: trouvé !
C:\\Documents and Settings\\marity\\Bureau\\ToolBarSD.exe: trouvé !
C:\\Documents and Settings\\marity\\Bureau\\Rsit.exe: trouvé !
C:\\Program Files\\Ad-remover: trouvé !
C:\\Program Files\\Ad-Remover\\BACKUP\\Ad-R.exe: trouvé !
C:\\Program Files\\trend micro\\HijackThis.exe: trouvé !
C:\\Program Files\\trend micro\\hijackthis.log: trouvé !
C:\\Qoobox\\Quarantine\\catchme.log: trouvé !
C:\\WINDOWS\\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\\Documents and Settings\\marity\\Bureau\\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\\Documents and Settings\\marity\\Bureau\\Ad-R.exe: supprimé !
C:\\Documents and Settings\\marity\\Bureau\\ToolBarSD.exe: supprimé !
C:\\Program Files\\Ad-Remover\\BACKUP\\Ad-R.exe: supprimé !
C:\\Program Files\\trend micro\\HijackThis.exe: supprimé !
C:\\Combofix.txt: supprimé !
C:\\TB.txt: supprimé !
C:\\Documents and Settings\\marity\\Bureau\\Rsit.exe: supprimé !
C:\\Program Files\\trend micro\\hijackthis.log: supprimé !
C:\\Qoobox\\Quarantine\\catchme.log: supprimé !
C:\\WINDOWS\\mbr.exe: supprimé !
C:\\Combofix: supprimé !
C:\\Qoobox: supprimé !
C:\\Toolbar SD: supprimé !
C:\\Rsit: supprimé !
C:\\Program Files\\Ad-remover: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !

Tu peux supprimer l\'icône de combofix sur ton bureau ainsi que celui de toolscleaner et vider ta corbeille.

Envoies moi le RSIT de ton pc sous vista dès que tu auras fini les manips.

Par contre je verrais ça demain soir.

Bonne soirée.

ok merci de ton aide et de tes explications qui étaient très clair
je posterais le rapport RSIT demain matin , pour aujourd\'hui, j\'ai fait ma part de ménage,qu\'il soit réel ou virtuel
bonne fin de soirée malwarebleach

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by tamary at 2009-12-01 09:26:44
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 55 GB (54%) free of 102 GB
Total RAM: 894 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:37, on 01/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\RtHDVCpl.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
C:\\Program Files\\Common Files\\logishrd\\LComMgr\\Communications_Helper.exe
C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\explorer.exe
C:\\Users\\tamary\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\tamary.exe
C:\\Windows\\system32\\SearchFilterHost.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\\Program Files\\GamesBar\\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\\Program Files\\GamesBar\\oberontb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [CardDetectorICON225] C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
O4 - HKLM\\..\\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe
O4 - HKLM\\..\\Run: [LogitechCommunicationsManager] \"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\"
O4 - HKLM\\..\\Run: [LogitechQuickCamRibbon] \"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [VeohPlugin] \"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\\Program Files\\GamesBar\\oberontb.dll
O9 - Extra \'Tools\' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\\Program Files\\GamesBar\\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://jeuxenligne.orange.fr/orange2.0/games/channel--110167437/lc--fr/room--aba38feb-288c-4503-a389-e5d57111c05c/online/wedding_dash/fr/WeddingDash.1.0.0.47.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\\Windows\\system32\\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\Windows\\system32\\pr2ajbeb.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe

--
End of file - 9983 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\User_Feed_Synchronization-{F541021D-EC55-4070-99AE-3E54C495044E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-09-24 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-09-24 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
GamesBarBHO Class - C:\\Program Files\\GamesBar\\oberontb.dll [2008-01-06 540672]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll [2008-03-27 1164600]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\\Program Files\\GamesBar\\oberontb.dll [2008-01-06 540672]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll [2008-03-27 1164600]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2008-09-28 463872]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-09-24 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATICCC\"=C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe [2006-07-11 90112]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2006-11-01 3772416]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"CardDetectorICON225\"=C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe [2007-11-14 278528]
\"BEWINTERNET-FR-DMGP-V2SessionManager\"=C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe [2007-12-05 107248]
\"LogitechCommunicationsManager\"=C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe [2008-08-14 565008]
\"LogitechQuickCamRibbon\"=C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe [2008-08-14 2407184]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]
\"SunJavaUpdateSched\"=C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-02-23 1232896]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2006-11-02 125440]
\"VeohPlugin\"=C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2008-09-28 3497208]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-03-10 39408]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-11-10 280008]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MsnMsgr]
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
C:\\Program Files\\Skype\\Phone\\Skype.exe [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SMSERIAL]
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe [2006-10-09 729088]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Windows Defender]
C:\\Program Files\\Windows Defender\\MSASCui.exe [2008-02-23 1006264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Yahoo! Pager]
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Users^tamary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\\PROGRA~1\\OPENOF~1.4\\program\\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"EnableLUA\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=95000000

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe\"=\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b446d5b7-0193-11dd-9f07-00030d5c8292}]
shell\\AutoRun\\command - E:\\AutoRunCardDetector.exe


======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 1 months======

2009-12-01 09:26:50 ----D---- C:\\Program Files\\trend micro
2009-12-01 09:26:44 ----D---- C:\\rsit
2009-11-26 14:38:57 ----D---- C:\\Program Files\\Natalie Brooks - Secrets of Treasure House
2009-11-26 14:31:59 ----D---- C:\\ProgramData\\BigFishSavedGames
2009-11-25 14:43:45 ----A---- C:\\Windows\\system32\\tzres.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml6.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml3.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml6r.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml3r.dll
2009-11-17 18:40:10 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Malwarebytes
2009-11-17 18:39:58 ----D---- C:\\ProgramData\\Malwarebytes
2009-11-17 18:39:57 ----D---- C:\\Program Files\\Malwarebytes\' Anti-Malware
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xinput1_1.dll
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xactengine2_2.dll
2009-11-16 22:22:56 ----A---- C:\\Windows\\system32\\xactengine2_1.dll
2009-11-16 22:22:19 ----A---- C:\\Windows\\system32\\d3dx9_30.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\xactengine2_0.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\x3daudio1_0.dll
2009-11-16 22:22:14 ----A---- C:\\Windows\\system32\\d3dx9_29.dll
2009-11-16 22:22:12 ----A---- C:\\Windows\\system32\\d3dx9_28.dll
2009-11-16 22:22:08 ----A---- C:\\Windows\\system32\\d3dx9_27.dll
2009-11-16 22:22:05 ----A---- C:\\Windows\\system32\\d3dx9_26.dll
2009-11-16 22:22:02 ----A---- C:\\Windows\\system32\\d3dx9_25.dll
2009-11-16 22:22:00 ----A---- C:\\Windows\\system32\\d3dx9_24.dll
2009-11-16 22:14:17 ----D---- C:\\Program Files\\Micro Application
2009-11-11 19:33:26 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\ERS G-Studio
2009-11-11 17:05:01 ----D---- C:\\ProgramData\\MumboJumbo
2009-11-11 08:28:42 ----A---- C:\\Windows\\system32\\WSDApi.dll
2009-11-10 16:36:01 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Gamenauts
2009-11-10 16:19:35 ----D---- C:\\ProgramData\\PhotoMail
2009-11-10 16:19:32 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-09 13:08:56 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Games
2009-11-04 09:47:31 ----A---- C:\\Windows\\system32\\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-12-01 09:27:08 ----D---- C:\\Windows\\Prefetch
2009-12-01 09:26:50 ----RD---- C:\\Program Files
2009-12-01 09:25:40 ----D---- C:\\Windows\\Temp
2009-12-01 09:23:51 ----D---- C:\\Program Files\\Mozilla Firefox
2009-12-01 09:20:45 ----SHD---- C:\\System Volume Information
2009-11-29 10:16:00 ----D---- C:\\Windows\\system32\\catroot2
2009-11-26 14:39:43 ----AD---- C:\\ProgramData\\TEMP
2009-11-26 14:35:23 ----D---- C:\\BigFishGamesCache
2009-11-26 14:31:59 ----HD---- C:\\ProgramData
2009-11-25 23:02:28 ----D---- C:\\Windows\\System32
2009-11-25 14:45:25 ----D---- C:\\Windows\\winsxs
2009-11-25 14:44:56 ----D---- C:\\Windows\\system32\\fr-FR
2009-11-25 14:44:41 ----D---- C:\\Windows\\system32\\catroot
2009-11-25 14:43:06 ----SHD---- C:\\Windows\\Installer
2009-11-25 14:42:30 ----D---- C:\\Windows
2009-11-24 23:39:16 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\dvdcss
2009-11-17 18:40:00 ----D---- C:\\Windows\\system32\\drivers
2009-11-16 22:22:56 ----RSD---- C:\\Windows\\assembly
2009-11-16 22:22:28 ----D---- C:\\Windows\\Microsoft.NET
2009-11-12 07:50:58 ----D---- C:\\Program Files\\Windows Mail
2009-11-11 08:55:00 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\OpenOffice.org2
2009-11-10 16:17:36 ----D---- C:\\Program Files\\IncrediMail
2009-11-05 18:36:21 ----A---- C:\\Windows\\system32\\mrt.exe
2009-11-02 20:42:06 ----N---- C:\\Windows\\system32\\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys [2007-11-14 29856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\\Windows\\system32\\DRIVERS\\athr.sys [2008-05-07 767488]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\\Windows\\system32\\DRIVERS\\CmBatt.sys [2008-02-23 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2006-11-01 1644968]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\\Windows\\system32\\DRIVERS\\LVPr2Mon.sys [2008-07-26 25624]
R3 R300;R300; C:\\Windows\\system32\\DRIVERS\\atikmdag.sys [2006-11-09 2071552]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\\Windows\\system32\\DRIVERS\\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\\Windows\\system32\\DRIVERS\\smserial.sys [2006-10-09 981504]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\Windows\\system32\\DRIVERS\\Camdrl.sys [2007-02-03 1075360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2006-11-02 5632]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\\Windows\\system32\\DRIVERS\\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\\Windows\\system32\\DRIVERS\\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\\Windows\\system32\\DRIVERS\\gtptser.sys [2007-11-13 8064]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\\Windows\\system32\\drivers\\LVUSBSta.sys [2008-07-26 41752]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2006-11-02 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCASp50.sys [2006-11-28 27072]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\\Windows\\system32\\DRIVERS\\LV561AV.SYS [2008-02-01 489624]
S3 sdbus;sdbus; C:\\Windows\\system32\\DRIVERS\\sdbus.sys [2006-11-02 82432]
S3 usbaudio;Pilote USB audio (WDM); C:\\Windows\\system32\\drivers\\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\\Windows\\system32\\DRIVERS\\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\drivers\\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\\Windows\\system32\\Ati2evxx.exe [2006-11-09 552960]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 FTRTSVC;France Telecom Routing Table Service; C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe [2007-12-04 65536]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 LVCOMSer;LVCOMSer; C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 SeaPort;SeaPort; C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe [2009-05-19 240512]
R2 YahooAUService;Yahoo! Updater; C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\Windows\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-05-23 182768]

