Virus imitant un controle de carte Visa

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Virus imitant un controle de carte Visa

Messagede Eric 34 » 11 Mar 2012, 13:05

Bonjour,
Lorsque je vais sur un site marchand pour passer une commande, une fois indiqué le numéro de carte bleue, la date d'expiration et le cryptogramme, pop-up une fenêtre qui essaye d’imiter le "Visa Verified" et qui me demande bien évidemment mon code de carte bleue. Je suis théorique protégé par Symantec Endpoint Protection et Malware Antimalware ne détecte rien. Ci après le fichier log.
Merci pour votre aide. Cordialement,
Eric

Fichier log "Malwar"e :

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.11.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ITK :: ITK-1W8QH4J [administrateur]

Protection: Désactivé

11/03/2012 11:45:56
mbam-log-2012-03-11 (11-45-56).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 323665
Temps écoulé: 9 minute(s), 57 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 11 Mar 2012, 13:07

Voici la première partie du fichier OTL.txt :
OTL logfile created on: 11/03/2012 12:06:10 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\ITK\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 73,16% Memory free
5,09 Gb Paging File | 4,33 Gb Available in Paging File | 85,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 14,03 Gb Free Space | 28,74% Space Free | Partition Type: NTFS
Drive D: | 184,00 Gb Total Space | 116,36 Gb Free Space | 63,24% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 456,90 Gb Free Space | 65,40% Space Free | Partition Type: NTFS

Computer Name: ITK-1W8QH4J | User Name: ITK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 10:21:17 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ITK\Bureau\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 14:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/10/28 16:41:10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2010/10/28 16:41:10 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
PRC - [2010/10/28 16:41:08 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/10/28 16:41:08 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/10/28 16:41:08 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/10/06 16:13:16 | 000,049,152 | ---- | M] (Business Software Components) -- C:\Program Files\TDA International\Licence\ClientCenterService.exe
PRC - [2010/04/07 13:48:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 04:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 13:45:15 | 009,396,736 | ---- | M] () -- C:\Documents and Settings\ITK\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.fra
MOD - [2012/02/17 03:12:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/17 03:12:32 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 03:12:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 03:10:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 03:10:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 03:10:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 03:09:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/10 21:00:50 | 003,340,064 | ---- | M] () -- c:\Program Files\Fichiers communs\Akamai\netsession_win_7de0ed9.dll
MOD - [2012/01/24 03:01:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d96b4eb2\mscorlib.dll
MOD - [2012/01/24 03:00:46 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bf0405dc\system.dll
MOD - [2012/01/24 03:00:41 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/19 14:34:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/01/19 14:28:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/19 14:18:14 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/01/19 14:18:14 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2012/01/19 12:15:33 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012/01/19 12:15:33 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2012/01/03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2012/01/03 14:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2010/11/08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/04/07 13:49:22 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/11/10 12:22:28 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3266.29383__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3266.29429__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3266.29459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3266.29443__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3266.29368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:28 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3266.29384__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3266.29460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:28 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3266.29384__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3266.29438__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3266.29374__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:28 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3266.29418__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3266.29380__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3266.29405__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:28 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3266.29383__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3266.29375__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:27 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3266.29408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:27 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3266.29433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/11/10 12:22:27 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:27 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3266.29473__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:27 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3266.29423__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3266.29439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3266.29376__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3266.29419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3266.29403__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3266.29416__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/11/10 12:22:26 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3266.29388__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3266.29415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:26 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3266.29417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/11/10 12:22:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/10 12:22:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/10 12:22:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/10 12:22:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/10 12:22:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/10 12:22:25 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/10 12:22:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3266.29468__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/10 12:22:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/11/10 12:22:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/11/10 12:22:24 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3266.29476__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/11/10 12:22:23 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3266.29379__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/10 12:22:23 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3266.29453__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/10 12:22:23 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/10 12:22:23 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3266.29451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/10 12:22:23 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3266.29368__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/10 12:22:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/10 12:22:23 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/10 12:22:23 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/10 12:22:23 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/10 12:22:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/10 12:22:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/10 12:22:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/11/10 12:22:23 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/11/10 12:22:23 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/11/10 12:22:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/10 12:22:22 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3266.29372__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/10 12:22:22 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3266.29367__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/11/10 12:22:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3266.29365__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/10 12:22:22 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3266.29366__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/11/10 12:22:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/10 12:22:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/10 12:22:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3266.29452__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/11/10 12:22:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/08/25 00:00:56 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/08/25 00:00:51 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2006/01/12 21:14:06 | 001,265,664 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.FRA
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Hercules\WebCam Station\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Intel Targeted Multicast)
SRV - [2012/02/10 21:00:50 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/10/28 16:41:10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/10/28 16:41:10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/10/28 16:41:08 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/10/28 16:41:08 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/10/28 16:41:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/10/06 16:13:16 | 000,049,152 | ---- | M] (Business Software Components) [Auto | Running] -- C:\Program Files\TDA International\Licence\ClientCenterService.exe -- (ClientCenterService)
SRV - [2010/04/23 21:51:46 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/29 23:40:52 | 000,700,032 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/12/01 09:12:22 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/11/18 04:16:42 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 12:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 12:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 12:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EraserUtilDrvI9)
DRV - [2012/01/19 11:09:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/16 12:52:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20120118.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 12:52:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/16 12:52:50 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/16 12:52:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20120118.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/28 16:41:10 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/10/28 16:41:10 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/10/28 16:41:10 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/10/28 16:41:06 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/10/28 16:41:06 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/10/28 16:41:04 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/12/10 18:30:06 | 003,453,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/31 13:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/10/20 11:23:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/06/05 10:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2008/04/16 02:53:38 | 000,020,736 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2008/04/14 04:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/13 10:41:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)
DRV - [2008/04/13 10:40:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/02/08 14:45:00 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/03/15 17:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/12/01 17:55:32 | 000,022,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2004/11/05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 18:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/09/21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2001/08/17 21:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/fr/fr/enterpris ... /index.jsp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/fr/fr/enterpris ... /index.jsp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/fr/fr/enterpris ... /index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/fr/fr/enterpris ... /index.jsp

IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/fr/fr/enterpris ... /index.jsp
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 D8 BD 05 AF AC CA 01 [binary data]
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_frFR385
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-FR&FORM=MIZWG0
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2542115
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_France Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {4daac69c-cba7-45e2-9bc8-1044483d3352}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIZWG0&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/01/15 13:20:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Fichiers communs\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/07 13:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/22 22:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 19:30:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/22 22:57:51 | 000,000,000 | ---D | M]

[2010/06/08 10:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ITK\Application Data\Mozilla\Extensions
[2012/03/07 17:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\extensions
[2012/03/07 17:51:23 | 000,000,000 | ---D | M] (Softonic_France Community Toolbar) -- C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
[2010/06/09 07:32:35 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\searchplugins\bing.xml
[2010/12/08 15:52:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\searchplugins\conduit.xml
[2011/01/22 15:21:22 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\searchplugins\live-search.xml
[2012/01/23 22:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 19:30:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/14 20:52:23 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/02/14 20:52:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 20:52:22 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/14 20:52:22 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/02/14 20:52:22 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/14 20:52:22 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\ITK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\

O1 HOSTS File: ([2012/01/19 11:32:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled [2010/06/08 08:15:32 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = File not found
O4 - Startup: C:\Documents and Settings\Crispin\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\ITK\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RUN: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE827B5D-7996-4967-8A34-6D766F7C1C3F}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2659001445-3422841640-1584887093-1037 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ITK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/12 14:22:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 11 Mar 2012, 13:09

Voici la suite du fichier OTL.txt :
CREATERESTOREPOINT
Error creating restore point.
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 11:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/11 11:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/11 11:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/03/11 11:01:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\ITK\Bureau\erunt-setup.exe
[2012/03/11 10:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/03/11 10:57:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/11 10:29:56 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ITK\Bureau\mbam--setup-1.60.1.1000.exe
[2012/03/11 10:21:16 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ITK\Bureau\OTL.exe
[2012/03/03 13:21:43 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\irstusb.sys
[2012/03/03 13:21:43 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/02/12 22:26:11 | 000,000,000 | ---D | C] -- D:\Mes donnees de Eric\Fibre
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/11 12:07:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/03/11 11:23:59 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1CE4B8C-D266-4F57-B450-2084C45A185B}.job
[2012/03/11 11:04:45 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\ITK\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/03/11 11:04:26 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\NTREGOPT.lnk
[2012/03/11 11:04:26 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\ERUNT.lnk
[2012/03/11 11:02:34 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\erunt-loc_fr.zip
[2012/03/11 11:01:17 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\ITK\Bureau\erunt-setup.exe
[2012/03/11 10:57:50 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/03/11 10:30:20 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ITK\Bureau\mbam--setup-1.60.1.1000.exe
[2012/03/11 10:26:42 | 000,198,449 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\00-PAD-nickW.pdf
[2012/03/11 10:22:27 | 000,013,601 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\E5gzpHdi.htm.part
[2012/03/11 10:21:46 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\ITK\Bureau\scan.zip
[2012/03/11 10:21:17 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ITK\Bureau\OTL.exe
[2012/03/10 18:57:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1044.job
[2012/03/10 13:59:32 | 003,151,956 | ---- | M] () -- D:\Mes donnees de Eric\cartedepeche(1).pdf
[2012/03/10 13:59:21 | 005,847,015 | ---- | M] () -- D:\Mes donnees de Eric\cartedepeche(2).pdf
[2012/03/10 13:41:37 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2012/03/10 13:07:16 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/03/10 13:07:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/10 12:09:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1037.job
[2012/03/10 12:09:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1037.job
[2012/03/10 12:05:56 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-500.job
[2012/03/10 12:05:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1042.job
[2012/03/10 12:05:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1040.job
[2012/03/10 12:05:56 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1041.job
[2012/03/10 12:05:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1044.job
[2012/03/10 12:05:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2659001445-3422841640-1584887093-1043.job
[2012/03/10 12:05:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/09 18:11:29 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1043.job
[2012/03/08 13:45:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1041.job
[2012/03/07 19:53:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1040.job
[2012/03/07 14:46:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-1042.job
[2012/03/06 15:10:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2659001445-3422841640-1584887093-500.job
[2012/03/05 19:32:16 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Office Word 2007.lnk
[2012/02/17 03:25:30 | 003,655,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 03:08:47 | 000,577,502 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/02/17 03:08:47 | 000,484,262 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 03:08:47 | 000,104,790 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/02/17 03:08:47 | 000,080,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/17 03:04:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 18:03:04 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2012/02/15 18:03:04 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/11 12:07:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/03/11 11:04:45 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\ITK\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/03/11 11:04:26 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\NTREGOPT.lnk
[2012/03/11 11:04:26 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\ERUNT.lnk
[2012/03/11 11:02:50 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\erunt-loc_fr.zip
[2012/03/11 10:57:50 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/03/11 10:26:42 | 000,198,449 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\00-PAD-nickW.pdf
[2012/03/11 10:22:27 | 000,013,601 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\E5gzpHdi.htm.part
[2012/03/11 10:21:46 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\ITK\Bureau\scan.zip
[2012/03/10 13:59:32 | 003,151,956 | ---- | C] () -- D:\Mes donnees de Eric\cartedepeche(1).pdf
[2012/03/10 13:59:21 | 005,847,015 | ---- | C] () -- D:\Mes donnees de Eric\cartedepeche(2).pdf
[2012/03/10 13:41:37 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2012/03/10 13:41:37 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2012/01/27 22:53:06 | 000,233,647 | ---- | C] () -- C:\WINDOWS\hpoins47.dat.temp
[2012/01/27 22:53:06 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat.temp
[2012/01/19 10:50:23 | 000,002,861 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/12/15 10:08:25 | 000,520,391 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2011/04/29 20:10:21 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/28 16:14:52 | 000,000,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/04/28 11:04:47 | 000,012,474 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1cp6esd8f7ow7d87cg2ks
[2010/12/22 22:52:03 | 000,233,647 | ---- | C] () -- C:\WINDOWS\hpoins47.dat
[2010/12/22 22:52:03 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat
[2010/11/26 22:46:51 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\MySync.ini
[2010/11/26 21:57:06 | 001,250,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/26 20:59:30 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2010/11/26 20:59:30 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2010/10/14 08:05:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/29 20:27:25 | 000,020,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2010/06/13 16:13:47 | 000,038,450 | ---- | C] () -- C:\Documents and Settings\ITK\Application Data\Microsoft Excel 97-2003.ADR
[2010/06/09 16:03:48 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ITK\Local Settings\Application Data\fusioncache.dat
[2010/05/19 20:36:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qvjsge.dat
[2010/04/24 13:57:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/23 22:07:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Printer Icons
[2010/04/23 22:07:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitar

========== LOP Check ==========

[2009/11/10 12:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrateur\Application Data\XnView
[2009/09/08 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2009/12/12 09:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2011/08/30 20:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2010/01/16 18:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/20 00:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/19 09:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2012/01/27 22:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXN
[2009/08/12 16:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2010/01/16 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/12/07 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/22 13:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/01/15 13:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2010/07/01 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/06/09 08:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/01/16 18:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/11/12 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/11/20 15:19:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2F39D4A9-97D4-449A-8581-18528F880722}
[2009/11/25 22:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/09 08:15:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/04/29 20:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\0E1B531E4B92127E5B0255F3118160CA
[2010/05/04 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\CocoonSoftware
[2009/12/12 09:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\DassaultSystemes
[2010/05/04 10:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\DWGeditor
[2010/08/16 17:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\inkscape
[2011/02/04 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\LiveCAD3
[2011/02/14 12:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Notepad++
[2011/04/28 11:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\PriceGong
[2010/03/02 11:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Research In Motion
[2010/07/01 14:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Sports Interactive
[2010/07/01 13:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\temp
[2010/10/26 11:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Thunderbird
[2010/11/29 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Voxmobili
[2011/01/31 17:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\XnView
[2012/03/08 18:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\Dropbox
[2011/04/19 09:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\Notepad++
[2011/12/21 12:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\PriceGong
[2011/01/26 08:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\Research In Motion
[2011/11/14 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\Thunderbird
[2010/12/09 16:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\Voxmobili
[2010/08/22 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crispin\Application Data\XnView
[2012/01/27 21:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\go
[2011/03/10 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\Notepad++
[2011/12/18 14:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\PriceGong
[2011/01/28 18:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\Research In Motion
[2010/02/10 19:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\Thunderbird
[2010/11/28 17:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\Voxmobili
[2010/03/07 14:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmeline\Application Data\XnView
[2010/05/31 00:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\18D5E9727273568898F8EB4FD119013C
[2009/12/01 09:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\DWGeditor
[2011/10/08 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\GlarySoft
[2010/12/16 16:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\inkscape
[2011/01/22 21:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\LiveCAD3
[2010/01/10 14:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Nikon
[2011/04/30 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Notepad++
[2010/09/19 15:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Opera
[2010/11/26 20:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Orion
[2011/10/08 15:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\PriceGong
[2010/11/26 21:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Research In Motion
[2011/04/02 21:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\sldIM
[2010/06/09 08:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\TuneUp Software
[2010/11/27 18:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\Voxmobili
[2011/09/04 21:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITK\Application Data\XnView
[2011/10/09 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\PriceGong
[2011/02/01 18:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Research In Motion
[2010/03/25 15:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Thunderbird
[2010/11/27 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Voxmobili
[2009/12/09 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\XnView
[2010/11/28 14:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Musique Parents\Application Data\Voxmobili
[2009/11/25 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Musique Parents\Application Data\XnView
[2010/01/23 15:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\Nikon
[2011/05/25 17:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\Notepad++
[2011/09/19 18:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\PriceGong
[2011/01/31 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\Research In Motion
[2009/12/21 20:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\Thunderbird
[2010/12/08 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\Voxmobili
[2012/02/11 10:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Photos\Application Data\XnView
[2010/02/16 21:26:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1258316785.job
[2012/03/11 11:23:59 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1CE4B8C-D266-4F57-B450-2084C45A185B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 04:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2008/04/14 04:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/06/15 05:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\dell\L\E64\E64\xp\x64\Storage\R190230\IaStor.sys
[2008/08/07 19:55:42 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\dell\L\E64\E64\xp\x86\storage\R190228\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 04:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> D:\Mes donnees de Eric\Truite Olivier Dourbie Ouverture 2011.jpg:Roxio EMC Stream

< End of report >
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 11 Mar 2012, 13:11

Voici le fichier Extras.txt :

OTL Extras logfile created on: 11/03/2012 12:06:10 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\ITK\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 73,16% Memory free
5,09 Gb Paging File | 4,33 Gb Available in Paging File | 85,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 14,03 Gb Free Space | 28,74% Space Free | Partition Type: NTFS
Drive D: | 184,00 Gb Total Space | 116,36 Gb Free Space | 63,24% Space Free | Partition Type: NTFS
Drive F: | 698,64 Gb Total Space | 456,90 Gb Free Space | 65,40% Space Free | Partition Type: NTFS

