S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
1233 utilisateurs connectés
Forum de 01net / Sécurité / supprimer dialer.exe et ltin.exe

supprimer dialer.exe et ltin.exe

SofBof le 20 mai 2009 à 16h14
Bonjour,

je lance un appel au secours !

Deux trucs se sont installés sur mon pc : "dialer.exe" et "ltin.exe", avec une fenêtre qui s'ouvre sans arrêt. Ceci en cliquant sur un lien dans une fenêtre msn d'une amie (qui n'en sera plus une si je ne règle pas ce problème rapidement). Elle dit n'y être pour rien, mais je n'ai pas confiance.

Je ne sais pas comment supprimer ces choses là, qui resortent toutes seules de la corbeille comme des grandes.

Etant donné que je m'y connais aussi bien en informatique qu'une créature préhistorique tout juste décongelée, je fais appel à votre dévouement, et euh à votre patience.

Merci par avance !

Sof'
répondre
Curson le 20 mai 2009 à 16h46
Bonjour,

Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
SofBof le 20 mai 2009 à 16h50
C'est chose faite. Vala le rapport en question !

Merci de votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:05, on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msnmsgrss.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\logiciels\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "D:\logiciels\Satsuki\filtres\qt\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\LOGICI~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6944 bytes
répondre
Curson le 20 mai 2009 à 16h55
Ton système est en effet infecté.
Désactive tes logiciels de sécurité durant la procédure.

Télécharge OTViewIt de OldTimer sur ton bureau.

- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
SofBof le 20 mai 2009 à 17h01
Ah, je le savais !!

Voilà le premier rapport.

OTViewIt logfile created on: 20/05/2009 16:59:21 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 101,59 Mb Available Physical Memory | 19,86% Memory free
1,47 Gb Paging File | 0,97 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,72 Gb Total Space | 0,87 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
Drive D: | 140,94 Gb Total Space | 64,70 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SYLVER
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/05 08:21:36 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004/06/03 20:51:54 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/05/20 05:49:18 | 00,046,130 | RHS- | M] () -- C:\WINDOWS\msnmsgrss.exe
[2007/01/04 15:33:48 | 02,117,632 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/03/30 21:25:55 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2005/09/19 17:00:00 | 00,057,407 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC4RPK.EXE
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/05/20 16:59:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/05 08:21:36 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/09 07:41:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2008/03/30 21:25:55 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/14 03:54:29 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2008/03/30 21:25:55 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
[2000/07/24 02:01:00 | 00,019,537 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar [Auto | Running])
[2002/08/13 15:27:22 | 00,074,338 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc [On_Demand | Running])
[2008/04/13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2009/01/15 22:41:38 | 00,010,976 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt [On_Demand | Stopped])
[2009/01/15 22:41:38 | 00,022,368 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc [On_Demand | Stopped])
[2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2008/03/30 21:25:55 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/05/25 15:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])
[2004/05/25 15:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
[2004/04/02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2007/09/07 13:53:48 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5 [On_Demand | Stopped])
[2001/10/03 01:21:12 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/01 00:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/05/16 15:15:58 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/05/16 15:23:38 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2006/01/12 12:56:56 | 00,102,528 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (si3112r [Boot | Running])
[2004/11/01 12:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2002/10/17 15:14:46 | 00,049,024 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot | Running])
[2002/08/20 17:19:08 | 00,009,472 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
[2004/11/01 12:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc [Boot | Running])
[2007/06/09 10:35:41 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 20:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2008/03/27 17:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2001/10/03 01:21:42 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.fr/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{16664845-0E00-11D2-8059-000000000000} (HKLM) -- C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll (ReGet Software)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{17939A30-18E2-471E-9D3A-56DD725F1215}" (HKLM) -- C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="D:\logiciels\Satsuki\filtres\qt\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="D:\logiciels\Java\jre1.6.0_01\bin\jusched.exe" File not found
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found
"Windows UDP Control Center"=msnmsgrss.exe ()