-----------------EOF-----------------

info.txt logfile of random\'s system information tool 1.06 2009-12-01 09:27:50

======Uninstall list======

-->C:\\PROGRA~1\\Yahoo!\\Common\\UNYT_W~1.EXE
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
AACD_v4-->C:\\Program Files\\Aacd v4\\Uninst_Aacd_v4.exe
Adobe Flash Player 10 Plugin-->C:\\Windows\\system32\\Macromed\\Flash\\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\\Windows\\system32\\Macromed\\Flash\\uninstall_activeX.exe
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI Catalyst Control Center Ex-->MsiExec.exe /I{977D92B9-DD06-CDDC-316A-025E912C4038}
avast! Antivirus-->C:\\Program Files\\Alwil Software\\Avast4\\aswRunDll.exe \"C:\\Program Files\\Alwil Software\\Avast4\\Setup\\setiface.dll\",RunSetup
Big Fish Games Client-->C:\\Program Files\\bfgclient\\Uninstall.exe
Card Detector for Option Icon 225-->C:\\Program Files\\CardDetector\\ICON225\\CardDetectorSetup.exe -u
CCleaner (remove only)-->\"C:\\Program Files\\CCleaner\\uninst.exe\"
Coffret de pilotes Logitech QuickCam-->\"C:\\Program Files\\Common Files\\LogiShrd\\LogiDriverStore\\lvdrivers\\11.80.1048\\LgDrvInst.exe\" -remove -instdir\"C:\\Program Files\\Common Files\\LogiShrd\\LogiDriverStore\\lvdrivers\\\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey\"lvdrivers_11.80\" /clone_wait /hide_progress
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GamesBar 2.0.1.12-->C:\\Program Files\\GamesBar\\uninst.exe
Google Toolbar for Internet Explorer-->\"C:\\Program Files\\Google\\Google Toolbar\\Component\\GoogleToolbarManager_E582EA556D8DE101.exe\" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->\"C:\\Program Files\\trend micro\\HijackThis.exe\" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\\Windows\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\\Windows\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"
HP Customer Participation Program 8.0-->C:\\Program Files\\HP\\Digital Imaging\\ExtCapUninstall\\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\\Program Files\\HP\\Digital Imaging\\DeviceManagement\\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\\Program Files\\HP\\Digital Imaging\\OCR\\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\\Program Files\\HP\\Digital Imaging\\{282E5AB2-8E47-4571-B6FA-6B512555B557}\\setup\\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\\Program Files\\HP\\Digital Imaging\\eSupport\\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IncrediMail 2.0-->C:\\Program Files\\IncrediMail\\Bin\\ImSetup.exe /uninstallProduct /addon:incredimail
IncrediMail-->MsiExec.exe /X{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
Installation Windows Live-->C:\\Program Files\\Windows Live\\Installer\\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Everywhere-->C:\\Program Files\\Orange\\IEWInternet-DMGP\\installation\\core\\Installgui.exe -u
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
L\'Ile Noyée-->\"C:\\Program Files\\Micro Application\\L\'Ile Noyée\\unins000.exe\"
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes\' Anti-Malware-->\"C:\\Program Files\\Malwarebytes\' Anti-Malware\\unins000.exe\"
Mediatheque 1.1.1-->\"C:\\Program Files\\Mediatheque\\unins000.exe\"
Messenger Plus! Live-->\"C:\\Program Files\\Messenger Plus! Live\\Uninstall.exe\"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 SP1\\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\\setup.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.15)-->C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Natalie Brooks: Secrets of Treasure House-->\"C:\\Program Files\\Natalie Brooks - Secrets of Treasure House\\Uninstall.exe\"
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pahelika: Légendes Secrètes-->\"C:\\Program Files\\Pahelika - Legendes Secretes\\Uninstall.exe\"
PhotoMail Maker-->MsiExec.exe /X{15382D89-6EF6-4D21-9484-B500F2B10E46}
PhotoMail Maker-->MsiExec.exe /X{15382D89-6EF6-4D21-9484-B500F2B10E46} ARPVAL=\"UnInst\" /qf /L*V \"%temp%\\PhotoMailUninstallLog.log\"
Player Metaboli-->\"C:\\Program Files\\Player Metaboli\\Uninstall.exe\"
PopCap Browser Plugin-->C:\\Program Files\\PopCap Games\\PopCap Browser Plugin\\Uninstall.exe
Realtek High Definition Audio Driver-->RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\11\\50\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\\Setup.exe\" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SweetIM for Messenger 2.5-->MsiExec.exe /X{C3576005-01B0-4C25-AA5F-40134CC78C42}
SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\\Windows\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"
Veoh Web Player Beta-->\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\uninst.exe\"
VideoLAN VLC media player 0.8.6e-->C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live OneCare safety scanner-->\"C:\\Program Files\\Windows Live Safety Center\\UnInstall.exe\"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Yahoo! Extras-->C:\\PROGRA~1\\Yahoo!\\Common\\unyext.exe
Yahoo! Install Manager-->C:\\Windows\\system32\\regsvr32 /u C:\\PROGRA~1\\Yahoo!\\Common\\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\\Windows\\system32\\regsvr32 /u /s C:\\PROGRA~1\\Yahoo!\\Common\\ymmapi.dll
Yahoo! Messenger-->C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\UNWISE.EXE /U C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\INSTALL.LOG
Yahoo! Software Update-->C:\\PROGRA~1\\Yahoo!\\SOFTWA~1\\UNINST~1.EXE
Yahoo! Toolbar-->C:\\PROGRA~1\\Yahoo!\\Common\\UNYT_W~1.EXE

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091130-1]
AS: Windows Defender
AS: avast! antivirus 4.8.1351 [VPS 091130-1]

======System event log======

Computer Name: PC-de-tamary
Event Code: 43015
Message: I2c return failed
Record Number: 137127
Source Name: R300
Time Written: 20091201081016.531250-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 43015
Message: I2c return failed
Record Number: 137128
Source Name: R300
Time Written: 20091201081016.531250-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 19
Message: Échec du spouleur d’impression pour partager l’imprimante HP Photosmart C5100 series (Copie 2) avec le nom de la ressource partagée HP Photosmart C5100 series (Copie 2). Erreur 2114. L’imprimante n’est pas utilisable par d’autres personnes sur le réseau.
Record Number: 137136
Source Name: Print
Time Written: 20091201081036.000000-000
Event Type: Erreur
User: AUTORITE NT\\SYSTEM

Computer Name: PC-de-tamary
Event Code: 19
Message: Échec du spouleur d’impression pour partager l’imprimante HP Photosmart C5100 series (Copie 1) avec le nom de la ressource partagée HP Photosmart C5100 series (Copie 1). Erreur 2114. L’imprimante n’est pas utilisable par d’autres personnes sur le réseau.
Record Number: 137137
Source Name: Print
Time Written: 20091201081036.000000-000
Event Type: Erreur
User: AUTORITE NT\\SYSTEM

Computer Name: PC-de-tamary
Event Code: 19
Message: Échec du spouleur d’impression pour partager l’imprimante HP Photosmart C5100 series avec le nom de la ressource partagée HP Photosmart C5100 series. Erreur 2114. L’imprimante n’est pas utilisable par d’autres personnes sur le réseau.
Record Number: 137138
Source Name: Print
Time Written: 20091201081036.000000-000
Event Type: Erreur
User: AUTORITE NT\\SYSTEM

=====Application event log=====

Computer Name: PC-de-tamary
Event Code: 1002
Message: Le programme firefox.exe version 1.9.0.3576 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : c54 Heure de début : 01ca6a45c6ac27df Heure de fin : 458
Record Number: 17519
Source Name: Application Hang
Time Written: 20091121010847.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 1002
Message: Le programme firefox.exe version 1.9.0.3576 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 8cc Heure de début : 01ca6a47313139b4 Heure de fin : 29
Record Number: 17520
Source Name: Application Hang
Time Written: 20091121011134.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 1002
Message: Le programme firefox.exe version 1.9.0.3576 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 124c Heure de début : 01ca6a8044c759b1 Heure de fin : 251
Record Number: 17526
Source Name: Application Hang
Time Written: 20091121143801.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 1002
Message: Le programme firefox.exe version 1.9.0.3576 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 77c Heure de début : 01ca6ba2580e99f8 Heure de fin : 420
Record Number: 17570
Source Name: Application Hang
Time Written: 20091123203102.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-tamary
Event Code: 1002
Message: Le programme PROTECT.exe version 5.0.6.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 15e8 Heure de début : 01ca6d3f6d4d6968 Heure de fin : 5
Record Number: 17605
Source Name: Application Hang
Time Written: 20091124195146.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-tamary
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-TAMARY$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x25c
Nom du processus : C:\\Windows\\System32\\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 21115
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313105321.687500-000
Event Type: Succès de l\'audit
User:

Computer Name: PC-de-tamary
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-TAMARY$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x25c
Nom du processus : C:\\Windows\\System32\\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 21116
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313105321.687500-000
Event Type: Succès de l\'audit
User:

Computer Name: PC-de-tamary
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21117
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313105321.687500-000
Event Type: Succès de l\'audit
User:

Computer Name: PC-de-tamary
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-TAMARY$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x25c
Nom du processus : C:\\Windows\\System32\\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 21118
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313105322.515625-000
Event Type: Succès de l\'audit
User:

Computer Name: PC-de-tamary
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4

Privilèges : SeAuditPrivilege
SeImpersonatePrivilege
SeAssignPrimaryTokenPrivilege
Record Number: 21119
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313105322.515625-000
Event Type: Succès de l\'audit
User:

======Environment variables======

\"ComSpec\"=%SystemRoot%\\system32\\cmd.exe
\"FP_NO_HOST_CHECK\"=NO
\"OS\"=Windows_NT
\"Path\"=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem
\"PATHEXT\"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
\"PROCESSOR_ARCHITECTURE\"=x86
\"TEMP\"=%SystemRoot%\\TEMP
\"TMP\"=%SystemRoot%\\TEMP
\"USERNAME\"=SYSTEM
\"windir\"=%SystemRoot%
\"PROCESSOR_LEVEL\"=15
\"PROCESSOR_IDENTIFIER\"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
\"PROCESSOR_REVISION\"=4c02
\"NUMBER_OF_PROCESSORS\"=1

-----------------EOF-----------------

Bonsoir Tamalou,

Sur vista, tu as aussi des toolbars infectées, comme précédemment avec XP, tu vas passer deux outils différents.