Computer Name: ITK-1W8QH4J | User Name: ITK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" /S
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Program Files\xnview\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"80:TCP" = 80:TCP:*:Enabled:Services
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06F30E79-6D8D-7B2A-4B9C-66FF5A78FE1B}" = CCC Help English
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0E6D211D-9B53-6FB1-1D95-95C1DD651189}" = CCC Help Chinese Standard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{10790A43-85B5-BD1C-3502-84560381254E}" = CCC Help German
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18EC38C6-C283-D282-0B0C-E3EBA142842B}" = Catalyst Control Center Localization Chinese Traditional
"{1BF36333-A7A9-7189-2EC6-0B38C70DFF84}" = CCC Help Spanish
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1EFF9C59-B268-7E13-60D2-72AC6EB60B37}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{283A9F32-0124-79AA-4413-ABA2275798CF}" = CCC Help French
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29973858-40CA-EDF6-E22C-5D423EAF8228}" = ccc-utility
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD5FFAD-D589-A4F5-834F-F1E85E631FA8}" = Skins
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5F4F4A07-988E-5469-DC85-59D29B8DA1D0}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6984FCC4-F27C-6D3E-E0C9-5F0552A08630}" = Catalyst Control Center Localization Korean
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{77756C02-FC99-0265-5353-A33864CE2095}" = CCC Help Korean
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B4A30D7-64AF-78AC-357A-9C460BFE52D0}" = ccc-core-static
"{7B5ACAF8-E4B3-438D-8DCB-1E7D1C973FE1}" = PowerArchiver 2009 French
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7DDB04CC-3AE1-2532-3F57-8C79138E6D6E}" = Catalyst Control Center Graphics Light
"{843E01B3-3EB4-7045-0E41-004E8BF9633C}" = CCC Help Italian
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC96CF8-91FA-853B-39E8-9F6DA2E8B13F}" = Catalyst Control Center Graphics Full Existing
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{18D2B99B-A897-4F3C-937E-3ADFEF1C3628}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CF5018-4F76-B1A3-86CB-F6D67107C1CF}" = Catalyst Control Center Localization French
"{98212D73-51E4-9AAE-8DCE-BF6D4C5C04C6}" = Catalyst Control Center Graphics Previews Common
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9A95B003-AF14-41F0-9494-FA602CBDC591}" = Polar Precision Performance SW - Outdoor Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E6430B3-3614-7943-69CE-BBA1E978E10E}" = Catalyst Control Center Localization German
"{9EED4D8D-AA01-B66B-C162-250DAF47B67A}" = Catalyst Control Center Localization Portuguese
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4DCAA77-151D-4CE9-8D79-E4ADB48031A2}" = PC Sync
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Français
"{AC8BF924-E947-77C9-96D5-3BBBF153EF75}" = Catalyst Control Center Localization Turkish
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B3104D48-EFB1-07BC-3D40-512CB53FEF4D}" = CCC Help Hungarian
"{B65FA8F4-D555-4599-BBDB-4B36A4239202}_is1" = Calme 2010.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9C1557E-5CC3-1D87-90A1-851A1093C5A9}" = Catalyst Control Center Graphics Full New
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = Logiciel de Synchronisation Orange
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CA12E98B-15E6-9F41-9B2C-5635FC409767}" = Catalyst Control Center Localization Chinese Standard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDA21FEB-3F3A-4B08-9631-614FD4CC3F4E}" = COSMOSMotion 2007 SP0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{D20F7915-0BAF-4519-9F70-D4B04BBE6EE9}" = Polar
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6DBF4F7-A4DE-F833-6FF5-9F1C381BF1E7}" = Catalyst Control Center Localization Spanish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E364DC-DC11-4264-97B7-EB5E79E2C6FA}" = Catalyst Control Center Core Implementation
"{DC70B62C-8994-4BAD-8242-44DD5524E82F}" = CCC Help Chinese Traditional
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE29C3F9-FB5A-4D4C-B6C0-2F4A258C1034}" = EBP Business Plan 2012 Edition PME 9.0
"{E15307BF-441D-CDE2-7013-12571D685992}" = Catalyst Control Center Localization Japanese
"{E18D340A-C15E-47A9-9864-425352715150}" = Prévisionnel
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E55BC067-9378-1264-D35B-36D5BCA2AF6B}" = Catalyst Control Center Localization Hungarian
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11E0BBC-5CB9-4D64-A942-6B64043BED97}" = BlackBerry Desktop Software 5.0.1
"{F3FE8DFB-9BC7-0C74-0AAC-B3BF93E3C06C}" = CCC Help Japanese
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F83F7D0F-7D8B-5BCC-E677-759904D5C85D}" = Catalyst Control Center Localization Italian
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB79D8DC-3DAD-C8A4-F48B-38317E482F6D}" = ccc-core-preinstall
"{FE87C7E9-6B45-4EC7-A020-8E925BBCC8AB}" = Polar AXN Demos
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{F11E0BBC-5CB9-4D64-A942-6B64043BED97}" = BlackBerry Desktop Software 5.0.1
"Capture NX" = Capture NX
"CheckListe" = CheckListe
"Click'N Design 3D for AfterBurner(tm) (V5)" = Click'N Design 3D for AfterBurner(tm) (V5)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"EBP Business Plan 2012 Edition PME 9.0" = EBP Business Plan 2012 Edition PME 9.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"ERUNT_is1" = ERUNT 1.1j
"FrontPage Express 2.02" = FrontPage Express 2.02
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP PSC 1200 Series" = Photo et imagerie HP 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 10.0.2 (x86 fr)" = Mozilla Firefox 10.0.2 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nikon FotoShare" = Nikon FotoShare
"Notepad++" = Notepad++
"Photo Viewer" = Photo Viewer 2.25
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SmartPCRecorder" = Smart PC Recorder - by freebird
"TerraExplorer" = TerraExplorer
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96.1
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2659001445-3422841640-1584887093-1037\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2012 21:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 10/03/2012 22:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 10/03/2012 23:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 00:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 01:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 02:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 03:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 04:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 05:30:10 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

Error - 11/03/2012 06:30:14 | Computer Name = ITK-1W8QH4J | Source = SescLU | ID = 13
Description =

[ OSession Events ]
Error - 12/02/2010 13:00:49 | Computer Name = ITK-1W8QH4J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6700
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 23/06/2010 03:48:29 | Computer Name = ITK-1W8QH4J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 176178
seconds with 27000 seconds of active time. This session ended with a crash.