========== (O4) Startup Folders ==========

[2007/01/04 15:33:48 | 02,117,632 | ---- | M] (PIXELA CORPORATION) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ImageMixer HDD Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=95 00 00 00 [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Télécharger avec Re&Get Deluxe: C:\Program Files\Fichiers communs\ReGet Shared\cc_link.htm [2007/07/18 23:53:28 | 00,002,169 | ---- | M] ()
Tous Télécharger par ReGet Deluxe: C:\Program Files\Fichiers communs\ReGet Shared\cc_all.htm [2007/07/18 23:53:28 | 00,000,803 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- D:\logiciels\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 04:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 04:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 04:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}: http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{2E81A6A0-1275-44DA-A8E7-843BF206268E} (Servers: | Description: Carte réseau 1394)
{6D51F1DB-ADC6-4E99-AD9B-AAFA8D3B0BCE} (Servers: | Description: Point d'acces Inventel)
{CC435F2B-4B38-45FE-A689-9AE8D18D7D6D} (Servers: | Description: 3Com 3C920B-EMB Integrated Fast Ethernet Controller)
{D7972E87-C7F6-4914-8717-EE6A3ECEA2DD} (Servers: | Description: Point d'acces Inventel)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{16664848-0E00-11D2-8059-000000000000}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/03/31 09:30:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39bd497e-237f-11de-a586-00265414f658}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39bd497e-237f-11de-a586-00265414f658}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{609d83e2-8a64-11dd-a418-00265414f658}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{609d83e2-8a64-11dd-a418-00265414f658}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e03f26e4-df72-11db-ae2a-806d6172696f}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e03f26e4-df72-11db-ae2a-806d6172696f}\Shell\AutoRun\command]
""=E:\Bin\asusqfe.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/20 16:58:42 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTViewIt.exe
[2009/05/20 16:49:54 | 00,000,291 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\HijackThis.lnk
[2009/05/20 16:49:53 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2009/05/20 16:48:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Laurent\Bureau\HJTInstall.exe
[2009/05/20 16:01:45 | 00,002,314 | ---- | C] () -- C:\ltin.exe
[2009/05/20 16:00:25 | 00,002,314 | ---- | C] () -- C:\dialer.exe
[2009/05/20 15:16:13 | 00,046,130 | RHS- | C] () -- C:\WINDOWS\msnmsgrss.exe
[2009/05/18 23:16:52 | 02,476,860 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\Les p.docx
[2009/05/18 23:16:45 | 00,357,625 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\Modes deplacement PS.pdf
[2009/05/18 23:15:20 | 00,213,866 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\heureux.docx
[2009/05/18 22:34:34 | 00,390,939 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\jardin cahier de vie.docx
[2009/05/18 12:06:15 | 00,023,241 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\La France dans la mondialisation N.docx
[2009/05/16 21:46:46 | 00,042,161 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\KD453_03.jpg
[2009/05/16 21:46:30 | 00,039,739 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\K1G1238H.jpg
[2009/05/09 09:55:07 | 00,182,586 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\travailler-au-jardin-t9605.jpg
[2009/05/09 09:39:15 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Laurent\Mes documents\~$rnet de bord.docx