• Télécharge ToolbarSD (de Team IDN) sur ton Bureau
  
  
• Lance l\'installation du programme en exécutant le fichier téléchargé
  
  
• Double-clique maintenant sur le raccourci de Toolbar-S&D. sous vista clique droit exécuter en tant qu\'administrateur.
  
  
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  
  
• Choisis maintenant l\'option 1 (Recherche). Patiente jusqu\'à la fin de la recherche.
  
  
• Poste le rapport généré. (C:\\TB.txt)
  

-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : tamary ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091201-0] 4.8.1351 (Not Activated)
C:\\ (Local Disk) - NTFS - Total:100 Go (Free:53 Go)
D:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 01/12/2009|17:29 )

[ UAC => 0 ]

-----------\\\\ Recherche de Fichiers / Dossiers ...

C:\\ProgramData\\GamesBar
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46.xm_
C:\\ProgramData\\GamesBar\\08-03-22-18-29-00
C:\\ProgramData\\GamesBar\\08-03-22-18-29-00.xm_
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22.xm_
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24.xm_
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27.xm_
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38
C:\\ProgramData\\GamesBar\\about.gif
C:\\ProgramData\\GamesBar\\action.gif
C:\\ProgramData\\GamesBar\\adventures_of_robinson_crusoe16x16.gif
C:\\ProgramData\\GamesBar\\alabama_smith16x16.gif
C:\\ProgramData\\GamesBar\\arcade.gif
C:\\ProgramData\\GamesBar\\Azada16x16.gif
C:\\ProgramData\\GamesBar\\blood_ties16x16.gif
C:\\ProgramData\\GamesBar\\buy.gif
C:\\ProgramData\\GamesBar\\cards.gif
C:\\ProgramData\\GamesBar\\caribbean_hideaway16x16.gif
C:\\ProgramData\\GamesBar\\cradle_of_persia16x16.gif
C:\\ProgramData\\GamesBar\\cradle_rome16x16.gif
C:\\ProgramData\\GamesBar\\deals.gif
C:\\ProgramData\\GamesBar\\death_nile16x16.gif
C:\\ProgramData\\GamesBar\\deep_quest16x16.gif
C:\\ProgramData\\GamesBar\\download.gif
C:\\ProgramData\\GamesBar\\dream_chronicles16x16.gif
C:\\ProgramData\\GamesBar\\dream_chronicles_216x16.gif
C:\\ProgramData\\GamesBar\\dr_daisy_pet_vet16x16.gif
C:\\ProgramData\\GamesBar\\escape_rosecliff_island16x16.gif
C:\\ProgramData\\GamesBar\\family_restaurant16x16.gif
C:\\ProgramData\\GamesBar\\farm_frenzy16x16.gif
C:\\ProgramData\\GamesBar\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\feedback.gif
C:\\ProgramData\\GamesBar\\help.gif
C:\\ProgramData\\GamesBar\\herods_lost_tomb16x16.gif
C:\\ProgramData\\GamesBar\\highlight.gif
C:\\ProgramData\\GamesBar\\jigsaw.gif
C:\\ProgramData\\GamesBar\\kids.gif
C:\\ProgramData\\GamesBar\\laura_jones16x16.gif
C:\\ProgramData\\GamesBar\\mahjong.gif
C:\\ProgramData\\GamesBar\\multiplayer.gif
C:\\ProgramData\\GamesBar\\mygames.gif
C:\\ProgramData\\GamesBar\\mystery_of_unicorn_castle16x16.gif
C:\\ProgramData\\GamesBar\\my_kingdom_for_the_princess16x16.gif
C:\\ProgramData\\GamesBar\\newGames.gif
C:\\ProgramData\\GamesBar\\oberonconfig.xm_
C:\\ProgramData\\GamesBar\\obSearchHistory.dat
C:\\ProgramData\\GamesBar\\onload
C:\\ProgramData\\GamesBar\\partner.gif
C:\\ProgramData\\GamesBar\\party_down16x16.gif
C:\\ProgramData\\GamesBar\\pirate_poker16x16.gif
C:\\ProgramData\\GamesBar\\pirate_stories_kit_ellis16x16.gif
C:\\ProgramData\\GamesBar\\popup_off.gif
C:\\ProgramData\\GamesBar\\popup_on.gif
C:\\ProgramData\\GamesBar\\pure_hidden16x16.gif
C:\\ProgramData\\GamesBar\\puzzle.gif
C:\\ProgramData\\GamesBar\\ranch_rush16x16.gif
C:\\ProgramData\\GamesBar\\search.gif
C:\\ProgramData\\GamesBar\\seasonmatch16x16.gif
C:\\ProgramData\\GamesBar\\secrets-of-great-art16x16.gif
C:\\ProgramData\\GamesBar\\sendafriend.gif
C:\\ProgramData\\GamesBar\\solitaire_cruise16x16.gif
C:\\ProgramData\\GamesBar\\sports.gif
C:\\ProgramData\\GamesBar\\sprill16x16.gif
C:\\ProgramData\\GamesBar\\supercow16x16.gif
C:\\ProgramData\\GamesBar\\trial.gif
C:\\ProgramData\\GamesBar\\Turbo_Subs16x16.gif
C:\\ProgramData\\GamesBar\\uninstall.gif
C:\\ProgramData\\GamesBar\\update.gif
C:\\ProgramData\\GamesBar\\webgame.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\about.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\action.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\arcade.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\Azada16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\buy.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\cards.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\caribbean_hideaway16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\cradle_of_persia16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\cradle_rome16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\deals.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\death_nile16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\deep_quest16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\download.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\dr_daisy_pet_vet16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\family_restaurant16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\farm_frenzy16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\feedback.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\help.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\highlight.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\kids.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\multiplayer.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\mygames.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\newGames.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\partner.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\pirate_poker16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\pirate_stories_kit_ellis16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\search.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\seasonmatch16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\solitaire_cruise16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\sports.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\supercow16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\trial.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\Turbo_Subs16x16.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\update.gif
C:\\ProgramData\\GamesBar\\08-03-19-08-34-46\\webgame.gif
C:\\ProgramData\\GamesBar\\08-03-22-18-29-00\\partner.gif
C:\\ProgramData\\GamesBar\\08-03-22-18-29-00\\update.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\about.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\action.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\arcade.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\Azada16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\buy.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\cards.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\caribbean_hideaway16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\cradle_of_persia16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\cradle_rome16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\deals.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\death_nile16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\deep_quest16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\download.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\dr_daisy_pet_vet16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\family_restaurant16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\farm_frenzy16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\feedback.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\help.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\highlight.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\kids.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\multiplayer.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\mygames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\newGames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\partner.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\pirate_poker16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\pirate_stories_kit_ellis16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\search.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\seasonmatch16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\solitaire_cruise16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\sports.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\supercow16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\trial.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\Turbo_Subs16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\update.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-22\\webgame.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\about.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\action.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\arcade.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\Azada16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\buy.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\cards.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\caribbean_hideaway16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\cradle_of_persia16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\cradle_rome16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\deals.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\death_nile16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\deep_quest16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\download.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\dr_daisy_pet_vet16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\family_restaurant16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\farm_frenzy16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\feedback.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\help.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\highlight.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\kids.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\multiplayer.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\mygames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\newGames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\partner.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\pirate_poker16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\pirate_stories_kit_ellis16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\search.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\seasonmatch16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\solitaire_cruise16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\sports.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\supercow16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\trial.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\Turbo_Subs16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\update.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-24\\webgame.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\about.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\action.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\arcade.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\Azada16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\buy.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\cards.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\caribbean_hideaway16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\cradle_of_persia16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\cradle_rome16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\deals.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\death_nile16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\deep_quest16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\download.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\dr_daisy_pet_vet16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\family_restaurant16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\farm_frenzy16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\feedback.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\help.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\highlight.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\kids.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\multiplayer.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\mygames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\newGames.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\partner.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\pirate_poker16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\pirate_stories_kit_ellis16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\search.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\seasonmatch16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\solitaire_cruise16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\sports.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\supercow16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\trial.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\Turbo_Subs16x16.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\update.gif
C:\\ProgramData\\GamesBar\\08-04-20-12-47-27\\webgame.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\about.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\action.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\arcade.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\buy.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\cards.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\deals.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\download.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\feedback.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\help.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\highlight.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\kids.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\mygames.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\newGames.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\partner.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\search.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\sports.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\trial.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-11-22-14-32-04\\update.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\about.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\action.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\arcade.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\buy.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\cards.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\deals.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\download.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\feedback.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\help.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\highlight.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\kids.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\mygames.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\newGames.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\partner.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\search.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\sports.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\trial.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-12-02-10-57-35\\update.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\about.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\action.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\arcade.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\buy.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\cards.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\deals.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\download.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\feedback.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\help.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\highlight.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\kids.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\mygames.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\newGames.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\partner.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\search.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\sports.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\trial.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-12-24-16-44-11\\update.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\about.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\action.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\arcade.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\buy.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\cards.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\deals.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\download.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\feedback.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\help.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\highlight.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\jigsaw.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\kids.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\mahjong.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\mygames.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\newGames.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\partner.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\popup_off.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\popup_on.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\puzzle.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\search.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\sendafriend.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\sports.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\trial.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\uninstall.gif
C:\\ProgramData\\GamesBar\\08-12-27-20-59-45\\update.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\about.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\action.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\arcade.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\buy.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\cards.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\deals.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\download.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\fashion_craze16x16.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\feedback.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\help.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\highlight.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\jigsaw.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\kids.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\mahjong.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\mygames.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\newGames.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\partner.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\popup_off.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\popup_on.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\puzzle.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\search.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\sendafriend.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\sports.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\trial.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\uninstall.gif
C:\\ProgramData\\GamesBar\\09-06-21-15-05-35\\update.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\about.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\action.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\arcade.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\buy.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\cards.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\deals.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\download.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\feedback.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\help.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\highlight.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\jigsaw.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\kids.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\mahjong.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\mygames.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\newGames.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\partner.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\popup_off.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\popup_on.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\puzzle.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\search.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\sendafriend.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\sports.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\trial.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\uninstall.gif
C:\\ProgramData\\GamesBar\\09-09-05-13-31-38\\update.gif
C:\\ProgramData\\GamesBar\\onload\\loading.gif
C:\\PROGRA~2\\MICROS~1\\Windows\\STARTM~1\\Programs\\GamesBar
C:\\Program Files\\GamesBar
C:\\Program Files\\GamesBar\\Localization-French.ini
C:\\Program Files\\GamesBar\\Localization2-French.ini
C:\\Program Files\\GamesBar\\oberontb.dll
C:\\Program Files\\GamesBar\\OBGet.exe
C:\\Program Files\\GamesBar\\uninst.exe
C:\\Users\\tamary\\AppData\\Local\\Temp\\ICD1.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsa9260.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsb47E5.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsbBD8B.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsd88D3.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nseCCDC.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsg75D4.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsgB96E.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsgC6E8.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsh6139.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nshF97D.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsiAC12.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsj4C15.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nskA2A2.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsm1B70.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsmB46E.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsn2C87.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsn7E42.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsp5397.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nst62ED.tmp
C:\\Users\\tamary\\AppData\\Local\\Temp\\nsuF066.tmp