Error - 25/07/2010 16:48:47 | Computer Name = ITK-1W8QH4J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 286439
seconds with 2340 seconds of active time. This session ended with a crash.

Error - 18/09/2010 05:15:42 | Computer Name = ITK-1W8QH4J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7469
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 15/06/2011 16:42:10 | Computer Name = ITK-1W8QH4J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 125810
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/03/2012 14:08:02 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7000
Description = Le service Intel Targeted Multicast n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 07/03/2012 14:08:02 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.

Error - 08/03/2012 08:05:00 | Computer Name = ITK-1W8QH4J | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.5.100 pour la carte réseau dont l'adresse
réseau est 0018F8306FDB a été refusé par le serveur DHCP 78.251.127.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 08/03/2012 08:07:00 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7000
Description = Le service Intel Targeted Multicast n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 08/03/2012 08:07:00 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.

Error - 09/03/2012 13:09:53 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7000
Description = Le service Intel Targeted Multicast n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 09/03/2012 13:09:53 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.

Error - 10/03/2012 07:05:41 | Computer Name = ITK-1W8QH4J | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.5.100 pour la carte réseau dont l'adresse
réseau est 0018F8306FDB a été refusé par le serveur DHCP 78.251.127.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 10/03/2012 07:07:28 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7000
Description = Le service Intel Targeted Multicast n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 10/03/2012 07:07:28 | Computer Name = ITK-1W8QH4J | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.


< End of report >
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede nickW » 11 Mar 2012, 20:31

Bonjour,

Peux-tu confirmer que ce n'est pas le processus habituel:
http://www.visa.fr/les-innovations-visa ... train.aspx


Peux-tu envoyer une copie d'écran de ce "pop-up"?
(Pour joindre une image dans un message, tout est expliqué dans ce message et le suivant)


Quel est le "site marchand" concerné?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 11 Mar 2012, 22:24

Je vous confirme que ce n'est pas le processus habituel. Immédiatement je ne peux vous envoyer une copie d'écran.
Ca m'est arrivé hier sur le site : https://www.spplus.net/paiement/saisieBancaire.do
Je finalisais l'achat de ma carte de pèche :D, du coup j'ai été obligé d'utiliser un autre ordinateur. En fait ça m'étais déjà arrivé avec le site voyages-sncf.fr
Merci de votre aide.
Eric
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 12 Mar 2012, 21:44

NickW, la chance est avec moi. Je viens de faire un achat qui ne m'a posé aucun problème, puis j'ai essayé d'en faire un deuxième qui m'a fait de nouveau apparaitre le "pishing" Visa verified. Voici en fichier .jpg attaché les copies d'écran.
Merci pour votre aide. Cordialement,
Eric
Fichiers joints
Pseudo Visa Verified.jpg
Pseudo Visa Verified.jpg (49.48 Kio) Vu 9358 fois
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede nickW » 13 Mar 2012, 23:37

Bonsoir,

Les images sont bien trop petites pour que je puisse les étudier.


Je ne vois rien de très méchant dans les rapports d'analyse (un logiciel publicitaire, alias adware, à confirmer par l'analyse ci-dessous).
As-tu vérifié si Symantec Endpoint Protection (fonction pare-feu) avait enregistré les paramètres de cette connexion inattendue?


Normalement, cette fenêtre "Verified by Visa" est envoyée par ta banque.
Les as-tu contactés pour leur demander des explications?




Recherche de logiciels publicitaires:

Étape 1: AdwCleaner (de Xplode), téléchargement
Télécharger AdwCleaner depuis la page ci-dessous:
http://general-changelog-team.fr/telech ... adwcleaner
Enregistrer le fichier adwcleaner.exe sur le Bureau.


Étape 2: AdwCleaner (de Xplode), analyse
Faire un double clic sur adwcleaner.exe pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 14 Mar 2012, 14:06

nickW,
Merci de prendre du temps pour mon problème.

La fenêtre, imitant le contrôle Visa, qui popup est bien une forme de virus. En effet elle est différente de la fenêtre classique et surtout elle demande le pin number de la carte. Une fois les champs remplis (i.e. avec des infos plausibles) une deuxième fenêtre pop up et demande d'autres informations plus générales (i.e. Id, adresse, etc.). Bref il n'y a aucun doute.

La difficulté est triple :
1) ça ne le fait pas toujours, du coup je m'étais demandé si ce n'était pas "accroché" au site web visité. Cependant compte-tenu des sites concernés (i.e. SNCF) j'en doute ;
2 ça le fait plus facilement avec Mozilla qu'avec IE ???
3) je n'ai pas trouver de solutions pour fermer ces fenêtres autrement qu'en remplissant les champs avec des données plausibles et/ou en me déconnectant. La fenêtre ne peut pas être fermée contrairement à d'autres "pishing".

Je n'arrive pas à mettre à jour la base virale de Symantec Endpoint Protection. Il me dit qu'il ne trouve pas le PROXI alors que je n'ai pas de PROXI... est-ce lié ? Par ailleurs il ne détecte rien.

Je vais faire tourner AdwCleaner et je vous posterais le rapport d'analyse.