[2009/05/08 19:25:10 | 00,012,501 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\Carnet de bord.docx
[2009/05/08 16:35:13 | 00,013,265 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\fichemodelems.docx
[2009/05/06 07:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laurent\Bureau\photos recentes
[2009/05/04 12:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laurent\Mes documents\période+4
[2009/05/04 12:40:52 | 00,112,129 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\période+4...rar
[2009/05/03 20:55:11 | 00,000,906 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\Dreamweaver.lnk
[2009/05/03 11:06:16 | 00,897,412 | ---- | C] () -- C:\Documents and Settings\Laurent\Mes documents\images jeux emmy.docx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/05/20 16:59:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTViewIt.exe
[2009/05/20 16:49:54 | 00,000,291 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\HijackThis.lnk
[2009/05/20 16:49:53 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2009/05/20 16:49:00 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Laurent\Bureau\HJTInstall.exe
[2009/05/20 16:01:45 | 00,002,314 | ---- | M] () -- C:\ltin.exe
[2009/05/20 16:00:25 | 00,002,314 | ---- | M] () -- C:\dialer.exe
[2009/05/20 15:57:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/20 15:57:16 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/20 15:57:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 15:57:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 15:31:30 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/20 05:49:18 | 00,046,130 | RHS- | M] () -- C:\WINDOWS\msnmsgrss.exe
[2009/05/18 23:16:56 | 02,476,860 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\Les p.docx
[2009/05/18 23:15:20 | 00,213,866 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\heureux.docx
[2009/05/18 22:34:35 | 00,390,939 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\jardin cahier de vie.docx
[2009/05/18 22:18:03 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/18 22:18:02 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Laurent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 12:06:24 | 00,023,241 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\La France dans la mondialisation N.docx
[2009/05/18 09:53:18 | 00,258,560 | -HS- | M] () -- C:\Documents and Settings\Laurent\Bureau\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Laurent\Bureau\Thumbs.db:encryptable
[2009/05/16 21:46:07 | 00,039,739 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\K1G1238H.jpg
[2009/05/16 21:45:47 | 00,042,161 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\KD453_03.jpg
[2009/05/09 09:50:57 | 00,182,586 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\travailler-au-jardin-t9605.jpg
[2009/05/09 09:40:04 | 00,012,501 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\Carnet de bord.docx
[2009/05/09 09:39:15 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Laurent\Mes documents\~$rnet de bord.docx
[2009/05/08 16:40:30 | 00,013,265 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\fichemodelems.docx
[2009/05/07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/04 12:40:53 | 00,112,129 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\période+4...rar
[2009/05/03 20:55:11 | 00,000,906 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\Dreamweaver.lnk
[2009/05/03 12:17:12 | 00,897,412 | ---- | M] () -- C:\Documents and Settings\Laurent\Mes documents\images jeux emmy.docx
[2009/04/23 21:42:37 | 00,058,416 | ---- | M] () -- C:\Documents and Settings\Laurent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
< End of report >