-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Local Page\"=\"C:\\\\Windows\\\\system32\\\\blank.htm\"
\"Search Page\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com\"
\"Start Page\"=\"http://mystart.incredimail.com/\"
\"Search Bar\"=\"http://www.google.com/ie\"
\"Url\"=\"http://go.microsoft.com/fwlink/?LinkId=75720\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Start Page\"=\"http://fr.yahoo.com\"
\"Default_Page_URL\"=\"http://fr.yahoo.com\"
\"Default_Search_URL\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com\"
\"Search Page\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com\"
\"Local Page\"=\"C:\\\\Windows\\\\System32\\\\blank.htm\"


--------------------\\\\ Recherche d\'autres infections

--------------------\\\\ Cracks & Keygens ..



[ UAC => 1 ]


1 - \"C:\\ToolBar SD\\TB_1.txt\" - 01/12/2009|17:31 - Option : [1]

-----------\\\\ Fin du rapport a 17:31:14,73

J\'ai modifié ton message précédent, une adresse hotmail y été incluse

J\'ai tout de même eu le temps de voir que tu possèdes une belle collection de cracks et keygens. La prévention me doit de te prévenir qu\'il est très dangereux d\'utiliser ces fichiers zippés, qui contiennent la plupart du temps des infections très virulentes pour les ordinateurs : bagle, virut pour ne citer qu\'eux. La dernière variante de virut ne peut être supprimée à l\'heure actuelle, seul un formatage de bas niveau en vient à bout.

Continuons cette désinfection :

• Relance Toolbar-S&D en double-cliquant sur le raccourci, toujours un clique droit Exécuter en tant qu\'administrateur.
  
  
• Tape sur \"2\" puis valide en appuyant sur \"Entrée\".
  
  /!\\ Ne ferme pas la fenêtre lors de la suppression /!\\
  
  
• Un rapport sera généré, poste son contenu ici.
  

* NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l\'onglet \"Processus\". Clique en haut à gauche sur Fichier et choisis \"Exécuter...\"
Tape explorer puis valide.

merci pour la correction de l\'adresse je fait exactement ce que tu me demandes sans regarder vraiment le rapport ... pour les cracks et keygens, je n\'en utilise pas mais comme je vois que c\'est l\'adresse de mon fils, sans doute des fichiers qu\'il a du faire passer de pc a pc
j\'ai supprimer les adresses cette fois ci, si tu en vois encore , n\'hesites pas


-----------\\\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : tamary ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091201-0] 4.8.1351 (Not Activated)
C:\\ (Local Disk) - NTFS - Total:100 Go (Free:53 Go)
D:\\ (CD or DVD)

\"C:\\ToolBar SD\" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 01/12/2009|17:47 )

[ UAC => 1 ]

-----------\\\\ SUPPRESSION

Supprime! - C:\\ProgramData\\GamesBar\\08-03-19-08-34-46
Supprime! - C:\\ProgramData\\GamesBar\\08-03-19-08-34-46.xm_
Supprime! - C:\\ProgramData\\GamesBar\\08-03-22-18-29-00
Supprime! - C:\\ProgramData\\GamesBar\\08-03-22-18-29-00.xm_
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-22
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-22.xm_
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-24
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-24.xm_
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-27
Supprime! - C:\\ProgramData\\GamesBar\\08-04-20-12-47-27.xm_
Supprime! - C:\\ProgramData\\GamesBar\\08-11-22-14-32-04
Supprime! - C:\\ProgramData\\GamesBar\\08-12-02-10-57-35
Supprime! - C:\\ProgramData\\GamesBar\\08-12-24-16-44-11
Supprime! - C:\\ProgramData\\GamesBar\\08-12-27-20-59-45
Supprime! - C:\\ProgramData\\GamesBar\\09-06-21-15-05-35
Supprime! - C:\\ProgramData\\GamesBar\\09-09-05-13-31-38
Supprime! - C:\\ProgramData\\GamesBar\\about.gif
Supprime! - C:\\ProgramData\\GamesBar\\action.gif
Supprime! - C:\\ProgramData\\GamesBar\\adventures_of_robinson_crusoe16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\alabama_smith16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\arcade.gif
Supprime! - C:\\ProgramData\\GamesBar\\Azada16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\blood_ties16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\buy.gif
Supprime! - C:\\ProgramData\\GamesBar\\cards.gif
Supprime! - C:\\ProgramData\\GamesBar\\caribbean_hideaway16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\cradle_of_persia16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\cradle_rome16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\deals.gif
Supprime! - C:\\ProgramData\\GamesBar\\death_nile16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\deep_quest16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\download.gif
Supprime! - C:\\ProgramData\\GamesBar\\dream_chronicles16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\dream_chronicles_216x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\dr_daisy_pet_vet16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\escape_rosecliff_island16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\family_restaurant16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\farm_frenzy16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\fashion_craze16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\feedback.gif
Supprime! - C:\\ProgramData\\GamesBar\\help.gif
Supprime! - C:\\ProgramData\\GamesBar\\herods_lost_tomb16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\highlight.gif
Supprime! - C:\\ProgramData\\GamesBar\\jigsaw.gif
Supprime! - C:\\ProgramData\\GamesBar\\kids.gif
Supprime! - C:\\ProgramData\\GamesBar\\laura_jones16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\mahjong.gif
Supprime! - C:\\ProgramData\\GamesBar\\multiplayer.gif
Supprime! - C:\\ProgramData\\GamesBar\\mygames.gif
Supprime! - C:\\ProgramData\\GamesBar\\mystery_of_unicorn_castle16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\my_kingdom_for_the_princess16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\newGames.gif
Supprime! - C:\\ProgramData\\GamesBar\\oberonconfig.xm_
Supprime! - C:\\ProgramData\\GamesBar\\obSearchHistory.dat
Supprime! - C:\\ProgramData\\GamesBar\\onload
Supprime! - C:\\ProgramData\\GamesBar\\partner.gif
Supprime! - C:\\ProgramData\\GamesBar\\party_down16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\pirate_poker16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\pirate_stories_kit_ellis16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\popup_off.gif
Supprime! - C:\\ProgramData\\GamesBar\\popup_on.gif
Supprime! - C:\\ProgramData\\GamesBar\\pure_hidden16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\puzzle.gif
Supprime! - C:\\ProgramData\\GamesBar\\ranch_rush16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\search.gif
Supprime! - C:\\ProgramData\\GamesBar\\seasonmatch16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\secrets-of-great-art16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\sendafriend.gif
Supprime! - C:\\ProgramData\\GamesBar\\solitaire_cruise16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\sports.gif
Supprime! - C:\\ProgramData\\GamesBar\\sprill16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\supercow16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\trial.gif
Supprime! - C:\\ProgramData\\GamesBar\\Turbo_Subs16x16.gif
Supprime! - C:\\ProgramData\\GamesBar\\uninstall.gif
Supprime! - C:\\ProgramData\\GamesBar\\update.gif
Supprime! - C:\\ProgramData\\GamesBar\\webgame.gif
Supprime! - C:\\PROGRA~2\\MICROS~1\\Windows\\STARTM~1\\Programs\\GamesBar
Supprime! - C:\\Program Files\\GamesBar\\Localization-French.ini
Supprime! - C:\\Program Files\\GamesBar\\Localization2-French.ini
Supprime! - C:\\Program Files\\GamesBar\\oberontb.dll
Supprime! - C:\\Program Files\\GamesBar\\OBGet.exe
Supprime! - C:\\Program Files\\GamesBar\\uninst.exe
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\ICD1.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsa9260.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsb47E5.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsbBD8B.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsd88D3.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nseCCDC.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsg75D4.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsgB96E.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsgC6E8.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsh6139.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nshF97D.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsiAC12.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsj4C15.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nskA2A2.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsm1B70.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsmB46E.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsn2C87.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsn7E42.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsp5397.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nst62ED.tmp
Supprime! - C:\\Users\\tamary\\AppData\\Local\\Temp\\nsuF066.tmp
Supprime! - C:\\ProgramData\\GamesBar
Supprime! - C:\\Program Files\\GamesBar

-----------\\\\ Recherche de Fichiers / Dossiers ...


-----------\\\\ [..\\Internet Explorer\\Main]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]
\"Local Page\"=\"C:\\\\Windows\\\\system32\\\\blank.htm\"
\"Search Page\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com\"
\"Start Page\"=\"http://mystart.incredimail.com/\"
\"Search Bar\"=\"http://www.google.com/ie\"
\"Url\"=\"http://go.microsoft.com/fwlink/?LinkId=75720\"

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main]
\"Start Page\"=\"http://www.msn.com/\"
\"Default_Page_URL\"=\"http://fr.yahoo.com\"
\"Default_Search_URL\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com\"
\"Search Page\"=\"http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com\"
\"Local Page\"=\"C:\\\\Windows\\\\System32\\\\blank.htm\"


--------------------\\\\ Recherche d\'autres infections

--------------------\\\\ Cracks & Keygens ..