Cordialement,

Eric
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Re: Virus imitant un controle de carte Visa

Messagede Eric 34 » 14 Mar 2012, 14:09

nickW, Voici le rapport AdwCleaner :

# AdwCleaner v1.501 - Rapport créé le 14/03/2012 à 14:08:11
# Mis à jour le 04/03/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : ITK - ITK-1W8QH4J
# Exécuté depuis : C:\Documents and Settings\ITK\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\ITK\Application Data\PriceGong
Dossier Présent : C:\Documents and Settings\ITK\Local Settings\Application Data\Conduit
Dossier Présent : C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\Conduit
Dossier Présent : C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\ConduitCommon
Fichier Présent : C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\searchplugins\Conduit.xml

***** [H. Navipromo] *****


***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2542115
Clé Présente : HKCU\Software\PriceGong
Clé Présente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v10.0.2 (fr)

Profil : buf9uk7v.default
Fichier : C:\Documents and Settings\ITK\Application Data\Mozilla\Firefox\Profiles\buf9uk7v.default\prefs.js

Présente : user_pref("CT2542115..clientLogIsEnabled", true);
Présente : user_pref("CT2542115..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Présente : user_pref("CT2542115..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Présente : user_pref("CT2542115.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Présente : user_pref("CT2542115.AppTrackingLastCheckTime", "Thu Oct 20 2011 22:32:41 GMT+0200");
Présente : user_pref("CT2542115.CTID", "CT2542115");
Présente : user_pref("CT2542115.CurrentServerDate", "8-11-2011");
Présente : user_pref("CT2542115.DialogsAlignMode", "LTR");
Présente : user_pref("CT2542115.DialogsGetterLastCheckTime", "Tue Nov 08 2011 20:59:51 GMT+0100");
Présente : user_pref("CT2542115.DownloadReferralCookieData", "");
Présente : user_pref("CT2542115.EMailNotifierPollDate", "Sun Oct 09 2011 22:53:06 GMT+0200");
Présente : user_pref("CT2542115.FeedLastCount3702671119025834822", 884);
Présente : user_pref("CT2542115.FeedPollDate1154579606993571455", "Sun Oct 09 2011 22:48:06 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607031076616", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607120332248", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607120463320", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607120528856", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607120594392", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607120659928", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607254614839", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579607731405437", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608231640385", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608467137450", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608468016907", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608628136389", "Sun Oct 09 2011 22:48:06 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608675890832", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579608833656362", "Sun Oct 09 2011 22:48:06 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579609299927420", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579609521108563", "Sun Oct 09 2011 22:48:07 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579609576983218", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579610226745907", "Sun Oct 09 2011 22:48:06 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579610508907107", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate1154579610709294640", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915761", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915767", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915773", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915779", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915785", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915791", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915797", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915803", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915809", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915815", "Thu Mar 31 2011 22:23:39 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915821", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915827", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915833", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915839", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915845", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915851", "Thu Mar 31 2011 22:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915857", "Thu Mar 31 2011 20:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915863", "Thu Mar 31 2011 20:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915869", "Thu Mar 31 2011 20:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915875", "Thu Mar 31 2011 20:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedPollDate129255209834915881", "Thu Mar 31 2011 20:23:40 GMT+0200");
Présente : user_pref("CT2542115.FeedTTL1154579606993571455", 5);
Présente : user_pref("CT2542115.FeedTTL1154579607731405437", 2);
Présente : user_pref("CT2542115.FeedTTL1154579608468016907", 30);
Présente : user_pref("CT2542115.FeedTTL1154579608675890832", 2);
Présente : user_pref("CT2542115.FeedTTL1154579608833656362", 5);
Présente : user_pref("CT2542115.FeedTTL1154579609521108563", 5);
Présente : user_pref("CT2542115.FeedTTL1154579609576983218", 15);
Présente : user_pref("CT2542115.FeedTTL1154579610508907107", 5);
Présente : user_pref("CT2542115.FeedTTL1154579610709294640", 2);
Présente : user_pref("CT2542115.FeedTTL129255209834915761", 2);
Présente : user_pref("CT2542115.FeedTTL129255209834915767", 2);
Présente : user_pref("CT2542115.FeedTTL129255209834915773", 2);
Présente : user_pref("CT2542115.FeedTTL129255209834915785", 2);
Présente : user_pref("CT2542115.FeedTTL129255209834915791", 30);
Présente : user_pref("CT2542115.FeedTTL129255209834915809", 5);
Présente : user_pref("CT2542115.FeedTTL129255209834915815", 5);
Présente : user_pref("CT2542115.FeedTTL129255209834915821", 5);
Présente : user_pref("CT2542115.FeedTTL129255209834915839", 5);
Présente : user_pref("CT2542115.FirstServerDate", "23-1-2011");
Présente : user_pref("CT2542115.FirstTime", true);
Présente : user_pref("CT2542115.FirstTimeFF3", true);
Présente : user_pref("CT2542115.FixPageNotFoundErrors", true);
Présente : user_pref("CT2542115.GroupingServerCheckInterval", 1440);
Présente : user_pref("CT2542115.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Présente : user_pref("CT2542115.HasUserGlobalKeys", true);
Présente : user_pref("CT2542115.HomePageProtectorEnabled", false);
Présente : user_pref("CT2542115.Initialize", true);
Présente : user_pref("CT2542115.InitializeCommonPrefs", true);
Présente : user_pref("CT2542115.InstallationAndCookieDataSentCount", 3);
Présente : user_pref("CT2542115.InstallationId", "Unknown");