:D Voilà le second.

OTViewIt Extras logfile created on: 20/05/2009 16:59:21 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 101,59 Mb Available Physical Memory | 19,86% Memory free
1,47 Gb Paging File | 0,97 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,72 Gb Total Space | 0,87 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
Drive D: | 140,94 Gb Total Space | 64,70 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SYLVER
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/30 19:34:39 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/01 19:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- D:\logiciels\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2009/02/06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2009/02/06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}"=Windows Live Messenger
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0BD83598-C2EF-3343-847B-7D2E84599128}"=Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{26a03535-d10f-4434-9724-ce6d2f9a0549}"=DFX 8 for Windows Media Player
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}"=Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4BDB76C6-902E-41D5-9064-68768E02886B}"=Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}"=Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}"=Installation Windows Live
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{751910E3-ECF1-44D0-BF3F-2936A4424514}"=ImageMixer3
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}"=Windows Live Call
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90120000-0010-040C-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-040C-0000-0000000FF1CE}"=Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{5A2F65A4-808F-4A1E-973E-92E17824982D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040C-0000-0000000FF1CE}"=Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}"=Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}"=Adobe Setup
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1036-7B44-A90000000001}"=Adobe Reader 9 - Français
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BF794769-8875-4E01-B7BE-E00104604F4A}"=Adobe Photoshop CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D2E18162-47FB-4216-8AB3-F420C1AF75A4}"=Adobe Setup
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}"=Assistant de connexion Windows Live
"{D7A6C517-11F2-419F-B5BB-27772B939698}"=NvMixer
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe_32e9033392a51340b32fdc6ad893ab7"=Adobe Photoshop CS3
"Adobe_ad19d2ae8332572b119cf35fd0a30d8"=Adobe Dreamweaver CS3
"Agfa ScanWise 2.00"=Agfa ScanWise 2.00
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task"=CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX"=Canon Internet Library for ZoomBrowser EX
"Canon LBP5000"=Canon LBP5000
"CSCLIB"=Canon Camera Support Core Library
"eMule"=eMule
"EOS Utility"=Canon Utilities EOS Utility
"FTP Expert 3"=FTP Expert 3
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ie8"=Windows Internet Explorer 8
"LameACM"=Lame ACM MP3 Codec
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra"=Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"Naevius YouTube Converter_is1"=Naevius YouTube Converter 1.7
"Nero8Lite_is1"=Nero 8 Lite 8.3.2.1
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NOD32"=NOD32 Antivirus System
"NVIDIA Drivers"=NVIDIA Drivers
"PhotoStitch"=Canon Utilities PhotoStitch
"PROPLUS"=Microsoft Office Professional Plus 2007
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Satsuki Decoder Pack"=Satsuki Decoder Pack
"SystemRequirementsLab"=System Requirements Lab
"Update Service"=Update Service
"Wdf01007"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Installation Windows Live
"WinRAR archiver"=Archiveur WinRAR
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ReGetDx"=ReGet Deluxe
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 06/05/2009 01:53:42 | Computer Name = SYLVER | Source = Adobe Version Cue CS3 | ID = 3
Description =

[ System Events ]
Error - 21/04/2009 13:00:10 | Computer Name = SYLVER | Source = Print | ID = 19
Description = Échec du partage de l'imprimante + 1722, Imprimante Canon LBP5000(2)
nom de partage LBP5000.

Error - 23/04/2009 15:45:48 | Computer Name = SYLVER | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 06/05/2009 07:48:32 | Computer Name = SYLVER | Source = SideBySide | ID = 16842810
Description = Erreur de syntaxe dans le fichier manifeste ou le fichier de stratégie
"C:\Program Files\Fichiers communs\Nero\AudioPlugins\msaxp.dll" à la ligne 9.

Error - 06/05/2009 07:48:32 | Computer Name = SYLVER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\Fichiers
communs\Nero\AudioPlugins\msaxp.dll. Message d'erreur de référence : Opération réussie.
.

Error - 06/05/2009 08:00:06 | Computer Name = SYLVER | Source = SideBySide | ID = 16842810
Description = Erreur de syntaxe dans le fichier manifeste ou le fichier de stratégie
"C:\Program Files\Fichiers communs\Nero\AudioPlugins\msaxp.dll" à la ligne 9.

Error - 06/05/2009 08:00:06 | Computer Name = SYLVER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\Program Files\Fichiers
communs\Nero\AudioPlugins\msaxp.dll. Message d'erreur de référence : Opération réussie.
.

Error - 19/05/2009 12:31:43 | Computer Name = SYLVER | Source = Print | ID = 19
Description = Échec du partage de l'imprimante + 1722, Imprimante Canon LBP5000(2)
nom de partage LBP5000.


< End of report >
répondre
Curson le 20 mai 2009 à 17h18
Bonjour,

Désactive tes logiciels de sécurité durant la procédure.

1) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :

Ad-Aware ; il n'est plus efficace contre les infections actuelles.
Choice Guard


2) Télécharge OTMoveIt3 de OldTimer :

- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Assure toi que la case "Unregistrer DLL's and Ocx's" soit cochée.
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :
:Processes
explorer.exe
msnmsgrss.exe

:Services
aawservice
Bonjour Service
NMIndexingService

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}"=-
"{724D43A0-0D85-11D4-9908-00400523E39A}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"Windows UDP Control Center"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{16664848-0E00-11D2-8059-000000000000}"=-

:Files
C:\ltin.exe
C:\dialer.exe
C:\WINDOWS\msnmsgrss.exe
C:\Program Files\Bonjour
C:\Program Files\Lavasoft

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...