[ UAC => 1 ]


1 - \"C:\\ToolBar SD\\TB_1.txt\" - 01/12/2009|17:31 - Option : [1]
2 - \"C:\\ToolBar SD\\TB_2.txt\" - 01/12/2009|17:49 - Option : [2]

-----------\\\\ Fin du rapport a 17:49:06,56

Le plus simple était de tout supprimer, il en restait encore.

On passe au deuxième outil que tu connais aussi :

• Télécharge AD-Remover sur ton bureau
  
  
• Double clique sur le fichier d\'installation de AD-Remover, le programme s\'installera automatiquement.
  
  
• Sous Vista : clic droit sur AD-Remover et sélectionner \"Exécuter en tant qu\'administrateur\"
  
  
• Au menu principal choisi l\'option \"L\" et tape sur [entrée] .
  
  
• Laisse travailler l\'outil et ne touche à rien ...
  
  
• Poste le rapport qui apparait à la fin.
  

( le rapport est sauvegardé aussi sous C:\\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s\'agit pas d\'un virus, mais d\'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d\'où l\'alerte émise par ces antivirus.

.
======= RAPPORT D\'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 25.11.2009 à 18:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:42:17, 01/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\\Program Files\\Ad-Remover\\
Système d\'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
Nom du PC: PC-DE-TAMARY | Utilisateur actuel: tamary
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\\ProgramData\\SweetIM
C:\\Windows\\Installer\\{59971D79-8111-42C2-9E40-883A0C277E78}
C:\\Users\\tamary\\AppData\\LocalLow\\SweetIM
C:\\Program Files\\SweetIM
C:\\Windows\\Installer\\2d2bb9a.msi
C:\\Windows\\Installer\\2d2bb9f.msi
C:\\Users\\tamary\\Desktop\\SweetImSetup.exe
C:\\Users\\tamary\\AppData\\Roaming\\MICROS~1\\Windows\\Cookies\\tamary@kiwee[2].txt
C:\\Users\\tamary\\AppData\\Roaming\\MICROS~1\\Windows\\Cookies\\tamary@ringtones.sweetim[1].txt
C:\\Users\\tamary\\AppData\\Roaming\\MICROS~1\\Windows\\Cookies\\tamary@search.sweetim[1].txt
C:\\Users\\tamary\\AppData\\Roaming\\MICROS~1\\Windows\\Cookies\\tamary@www1.kiwee[1].txt
.
HKCU\\software\\GamesBar
HKCU\\Software\\Microsoft\\Internet Explorer\\InternetRegistry\\Registry\\User\\S-1-5-21-1741508391-1205739424-3672039179-1000\\Software\\Sweetim
HKCU\\software\\microsoft\\internet explorer\\searchscopes\\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser\\\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\\software\\SweetIM
HKLM\\Software\\Classes\\CLSID\\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\\software\\classes\\MediaPlayer.GraphicsUtils
HKLM\\software\\classes\\MediaPlayer.GraphicsUtils.1
HKLM\\software\\classes\\MgMediaPlayer.GifAnimator
HKLM\\software\\classes\\MgMediaPlayer.GifAnimator.1
HKLM\\software\\classes\\SWEETIE.IEToolbar
HKLM\\software\\classes\\SWEETIE.IEToolbar.1
HKLM\\software\\classes\\SWEETIE.SWEETIE
HKLM\\software\\classes\\SWEETIE.SWEETIE.3
HKLM\\software\\classes\\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKLM\\software\\classes\\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKLM\\software\\classes\\Toolbar3.SWEETIE
HKLM\\software\\classes\\Toolbar3.SWEETIE.1
HKLM\\Software\\Classes\\TypeLib\\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\\Software\\Microsoft\\Internet Explorer\\Toolbar\\\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\SweetIM.exe
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\02F47BF73B948514FAACADD8CBBDF37D
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\07D5290CDBDAE4242926B8E6CA650501
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\080D9F5E1E95FEE4794CE438E635239E
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\08E33F7B61DEFF24BB9673ED7D467636
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\1AC67655DD68F8240B2860F2D511EBD8
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\1E264E0A5959A1C46BA9175A878B12EA
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\2E6768B6932D112438F047C54D180635
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\305B09CE8C53A214DB58887F62F25536
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\351716A953E21214898904032EAE2E81
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\397C771A7BCAC904697C3EC629ED33ED
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\4318DF19719275242801CBE292063A4C
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\4CCCAC049F34D0540AAC13011398BEDB
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\5D19F074C042AD34BAB463D4175A062E
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\697E782CF574CC34CBB9566440BA12BC
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\6AE27A8613CF7EA4782F2886F67295E5
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\7CE172051F585E04187BCB97570BFA74
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\86A901BA5265452499DCBF719C378EE3
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\980289C22F80A7C4BB9323DC61255E4E
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\9A4B7EF3789F871419D9302583B20C15
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\A189D17A469616C4688D23E192996267
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\A6C53B0F76C44004A8F36716213017DB
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\B59F2D8189784CC46A4597F2842480B0
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\D149C1355C98DE24E82CEFBD996FE06A
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\D3BA76A44C779424889063D5098ED2D6
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\DB59FDB786388EA4D897F3EE715683AC
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\E337925F629CF4C4FB08F3D9674DD839
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\E4748F9A4181FCE46A23C13B517B9420
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\EC65F200D112357449C8B1BC3CFA03D0
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\F327D0C73C0973644A21E8CC852267A0
HKLM\\software\\microsoft\\windows\\currentversion\\installer\\userdata\\S-1-5-18\\Components\\FA96423FE2B98E248A3B23548D1E22D9
HKLM\\software\\SweetIM

-- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.15 [fr] *
.
Nom du profil: uyyfy6y7.default (tamary)
.
(tamary, prefs.js) Browser.download.dir, C:\\Users\\tamary\\Downloads
(tamary, prefs.js) Browser.download.lastDir, C:\\Users\\tamary\\Desktop
(tamary, prefs.js) Browser.search.defaultenginename, MyStart Search
(tamary, prefs.js) Browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
(tamary, prefs.js) Browser.search.selectedEngine, Google
(tamary, prefs.js) Browser.startup.homepage, hxxp://www.memoclic.com/forum/bistrot/|hxxp://www.orange.fr/|hxxp://forum.lamijardin.net/|hxxp://www.aujardin.org/|hxxp://mail.google.com/mail/?source=navclient-ff&shva=1#inbox|hxxp://www.programme-tv.net/|hxxp://www.facebook.com/profile.php?id=1114372671&ref=profile
.
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\\..\\Internet Explorer\\Main]
.
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\\..\\Internet Explorer\\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\\..\\Internet Explorer\\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
10304 Octet(s) - C:\\Ad-Report-CLEAN[1].log
.
11532 Fichier(s) - C:\\Users\\tamary\\AppData\\Local\\Temp
7 Fichier(s) - C:\\Windows\\Temp
.
21 Fichier(s) - C:\\Program Files\\Ad-Remover\\BACKUP
94 Fichier(s) - C:\\Program Files\\Ad-Remover\\QUARANTINE
.
Fin à: 18:58:29 | 01/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

Okay.

Poste un nouveau rapport log.txt de RSIT stp

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by tamary at 2009-12-01 19:16:33
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 55 GB (54%) free of 102 GB
Total RAM: 894 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:50, on 01/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
C:\\Program Files\\Common Files\\logishrd\\LComMgr\\Communications_Helper.exe
C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Java\\jre6\\bin\\jucheck.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\explorer.exe
C:\\Windows\\system32\\notepad.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Users\\tamary\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\tamary.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [CardDetectorICON225] C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
O4 - HKLM\\..\\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe
O4 - HKLM\\..\\Run: [LogitechCommunicationsManager] \"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\"
O4 - HKLM\\..\\Run: [LogitechQuickCamRibbon] \"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [VeohPlugin] \"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://jeuxenligne.orange.fr/orange2.0/games/channel--110167437/lc--fr/room--aba38feb-288c-4503-a389-e5d57111c05c/online/wedding_dash/fr/WeddingDash.1.0.0.47.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\\Windows\\system32\\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\Windows\\system32\\pr2ajbeb.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe

--
End of file - 8683 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\User_Feed_Synchronization-{F541021D-EC55-4070-99AE-3E54C495044E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-09-24 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-09-24 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll []

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2008-09-28 463872]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATICCC\"=C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe [2006-07-11 90112]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2006-11-01 3772416]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"CardDetectorICON225\"=C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe [2007-11-14 278528]
\"BEWINTERNET-FR-DMGP-V2SessionManager\"=C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe [2007-12-05 107248]
\"LogitechCommunicationsManager\"=C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe [2008-08-14 565008]
\"LogitechQuickCamRibbon\"=C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe [2008-08-14 2407184]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]
\"SunJavaUpdateSched\"=C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-02-23 1232896]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2006-11-02 125440]
\"VeohPlugin\"=C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2008-09-28 3497208]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-03-10 39408]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-11-10 280008]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MsnMsgr]
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
C:\\Program Files\\Skype\\Phone\\Skype.exe [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SMSERIAL]
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe [2006-10-09 729088]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Windows Defender]
C:\\Program Files\\Windows Defender\\MSASCui.exe [2008-02-23 1006264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Yahoo! Pager]
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Users^tamary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\\PROGRA~1\\OPENOF~1.4\\program\\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"EnableLUA\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"FilterAdministratorToken\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=95000000

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe\"=\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b446d5b7-0193-11dd-9f07-00030d5c8292}]
shell\\AutoRun\\command - E:\\AutoRunCardDetector.exe