Présente : user_pref("CT2542115.InstallationType", "ExternalIntegration");
Présente : user_pref("CT2542115.InstalledDate", "Sun Jan 23 2011 13:14:19 GMT+0100");
Présente : user_pref("CT2542115.InvalidateCache", false);
Présente : user_pref("CT2542115.IsAlertDBUpdated", true);
Présente : user_pref("CT2542115.IsGrouping", false);
Présente : user_pref("CT2542115.IsMulticommunity", false);
Présente : user_pref("CT2542115.IsOpenThankYouPage", false);
Présente : user_pref("CT2542115.IsOpenUninstallPage", true);
Présente : user_pref("CT2542115.LanguagePackLastCheckTime", "Tue Nov 08 2011 20:59:50 GMT+0100");
Présente : user_pref("CT2542115.LanguagePackReloadIntervalMM", 1440);
Présente : user_pref("CT2542115.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Présente : user_pref("CT2542115.LastLogin_3.2.5.2", "Thu Jul 28 2011 20:56:56 GMT+0200");
Présente : user_pref("CT2542115.LastLogin_3.6.0.10", "Sun Sep 11 2011 22:34:23 GMT+0200");
Présente : user_pref("CT2542115.LastLogin_3.7.0.6", "Tue Nov 08 2011 20:59:49 GMT+0100");
Présente : user_pref("CT2542115.LatestVersion", "3.8.0.8");
Présente : user_pref("CT2542115.Locale", "fr-fr");
Présente : user_pref("CT2542115.MCDetectTooltipHeight", "83");
Présente : user_pref("CT2542115.MCDetectTooltipShow", false);
Présente : user_pref("CT2542115.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Présente : user_pref("CT2542115.MCDetectTooltipWidth", "295");
Présente : user_pref("CT2542115.MyStuffEnabledAtInstallation", true);
Présente : user_pref("CT2542115.RadioIsPodcast", false);
Présente : user_pref("CT2542115.RadioLastCheckTime", "Sun Oct 09 2011 22:48:05 GMT+0200");
Présente : user_pref("CT2542115.RadioLastUpdateIPServer", "3");
Présente : user_pref("CT2542115.RadioLastUpdateServer", "3");
Présente : user_pref("CT2542115.RadioMediaID", "9962");
Présente : user_pref("CT2542115.RadioMediaType", "Media Player");
Présente : user_pref("CT2542115.RadioMenuSelectedID", "EBRadioMenu_CT25421159962");
Présente : user_pref("CT2542115.RadioShrinkedFromSetup", false);
Présente : user_pref("CT2542115.RadioStationName", "California%20Rock");
Présente : user_pref("CT2542115.RadioStationURL", "hxxp://feedlive.net/california.asx");
Présente : user_pref("CT2542115.SHRINK_TOOLBAR", 1);
Présente : user_pref("CT2542115.SavedHomepage", "hxxp://www.google.com");
Présente : user_pref("CT2542115.SearchBoxWidth", 269);
Présente : user_pref("CT2542115.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Présente : user_pref("CT2542115.SearchFromAddressBarIsInit", true);
Présente : user_pref("CT2542115.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254[...]
Présente : user_pref("CT2542115.SearchInNewTabEnabled", true);
Présente : user_pref("CT2542115.SearchInNewTabIntervalMM", 1440);
Présente : user_pref("CT2542115.SearchInNewTabLastCheckTime", "Tue Nov 08 2011 20:59:47 GMT+0100");
Présente : user_pref("CT2542115.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Présente : user_pref("CT2542115.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Présente : user_pref("CT2542115.SearchInNewTabUserEnabled", false);
Présente : user_pref("CT2542115.SearchProtectorEnabled", false);
Présente : user_pref("CT2542115.SearchProtectorToolbarDisabled", false);
Présente : user_pref("CT2542115.ServiceMapLastCheckTime", "Tue Nov 08 2011 20:59:49 GMT+0100");
Présente : user_pref("CT2542115.SettingsLastCheckTime", "Tue Nov 08 2011 20:59:47 GMT+0100");
Présente : user_pref("CT2542115.SettingsLastUpdate", "1320309692");
Présente : user_pref("CT2542115.ThirdPartyComponentsInterval", 504);
Présente : user_pref("CT2542115.ThirdPartyComponentsLastCheck", "Tue Nov 01 2011 20:34:04 GMT+0100");
Présente : user_pref("CT2542115.ThirdPartyComponentsLastUpdate", "1255348267");
Présente : user_pref("CT2542115.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2542115");
Présente : user_pref("CT2542115.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Présente : user_pref("CT2542115.UserID", "UN45751940281039705");
Présente : user_pref("CT2542115.ValidationData_Search", 2);
Présente : user_pref("CT2542115.ValidationData_Toolbar", 2);
Présente : user_pref("CT2542115.WeatherNetwork", "");
Présente : user_pref("CT2542115.WeatherPollDate", "Sun Oct 09 2011 22:48:06 GMT+0200");
Présente : user_pref("CT2542115.WeatherUnit", "C");
Présente : user_pref("CT2542115.alertChannelId", "935078");
Présente : user_pref("CT2542115.approveUntrustedApps", false);
Présente : user_pref("CT2542115.backendstorage._fb_dailyactivity", "31333032343634303933333535");
Présente : user_pref("CT2542115.backendstorage._fb_lifetimesent", "54525545");
Présente : user_pref("CT2542115.backendstorage.ct2542115ads1", "25374225323261647325323225334125354225374225323[...]
Présente : user_pref("CT2542115.backendstorage.ct2542115current_term", "676D61696C");
Présente : user_pref("CT2542115.backendstorage.ct2542115sdate", "39");
Présente : user_pref("CT2542115.backendstorage.facebook_ctid_connect_send", "73656E646564");
Présente : user_pref("CT2542115.backendstorage.fb_dailyactivity", "31333033343937313830393534");
Présente : user_pref("CT2542115.backendstorage.fb_lifetimesent", "54525545");
Présente : user_pref("CT2542115.backendstorage.for_aoi", "31333035393934343130");
Présente : user_pref("CT2542115.backendstorage.for_ccid", "4D6F6E7470656C6C696572");
Présente : user_pref("CT2542115.backendstorage.for_cdtr2", "31333035393934343135");
Présente : user_pref("CT2542115.backendstorage.for_cdtr5", "31333035393934343130");
Présente : user_pref("CT2542115.backendstorage.for_cdtr6", "31333135363737323431");
Présente : user_pref("CT2542115.backendstorage.for_cid", "4652");
Présente : user_pref("CT2542115.backendstorage.for_ip", "39322E3130322E39362E3736");
Présente : user_pref("CT2542115.backendstorage.for_lcut", "31333138313933323931");
Présente : user_pref("CT2542115.backendstorage.for_pid", "31303130");
Présente : user_pref("CT2542115.backendstorage.for_rid", "4139");
Présente : user_pref("CT2542115.backendstorage.for_zoneid", "39353932");
Présente : user_pref("CT2542115.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "376566626365336439623737[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "393233353662653262636238[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "393233353662653262636238[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "646261633666353039343161[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "393233353662653262636238[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "393233353662653262636238[...]
Présente : user_pref("CT2542115.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3932333536626532626362383[...]
Présente : user_pref("CT2542115.backendstorage.ytapp_dailyactivity", "31333035313739373132333131");
Présente : user_pref("CT2542115.backendstorage.ytapp_lifetimesent", "54525545");
Présente : user_pref("CT2542115.components.1000034", false);
Présente : user_pref("CT2542115.components.1000082", false);
Présente : user_pref("CT2542115.components.1000234", false);
Présente : user_pref("CT2542115.components.129112212600933761", false);