3) Télécharge Malwarebytes Anti-Malware.

- Installe-le et fais les mises à jour.


4) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


Comment se comporte ton système ?


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
SofBof le 20 mai 2009 à 18h23
Premier rapport :

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process msnmsgrss.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver aawservice not found.
Service\Driver aawservice not found.
Service\Driver Bonjour Service stopped successfully.
Service\Driver Bonjour Service deleted successfully.
Service\Driver Bonjour Service stopped successfully.
Service\Driver NMIndexingService deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows UDP Control Center deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{16664848-0E00-11D2-8059-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16664848-0E00-11D2-8059-000000000000}\ not found.
========== FILES ==========
C:\ltin.exe moved successfully.
C:\dialer.exe moved successfully.
C:\WINDOWS\msnmsgrss.exe moved successfully.
C:\Program Files\Bonjour moved successfully.
File/Folder C:\Program Files\Lavasoft not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Laurent\LOCALS~1\Temp\Perflib_Perfdata_808.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\F18GAMCE\MsgrConfig[2].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A5O2F586\messages-1[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05202009_172307

Files moved on Reboot...
File C:\DOCUME~1\Laurent\LOCALS~1\Temp\Perflib_Perfdata_808.dat not found!
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\F18GAMCE\MsgrConfig[2].asmx moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A5O2F586\messages-1[1].htm moved successfully.


---
Le suivant :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2158
Windows 5.1.2600 Service Pack 3

20/05/2009 18:18:44
mbam-log-2009-05-20 (18-18-40).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 194289
Temps écoulé: 42 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\MSN\MSNCoreFiles\copymar.exe (Worm.Luder) -> No action taken.
C:\Program Files\MSN\MSNCoreFiles\dw.exe (Worm.Luder) -> No action taken.
D:\System Volume Information\_restore{78BCCF27-CE76-46FC-8F7D-20E3DCA10B26}\RP229\A0055852.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{78BCCF27-CE76-46FC-8F7D-20E3DCA10B26}\RP229\A0055863.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{78BCCF27-CE76-46FC-8F7D-20E3DCA10B26}\RP229\A0055854.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8CA692DD-34CD-4733-9481-3277E81AC1D2}\RP120\A0073070.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Laurent\1.exe (Trojan.Dropper) -> No action taken.


Voilà.
répondre
SofBof le 20 mai 2009 à 18h29

Euh sinon, mon système se comporte bien. Il est gentil et poli pour le moment. Pas de fenêtre qui s'ouvre toute seule depuis un bon moment. :D
répondre
Curson le 20 mai 2009 à 18h47
Bonsoir,

No action taken.
Selon le rapport, aucun élément n'a été supprimé.


As-tu bien suivi les instructions suivantes ?
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
SofBof le 20 mai 2009 à 18h50
J'ai bien suivi ces instrucitons là, oui, et j'ai redémarré.
Ah zut !
Ze recommence ?

Merci de votre aide, hein !
répondre
Curson le 20 mai 2009 à 19h15
Si les éléments ont été supprimés, il n'est pas utile de recommencer. ;)

Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
SofBof le 21 mai 2009 à 07h41
Re-bonjour !

Euh, y'avait pas grand chose dans ce rapport :/

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 21 07:39:30 2009

------------------------------------

Finished reporting.



J'ai encore dû faire des betises ! :pfff:
répondre
Curson le 21 mai 2009 à 17h58
Bonsoir,

Tu n'as fais aucune bêtise. :) Il semblerait que le logiciel n'aie rien trouvé à supprimer.

Pour vérification, analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / supprimer dialer.exe et ltin.exe
publicité
> 01netPro :
Rubrique Emplois
Consultez les actualités et les dernières offres.

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.