======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 1 months======

2009-12-01 18:35:17 ----D---- C:\\Program Files\\Ad-Remover
2009-12-01 17:29:42 ----A---- C:\\TB.txt
2009-12-01 17:25:51 ----D---- C:\\ToolBar SD
2009-12-01 09:26:50 ----D---- C:\\Program Files\\trend micro
2009-12-01 09:26:44 ----D---- C:\\rsit
2009-11-26 14:38:57 ----D---- C:\\Program Files\\Natalie Brooks - Secrets of Treasure House
2009-11-26 14:31:59 ----D---- C:\\ProgramData\\BigFishSavedGames
2009-11-25 14:43:45 ----A---- C:\\Windows\\system32\\tzres.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml6.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml3.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml6r.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml3r.dll
2009-11-17 18:40:10 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Malwarebytes
2009-11-17 18:39:58 ----D---- C:\\ProgramData\\Malwarebytes
2009-11-17 18:39:57 ----D---- C:\\Program Files\\Malwarebytes\' Anti-Malware
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xinput1_1.dll
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xactengine2_2.dll
2009-11-16 22:22:56 ----A---- C:\\Windows\\system32\\xactengine2_1.dll
2009-11-16 22:22:19 ----A---- C:\\Windows\\system32\\d3dx9_30.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\xactengine2_0.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\x3daudio1_0.dll
2009-11-16 22:22:14 ----A---- C:\\Windows\\system32\\d3dx9_29.dll
2009-11-16 22:22:12 ----A---- C:\\Windows\\system32\\d3dx9_28.dll
2009-11-16 22:22:08 ----A---- C:\\Windows\\system32\\d3dx9_27.dll
2009-11-16 22:22:05 ----A---- C:\\Windows\\system32\\d3dx9_26.dll
2009-11-16 22:22:02 ----A---- C:\\Windows\\system32\\d3dx9_25.dll
2009-11-16 22:22:00 ----A---- C:\\Windows\\system32\\d3dx9_24.dll
2009-11-16 22:14:17 ----D---- C:\\Program Files\\Micro Application
2009-11-11 19:33:26 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\ERS G-Studio
2009-11-11 17:05:01 ----D---- C:\\ProgramData\\MumboJumbo
2009-11-11 08:28:42 ----A---- C:\\Windows\\system32\\WSDApi.dll
2009-11-10 16:36:01 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Gamenauts
2009-11-10 16:19:35 ----D---- C:\\ProgramData\\PhotoMail
2009-11-10 16:19:32 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-09 13:08:56 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Games
2009-11-04 09:47:31 ----A---- C:\\Windows\\system32\\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-12-01 19:16:33 ----D---- C:\\Windows\\Temp
2009-12-01 18:59:55 ----D---- C:\\Program Files\\Mozilla Firefox
2009-12-01 18:56:17 ----SHD---- C:\\Windows\\Installer
2009-12-01 18:54:40 ----RD---- C:\\Program Files
2009-12-01 18:54:06 ----HD---- C:\\ProgramData
2009-12-01 17:27:36 ----D---- C:\\Windows\\Prefetch
2009-12-01 12:33:01 ----SHD---- C:\\System Volume Information
2009-11-29 10:16:00 ----D---- C:\\Windows\\system32\\catroot2
2009-11-26 14:39:43 ----AD---- C:\\ProgramData\\TEMP
2009-11-26 14:35:23 ----D---- C:\\BigFishGamesCache
2009-11-25 23:02:28 ----D---- C:\\Windows\\System32
2009-11-25 14:45:25 ----D---- C:\\Windows\\winsxs
2009-11-25 14:44:56 ----D---- C:\\Windows\\system32\\fr-FR
2009-11-25 14:44:41 ----D---- C:\\Windows\\system32\\catroot
2009-11-25 14:42:30 ----D---- C:\\Windows
2009-11-24 23:39:16 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\dvdcss
2009-11-17 18:40:00 ----D---- C:\\Windows\\system32\\drivers
2009-11-16 22:22:56 ----RSD---- C:\\Windows\\assembly
2009-11-16 22:22:28 ----D---- C:\\Windows\\Microsoft.NET
2009-11-12 07:50:58 ----D---- C:\\Program Files\\Windows Mail
2009-11-11 08:55:00 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\OpenOffice.org2
2009-11-10 16:17:36 ----D---- C:\\Program Files\\IncrediMail
2009-11-05 18:36:21 ----A---- C:\\Windows\\system32\\mrt.exe
2009-11-02 20:42:06 ----N---- C:\\Windows\\system32\\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys [2007-11-14 29856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\\Windows\\system32\\DRIVERS\\athr.sys [2008-05-07 767488]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\\Windows\\system32\\DRIVERS\\CmBatt.sys [2008-02-23 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2006-11-01 1644968]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\\Windows\\system32\\DRIVERS\\LVPr2Mon.sys [2008-07-26 25624]
R3 R300;R300; C:\\Windows\\system32\\DRIVERS\\atikmdag.sys [2006-11-09 2071552]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\\Windows\\system32\\DRIVERS\\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\\Windows\\system32\\DRIVERS\\smserial.sys [2006-10-09 981504]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\Windows\\system32\\DRIVERS\\Camdrl.sys [2007-02-03 1075360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2006-11-02 5632]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\\Windows\\system32\\DRIVERS\\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\\Windows\\system32\\DRIVERS\\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\\Windows\\system32\\DRIVERS\\gtptser.sys [2007-11-13 8064]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\\Windows\\system32\\drivers\\LVUSBSta.sys [2008-07-26 41752]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2006-11-02 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCASp50.sys [2006-11-28 27072]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\\Windows\\system32\\DRIVERS\\LV561AV.SYS [2008-02-01 489624]
S3 sdbus;sdbus; C:\\Windows\\system32\\DRIVERS\\sdbus.sys [2006-11-02 82432]
S3 usbaudio;Pilote USB audio (WDM); C:\\Windows\\system32\\drivers\\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\\Windows\\system32\\DRIVERS\\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\drivers\\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\\Windows\\system32\\Ati2evxx.exe [2006-11-09 552960]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 FTRTSVC;France Telecom Routing Table Service; C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe [2007-12-04 65536]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 LVCOMSer;LVCOMSer; C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 SeaPort;SeaPort; C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe [2009-05-19 240512]
R2 YahooAUService;Yahoo! Updater; C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\Windows\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-05-23 182768]

-----------------EOF-----------------

Du ménage de fais.

On continue, je vais te faire vacciner tes supports amovibles :

• Télécharge et installe UsbFix de C_XX & Chiquitine29
  
  
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
  
  
• Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi \"Exécuter en tant qu\'administrateur\" .
  
  
• Choisi l\'option 1 ( Recherche )
  
  
• Laisse travailler l\'outil.
  
  
• Ensuite post le rapport UsbFix.txt qui apparaîtra.
  
  
• Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : \"Process.exe\", une composante de l\'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s\'agit pas d\'un virus, mais d\'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d\'où l\'alerte émise par ces antivirus.

############################## | UsbFix V6.059 |

User : tamary (Administrateurs) # PC-DE-TAMARY
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:28:47 | 01/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Mobile AMD Sempron(tm) Processor 3200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091201-0] 4.8.1351 [ Enabled | Updated ]

C:\\ -> Disque fixe local # 100,07 Go (53,88 Go free) # NTFS
D:\\ -> Disque CD-ROM
E:\\ -> Disque fixe local # 465,76 Go (165,19 Go free) [dd externe] # NTFS

############################## | Processus actifs |

C:\\Windows\\System32\\smss.exe 400
C:\\Windows\\system32\\csrss.exe 464
C:\\Windows\\system32\\wininit.exe 512
C:\\Windows\\system32\\csrss.exe 520
C:\\Windows\\system32\\winlogon.exe 568
C:\\Windows\\system32\\services.exe 596
C:\\Windows\\system32\\lsass.exe 612
C:\\Windows\\system32\\lsm.exe 620
C:\\Windows\\system32\\svchost.exe 768
C:\\Windows\\system32\\svchost.exe 828
C:\\Windows\\System32\\svchost.exe 868
C:\\Windows\\system32\\Ati2evxx.exe 984
C:\\Windows\\System32\\svchost.exe 1016
C:\\Windows\\System32\\svchost.exe 1044
C:\\Windows\\system32\\svchost.exe 1056
C:\\Windows\\system32\\svchost.exe 1156
C:\\Windows\\system32\\SLsvc.exe 1176
C:\\Windows\\system32\\svchost.exe 1208
C:\\Windows\\system32\\Ati2evxx.exe 1288
C:\\Windows\\system32\\svchost.exe 1408
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe 1524
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe 1536
C:\\Windows\\System32\\spoolsv.exe 1844
C:\\Windows\\system32\\svchost.exe 1872
C:\\Windows\\system32\\Dwm.exe 1120
C:\\Windows\\RtHDVCpl.exe 1284
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe 336
C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe 1108
C:\\Program Files\\Common Files\\logishrd\\LComMgr\\Communications_Helper.exe 2060
C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe 2068
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe 2084
C:\\Windows\\ehome\\ehtray.exe 2100
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe 2112
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe 2128
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE 2160
C:\\Windows\\ehome\\ehmsas.exe 2440
C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe 2900
C:\\Windows\\system32\\svchost.exe 3000
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe 3068
C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe 3088
C:\\Windows\\System32\\svchost.exe 3116
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe 3152
C:\\Windows\\System32\\svchost.exe 3168
C:\\Windows\\system32\\svchost.exe 3188
C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe 3276
C:\\Windows\\system32\\svchost.exe 3308
C:\\Windows\\System32\\svchost.exe 3368
C:\\Windows\\system32\\SearchIndexer.exe 3420
C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe 3484
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe 1672
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe 1968
C:\\Windows\\system32\\svchost.exe 2764
C:\\Windows\\system32\\taskeng.exe 2752
C:\\Windows\\system32\\taskeng.exe 4004
C:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe 764
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe 3516
C:\\Program Files\\Windows Media Player\\wmpnetwk.exe 2504
C:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe 4312
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe 4648
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe 4660
C:\\Windows\\system32\\SearchProtocolHost.exe 5684
C:\\Program Files\\Java\\jre6\\bin\\jucheck.exe 9864
C:\\Windows\\System32\\rundll32.exe 65560
C:\\Windows\\explorer.exe 69668
C:\\Program Files\\Mozilla Firefox\\firefox.exe 70476
C:\\Windows\\system32\\NOTEPAD.EXE 61892
C:\\Windows\\system32\\SearchFilterHost.exe 70128
C:\\Windows\\system32\\conime.exe 70308
C:\\Windows\\system32\\wbem\\wmiprvse.exe 71136

################## | Fichiers # Dossiers infectieux |


################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

HKCU\\..\\..\\Explorer\\MountPoints2\\{b446d5b7-0193-11dd-9f07-00030d5c8292}
shell\\AutoRun\\command =E:\\AutoRunCardDetector.exe

################## | Cracks / Keygens / Serials |

\"C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe\"
09/10/2006 20:43 |Size 729088 |Crc32 442f9639 |Md5 04870a30820f902aab828317c3b5e897

\"E:\\photos\\BP 8 juin 2008\\telechargements\\adshield\\Crack.exe\"
22/03/2005 09:11 |Size 8192 |Crc32 024394fd |Md5 06461b25bcbb4c8d56eb944affcb124f

\"E:\\sauvegarde\\telechargements\\capture d\'ecran\\snagit\\crack snagIt\\Techsmith_SnagIt_v8.x.x_multi_keygen-ZWT\\Techsmith SnagIt v8.1.0-multi-keygen\\keygen.exe\"
11/07/2006 17:01 |Size 66048 |Crc32 81a8d415 |Md5 d6524cc58d040b579b12aab208617229

\"E:\\sauvegarde\\telechargements\\capture d\'ecran\\snagit\\crack snagIt\\Techsmith_SnagIt_v8.x.x_multi_keygen-ZWT.zip\"
-> Contain : Techsmith SnagIt v8.1.0-multi-keygen\\keygen.exe

\"E:\\essai convertion film\\zork nemesis Crack.rar\"
-> contain : ForexStartGuide.exe


################## | ! Fin du rapport # UsbFix V6.059 ! |

Encore des cracks et des keygens !!