Présente : user_pref("CT2542115.components.129408243997825547", false);
Présente : user_pref("CT2542115.components.129460316972943811", false);
Présente : user_pref("CT2542115.components.129460316973256312", false);
Présente : user_pref("CT2542115.components.129460316974818815", false);
Présente : user_pref("CT2542115.components.129460317312788386", false);
Présente : user_pref("CT2542115.components.129502738556031799", false);
Présente : user_pref("CT2542115.components.129530554216906936", false);
Présente : user_pref("CT2542115.components.129530554349103424", false);
Présente : user_pref("CT2542115.components.3702671119025834822", false);
Présente : user_pref("CT2542115.components.4878870923213707553", false);
Présente : user_pref("CT2542115.components.7075780752558566161", false);
Présente : user_pref("CT2542115.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Présente : user_pref("CT2542115.globalFirstTimeInfoLastCheckTime", "Tue Nov 08 2011 20:59:51 GMT+0100");
Présente : user_pref("CT2542115.homepageProtectorEnableByLogin", true);
Présente : user_pref("CT2542115.initDone", true);
Présente : user_pref("CT2542115.isAppTrackingManagerOn", true);
Présente : user_pref("CT2542115.isFirstRadioInstallation", false);
Présente : user_pref("CT2542115.myStuffEnabled", true);
Présente : user_pref("CT2542115.myStuffPublihserMinWidth", 400);
Présente : user_pref("CT2542115.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Présente : user_pref("CT2542115.myStuffServiceIntervalMM", 1440);
Présente : user_pref("CT2542115.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Présente : user_pref("CT2542115.oldAppsList", "129112212599528487,129112212600153496,111,129460317312788386,129[...]
Présente : user_pref("CT2542115.revertSettingsEnabled", true);
Présente : user_pref("CT2542115.searchProtectorDialogDelayInSec", 10);
Présente : user_pref("CT2542115.searchProtectorEnableByLogin", true);
Présente : user_pref("CT2542115.testingCtid", "");
Présente : user_pref("CT2542115.toolbarAppMetaDataLastCheckTime", "Tue Nov 08 2011 20:59:50 GMT+0100");
Présente : user_pref("CT2542115.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 20:34:09 GMT+0100");
Présente : user_pref("CT2542115.usageEnabled", false);
Présente : user_pref("CT2542115.usagesFlag", 2);
Présente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/FR", "\"0\"")[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /930862/FR", "\"1-206[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2542115", [...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.6.[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.7.[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2542115",[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63447123010783[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "63[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=1/11/20[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=2/17/20[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=2/22/20[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=3/13/20[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 115&octid=[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2542115[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softo ... 351374.xml", "\"0331f[...]
Présente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... cale=fr-fr", "\"[...]
Présente : user_pref("CommunityToolbar.EngineOwner", "");
Présente : user_pref("CommunityToolbar.EngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");
Présente : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_france");
Présente : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Présente : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\ITK\\Application D[...]
Présente : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Présente : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2542115");
Présente : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");
Présente : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_france");
Présente : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?mkt=[...]
Présente : user_pref("CommunityToolbar.ToolbarsList", "CT2542115");
Présente : user_pref("CommunityToolbar.ToolbarsList2", "CT2542115");
Présente : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Présente : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 29 2011 00:14:39 GMT+0200");
Présente : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Présente : user_pref("CommunityToolbar.alert.locale", "en");
Présente : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Présente : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 29 2011 00:14:39 GMT+0200");
Présente : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Présente : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Présente : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Présente : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Présente : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Présente : user_pref("CommunityToolbar.alert.userId", "61ffdeb4-a1d0-4d00-abee-edb652c37b3f");
Présente : user_pref("CommunityToolbar.globalUserId", "0c3f5964-6697-47dd-8de1-78ee4b9e48f5");
Présente : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Présente : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Présente : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2542115");
Présente : user_pref("CommunityToolbar.killedEngine", true);
Présente : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 08 2011 20:59:4[...]
Présente : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Présente : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Nov 08 2011 20:59:57 GMT+010[...]
Présente : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Présente : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Présente : user_pref("CommunityToolbar.notifications.locale", "en");
Présente : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Présente : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 08 2011 20:59:49 GMT+0100");
Présente : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Présente : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Présente : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Présente : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Présente : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Présente : user_pref("CommunityToolbar.notifications.userId", "b87529d8-4c1a-43ec-98fc-d49f1a76809f");
Présente : user_pref("CommunityToolbar.undefined", "");
Présente : user_pref("browser.search.defaultthis.engineName", "Softonic_France Customized Web Search");
Présente : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&Sea[...]
Présente : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,jqs@sun.com:1.0,[...]

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Documents and Settings\ITK\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [26470 octets] - [14/03/2012 14:08:11]

########## EOF - C:\AdwCleaner[R1].txt - [26599 octets] ##########
Eric 34
 
Messages: 9
Inscription: 11 Mar 2012, 12:44

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 48 invités