Fais ceci :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


• Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi \"Exécuter en tant qu\'administrateur\" .
  
  
• choisi l\'option 2 ( Suppression )
  
  
• Ton bureau disparaîtra et le pc redémarrera .
  
  
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l\'outil.
  
  
• Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .
  
  
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\\UsbFix.txt )
  
  
• ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
  
  
• UsbFix te proposera d\'uploader un dossier compressé à cette adresse : chiquitine.changelog.fr/Sample/Upload.php
  
  
• Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.
  
  
• Merci de l\'envoyer à l\'adresse indiquée afin d\'aider l\'auteur de UsbFix dans ses recherches.
  
  
• Merci d\'avance pour ta contribution

desolé pour le retard de ce post

############################## | UsbFix V6.059 |

User : tamary (Administrateurs) # PC-DE-TAMARY
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:24:28 | 01/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Mobile AMD Sempron(tm) Processor 3200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091201-0] 4.8.1351 [ Enabled | Updated ]

C:\\ -> Disque fixe local # 100,07 Go (53,88 Go free) # NTFS
D:\\ -> Disque CD-ROM
E:\\ -> Disque fixe local # 465,76 Go (165,19 Go free) [dd externe] # NTFS

############################## | Processus actifs |

C:\\Windows\\System32\\smss.exe 400
C:\\Windows\\system32\\csrss.exe 464
C:\\Windows\\system32\\wininit.exe 512
C:\\Windows\\system32\\csrss.exe 520
C:\\Windows\\system32\\winlogon.exe 568
C:\\Windows\\system32\\services.exe 588
C:\\Windows\\system32\\lsass.exe 600
C:\\Windows\\system32\\lsm.exe 608
C:\\Windows\\system32\\svchost.exe 768
C:\\Windows\\system32\\svchost.exe 828
C:\\Windows\\System32\\svchost.exe 868
C:\\Windows\\system32\\LogonUI.exe 912
C:\\Windows\\system32\\Ati2evxx.exe 988
C:\\Windows\\System32\\svchost.exe 1020
C:\\Windows\\System32\\svchost.exe 1048
C:\\Windows\\system32\\svchost.exe 1060
C:\\Windows\\system32\\svchost.exe 1156
C:\\Windows\\system32\\SLsvc.exe 1176
C:\\Windows\\system32\\svchost.exe 1232
C:\\Windows\\system32\\Ati2evxx.exe 1300
C:\\Windows\\system32\\svchost.exe 1420
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe 1540
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe 1552
C:\\Windows\\System32\\spoolsv.exe 1856
C:\\Windows\\system32\\svchost.exe 1884
C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe 1440
C:\\Windows\\system32\\svchost.exe 1892
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe 116
C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe 732
C:\\Windows\\System32\\svchost.exe 2052
C:\\Windows\\System32\\svchost.exe 2076
C:\\Windows\\system32\\svchost.exe 2088
C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe 2148
C:\\Windows\\system32\\svchost.exe 2188
C:\\Windows\\System32\\svchost.exe 2232
C:\\Windows\\system32\\SearchIndexer.exe 2316
C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe 2372
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe 2596
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe 2620
C:\\Windows\\system32\\svchost.exe 2708
C:\\Windows\\system32\\taskeng.exe 2720
C:\\Program Files\\Alwil Software\\Avast4\\setup\\avast.setup 3112
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe 3664
C:\\Windows\\system32\\taskeng.exe 3688
C:\\Windows\\system32\\SearchProtocolHost.exe 3816
C:\\Windows\\system32\\Dwm.exe 3904
C:\\Windows\\Explorer.EXE 3984
C:\\Windows\\system32\\runonce.exe 2412
C:\\Windows\\system32\\conime.exe 2744
C:\\Windows\\system32\\wbem\\wmiprvse.exe 3256

################## | Fichiers # Dossiers infectieux |


################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\\...\\Explorer\\MountPoints2\\{b446d5b7-0193-11dd-9f07-00030d5c8292}\\Shell\\AutoRun\\Command

################## | Listing des fichiers présent |

[01/12/2009 18:58|--a------|10640] C:\\Ad-Report-CLEAN[1].log
[18/09/2006 22:43|--a------|24] C:\\autoexec.bat
[02/11/2006 10:53|-rahs----|438840] C:\\bootmgr
[23/02/2008 23:32|-ra-s----|8192] C:\\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\\config.sys
[26/02/2008 10:53|-rahs----|0] C:\\IO.SYS
[26/02/2008 10:53|-rahs----|0] C:\\MSDOS.SYS
[?|?|?] C:\\pagefile.sys
[05/12/2008 01:02|--a------|2017] C:\\playground.log
[23/02/2008 15:46|--a------|351] C:\\RHDSetup.log
[01/12/2009 17:49|--a------|23860] C:\\TB.txt
[01/12/2009 20:29|--a------|3853] C:\\UsbFix.txt
[23/02/2008 16:47|--a------|146] C:\\YServer.txt
[28/08/2008 18:07|--a------|180305] E:\\Bookmarks 2008-08-28.json
[26/01/2009 12:54|--a------|204700] E:\\Bookmarks 2009-01-26.json
[16/05/2008 11:29|--a------|81959] E:\\desinstaller-norton-proprement-t57795.html
[20/05/2009 19:28|--a------|17807632] E:\\DivX_Converter_59606.exe
[25/03/2008 10:08|--ahs----|356352] E:\\ehthumbs_vista.db
[12/05/2008 17:08|--a------|1639] E:\\films a classer (MARY) - Raccourci.lnk
[21/05/2009 19:33|--a------|31084] E:\\page-0.htm
[26/02/2008 22:59|--a------|19968] E:\\W31769659H5200A1106.doc

################## | Vaccination |

# C:\\autorun.inf -> Dossier créé par UsbFix.
# E:\\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

\"C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe\"
09/10/2006 20:43 |Size 729088 |Crc32 442f9639 |Md5 04870a30820f902aab828317c3b5e897

\"E:\\photos\\BP 8 juin 2008\\telechargements\\adshield\\Crack.exe\"
22/03/2005 09:11 |Size 8192 |Crc32 024394fd |Md5 06461b25bcbb4c8d56eb944affcb124f

\"E:\\sauvegarde\\telechargements\\capture d\'ecran\\snagit\\crack snagIt\\Techsmith_SnagIt_v8.x.x_multi_keygen-ZWT\\Techsmith SnagIt v8.1.0-multi-keygen\\keygen.exe\"
11/07/2006 17:01 |Size 66048 |Crc32 81a8d415 |Md5 d6524cc58d040b579b12aab208617229

\"E:\\sauvegarde\\telechargements\\capture d\'ecran\\snagit\\crack snagIt\\Techsmith_SnagIt_v8.x.x_multi_keygen-ZWT.zip\"
-> Contain : Techsmith SnagIt v8.1.0-multi-keygen\\keygen.exe

\"E:\\essai convertion film\\zork nemesis Crack.rar\"
-> contain : ForexStartGuide.exe


################## | ! Fin du rapport # UsbFix V6.059 ! |


usbfix ne m\'a rien demander, j\'ai fait une erreur quelque part?

Je vais aux infos pour les modifications sur l\'outil USBFix, je pense que l\'auteur de cet outil l\'a encore fortement modifié et ne propose plus la fonction d\'upload du fichier zip tout simplement. (je ne suis pas encore au courant...).

Fais ceci maintenant :

• Télécharge Malwarebytes
  
  
• Tu auras un tutoriel à ta disposition pour l\'installer et l\'utiliser correctement.
  
  
• Fais la mise à jour du logiciel (elle se fait normalement à l\'installation)
  
  
• Lance une analyse complète en cliquant sur \"Exécuter un examen complet\"
  
  
• Sélectionnes les disques que tu veux analyser et cliques sur \"Lancer l\'examen\"
  
  
• L\'analyse peut durer un bon moment.....
  
  
• Une fois l\'analyse terminée, cliques sur \"OK\" puis sur \"Afficher les résultats\"
  
  
• Vérifies que tout est bien coché et cliques sur \"Supprimer la sélection\" => et ensuite sur \"OK\"
  
  
• Un rapport va s\'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
  
  
  
• Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur \"oui\" à la question posée

Bonne nuit, la suite demain...

Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3270
Windows 6.0.6000

02/12/2009 01:58:27
mbam-log-2009-12-02 (01-58-27).txt

Type de recherche: Examen complet (C:\\|E:\\|)
Eléments examinés: 240895
Temps écoulé: 1 hour(s), 14 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Salut,

Fais un nouveau RSIT de contrôle pour voir si je peux finaliser.

bonjour,

voila le nouveau rapport mais j\'ai un souci avec le dd externe.. il est allumer mais ne s\'affiche plus dans le poste de travail

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by tamary at 2009-12-02 16:29:01
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 55 GB (54%) free of 102 GB
Total RAM: 894 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:14, on 02/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\RtHDVCpl.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
C:\\Program Files\\Common Files\\logishrd\\LComMgr\\Communications_Helper.exe
C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\reader_sl.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
C:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Users\\tamary\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\tamary.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Windows Internet Explorer
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll
O4 - HKLM\\..\\Run: [ATICCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [CardDetectorICON225] C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe
O4 - HKLM\\..\\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe
O4 - HKLM\\..\\Run: [LogitechCommunicationsManager] \"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\"
O4 - HKLM\\..\\Run: [LogitechQuickCamRibbon] \"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [VeohPlugin] \"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\\Windows\\system32\\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\\Windows\\system32\\pr2ajbeb.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe

--
End of file - 8429 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\User_Feed_Synchronization-{F541021D-EC55-4070-99AE-3E54C495044E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-09-24 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-09-24 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\mgToolbarIE.dll []

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn1\\yt.dll [2009-07-31 909040]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll [2008-09-28 463872]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ATICCC\"=C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe [2006-07-11 90112]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2006-11-01 3772416]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"CardDetectorICON225\"=C:\\Program Files\\CardDetector\\ICON225\\CardDetector.exe [2007-11-14 278528]
\"BEWINTERNET-FR-DMGP-V2SessionManager\"=C:\\Program Files\\Orange\\IEWInternet-DMGP\\SessionManager\\SessionManager.exe [2007-12-05 107248]
\"LogitechCommunicationsManager\"=C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe [2008-08-14 565008]
\"LogitechQuickCamRibbon\"=C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe [2008-08-14 2407184]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]
\"SunJavaUpdateSched\"=C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-07-25 149280]
\"Malwarebytes Anti-Malware (reboot)\"=C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-02-23 1232896]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2006-11-02 125440]
\"VeohPlugin\"=C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe [2008-09-28 3497208]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-03-10 39408]
\"Messenger (Yahoo!)\"=C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IncrediMail]
C:\\Program Files\\IncrediMail\\bin\\IncMail.exe [2009-11-10 280008]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MsnMsgr]
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
C:\\Program Files\\Skype\\Phone\\Skype.exe [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SMSERIAL]
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe [2006-10-09 729088]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Windows Defender]
C:\\Program Files\\Windows Defender\\MSASCui.exe [2008-02-23 1006264]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WMPNSCFG]
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Yahoo! Pager]
C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Users^tamary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\\PROGRA~1\\OPENOF~1.4\\program\\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"EnableLUA\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"FilterAdministratorToken\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=145
\"NoDriveAutoRun\"=145
\"HonorAutoRunSetting\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"HonorAutoRunSetting\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe\"=\"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 1 months======

2009-12-01 20:29:26 ----RASHD---- C:\\autorun.inf
2009-12-01 20:24:24 ----A---- C:\\UsbFix.txt
2009-12-01 19:38:34 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\WinRAR
2009-12-01 19:27:56 ----D---- C:\\UsbFix
2009-12-01 18:35:17 ----D---- C:\\Program Files\\Ad-Remover
2009-12-01 17:29:42 ----A---- C:\\TB.txt
2009-12-01 17:25:51 ----D---- C:\\ToolBar SD
2009-12-01 09:26:50 ----D---- C:\\Program Files\\trend micro
2009-12-01 09:26:44 ----D---- C:\\rsit
2009-11-26 14:38:57 ----D---- C:\\Program Files\\Natalie Brooks - Secrets of Treasure House
2009-11-26 14:31:59 ----D---- C:\\ProgramData\\BigFishSavedGames
2009-11-25 14:43:45 ----A---- C:\\Windows\\system32\\tzres.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml6.dll
2009-11-25 14:37:53 ----A---- C:\\Windows\\system32\\msxml3.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml6r.dll
2009-11-25 14:37:52 ----A---- C:\\Windows\\system32\\msxml3r.dll
2009-11-17 18:40:10 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Malwarebytes
2009-11-17 18:39:58 ----D---- C:\\ProgramData\\Malwarebytes
2009-11-17 18:39:57 ----D---- C:\\Program Files\\Malwarebytes\' Anti-Malware
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xinput1_1.dll
2009-11-16 22:22:57 ----A---- C:\\Windows\\system32\\xactengine2_2.dll
2009-11-16 22:22:56 ----A---- C:\\Windows\\system32\\xactengine2_1.dll
2009-11-16 22:22:19 ----A---- C:\\Windows\\system32\\d3dx9_30.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\xactengine2_0.dll
2009-11-16 22:22:18 ----A---- C:\\Windows\\system32\\x3daudio1_0.dll
2009-11-16 22:22:14 ----A---- C:\\Windows\\system32\\d3dx9_29.dll
2009-11-16 22:22:12 ----A---- C:\\Windows\\system32\\d3dx9_28.dll
2009-11-16 22:22:08 ----A---- C:\\Windows\\system32\\d3dx9_27.dll
2009-11-16 22:22:05 ----A---- C:\\Windows\\system32\\d3dx9_26.dll
2009-11-16 22:22:02 ----A---- C:\\Windows\\system32\\d3dx9_25.dll
2009-11-16 22:22:00 ----A---- C:\\Windows\\system32\\d3dx9_24.dll
2009-11-16 22:14:17 ----D---- C:\\Program Files\\Micro Application
2009-11-11 19:33:26 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\ERS G-Studio
2009-11-11 17:05:01 ----D---- C:\\ProgramData\\MumboJumbo
2009-11-11 08:28:42 ----A---- C:\\Windows\\system32\\WSDApi.dll
2009-11-10 16:36:01 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Gamenauts
2009-11-10 16:19:35 ----D---- C:\\ProgramData\\PhotoMail
2009-11-10 16:19:32 ----D---- C:\\Program Files\\PhotoMail Maker
2009-11-09 13:08:56 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\Games
2009-11-04 09:47:31 ----A---- C:\\Windows\\system32\\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-12-02 16:28:59 ----D---- C:\\Windows\\Temp
2009-12-02 16:27:40 ----D---- C:\\Program Files\\Mozilla Firefox
2009-12-02 16:27:26 ----D---- C:\\Windows\\Prefetch
2009-12-02 02:46:47 ----SHD---- C:\\System Volume Information
2009-12-01 22:49:26 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\OpenOffice.org2
2009-12-01 20:28:30 ----SD---- C:\\Windows\\Downloaded Program Files
2009-12-01 20:26:02 ----SHD---- C:\\$Recycle.Bin
2009-12-01 19:32:15 ----D---- C:\\Windows\\System32
2009-12-01 19:32:15 ----D---- C:\\Windows\\inf
2009-12-01 19:32:15 ----A---- C:\\Windows\\system32\\PerfStringBackup.INI
2009-12-01 18:56:17 ----SHD---- C:\\Windows\\Installer
2009-12-01 18:54:40 ----RD---- C:\\Program Files
2009-12-01 18:54:06 ----HD---- C:\\ProgramData
2009-11-29 10:16:00 ----D---- C:\\Windows\\system32\\catroot2
2009-11-26 14:39:43 ----AD---- C:\\ProgramData\\TEMP
2009-11-26 14:35:23 ----D---- C:\\BigFishGamesCache
2009-11-25 14:45:25 ----D---- C:\\Windows\\winsxs
2009-11-25 14:44:56 ----D---- C:\\Windows\\system32\\fr-FR
2009-11-25 14:44:41 ----D---- C:\\Windows\\system32\\catroot
2009-11-25 14:42:30 ----D---- C:\\Windows
2009-11-24 23:39:16 ----D---- C:\\Users\\tamary\\AppData\\Roaming\\dvdcss
2009-11-17 18:40:00 ----D---- C:\\Windows\\system32\\drivers
2009-11-16 22:22:56 ----RSD---- C:\\Windows\\assembly
2009-11-16 22:22:28 ----D---- C:\\Windows\\Microsoft.NET
2009-11-12 07:50:58 ----D---- C:\\Program Files\\Windows Mail
2009-11-10 16:17:36 ----D---- C:\\Program Files\\IncrediMail
2009-11-05 18:36:21 ----A---- C:\\Windows\\system32\\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 X4HSX32Ex;X4HSX32Ex; \\??\\C:\\Program Files\\Player Metaboli\\X4HSX32Ex.Sys [2007-11-14 29856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\\Windows\\system32\\DRIVERS\\athr.sys [2008-05-07 767488]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\\Windows\\system32\\DRIVERS\\CmBatt.sys [2008-02-23 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2006-11-01 1644968]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\\Windows\\system32\\DRIVERS\\LVPr2Mon.sys [2008-07-26 25624]
R3 R300;R300; C:\\Windows\\system32\\DRIVERS\\atikmdag.sys [2006-11-09 2071552]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\\Windows\\system32\\DRIVERS\\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\\Windows\\system32\\DRIVERS\\smserial.sys [2006-10-09 981504]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\\Windows\\system32\\DRIVERS\\Camdrl.sys [2007-02-03 1075360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2006-11-02 5632]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\\Windows\\system32\\DRIVERS\\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\\Windows\\system32\\DRIVERS\\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\\Windows\\system32\\DRIVERS\\gtptser.sys [2007-11-13 8064]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\\Windows\\system32\\drivers\\LVUSBSta.sys [2008-07-26 41752]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2006-11-02 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\\Windows\\System32\\Drivers\\PCASp50.sys [2006-11-28 27072]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\\Windows\\system32\\DRIVERS\\LV561AV.SYS [2008-02-01 489624]
S3 sdbus;sdbus; C:\\Windows\\system32\\DRIVERS\\sdbus.sys [2006-11-02 82432]
S3 usbaudio;Pilote USB audio (WDM); C:\\Windows\\system32\\drivers\\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\\Windows\\system32\\DRIVERS\\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\drivers\\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\\Windows\\system32\\Ati2evxx.exe [2006-11-09 552960]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 FTRTSVC;France Telecom Routing Table Service; C:\\PROGRA~1\\COMMON~1\\France Telecom\\Shared Modules\\FTRTSVC\\1\\FTRTSVC.exe [2007-12-04 65536]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
R2 LVCOMSer;LVCOMSer; C:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\\Windows\\System32\\svchost.exe [2006-11-02 22016]
R2 SeaPort;SeaPort; C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe [2009-05-19 240512]
R2 YahooAUService;Yahoo! Updater; C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\\Windows\\system32\\svchost.exe [2006-11-02 22016]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb); C:\\Windows\\system32\\pr2ajbeb.exe [2007-08-22 411000]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-05-23 182768]

-----------------EOF-----------------