Salutations,

Je suis entrain de désinfecter un PC sous Windows XP par le biais de TeamViewer (bureau à distance...).  

Voici les symptômes:

- Message d'erreur impossible à virer du genre: Pas de disque. Exception Processing Message c000013 Parameters 75afbf7c 4 75b6bf7c 75afbf7c ...

(Problème provisoirement résolu par désactivation des lecteurs de cartes)

- Gestionnaire de tâche inaccessible

(Problème résolu)

- Registre inaccessible

(Problème résolu)

- Le centre de sécurité avait été désactivé.

- Impossible d'installer un antivirus !! Pas possible non plus de faire un scan en ligne !! Les sites ne s'affichent pas complètement ou pas du tout. Par contre, je peux surfer ailleurs sans soucis.

- Les fichiers d'installations d'AVG et AVIRA que j'avais mis sur le bureau ont DISPARUS !!

- Points de restaurations disparus.

- Le virus reconnais Hijackthis si je ne le renomme pas !

- Résiste à Navilog, Combofix, Malwarebyte.

- Le mode sans Echec ne semble pas fonctionner, il se lance mais ne va pas jusqu'au bout et Windows se lance en mode normal.

Infection Search Setting trouvée et supprimée par Malwarebyte, peut être pas totalement...

Infection Search Setting supprimée par Combofix.

Il ne semble pas y avoir de Services anormaux.

Actuellement le PC fonctionne normalement, on n'a pas l'impression d'être infecté, mais cette saleté est toujours la. Les seules chose visibles avec Hijackthis sont 3 processus en cours dans C:/Windows/Temp. Si je supprime ces fichiers, il réapparaissent sous d'autre nom du genre winXXXX.exe

Sachant que le mode sans échec est inaccessible, merci pour vos idées, suggestions, aides...

Salut Atex ! ;)

Soit c'est une infection basique, soit un Rootkit (il est déjà arrivé qu'il ne reconnaisse pas certains).

Tu pourrais poster un rapport OTL et GMER ?

http://oldtimer.geekstogo.com/OTL.exe

Dans personalisation, tu colles :

/md5start
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
vaxscsi.sys
nvatabus.sys
SiSRaid.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Tu cliques sur Analyse

--> Rapport à poster

http://www.gmer.net/download.php

Décoche la case "Show all" puis clique sur Scan.

--> Save, coller le rapport.

Je t'aurais bien coller les belles procédure, mais VIC n'accepte pas le BBCode, ce qui est assez barbant ...

@+

OTL logfile created on: 27/04/2010 21:06:10 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
511,00 Mb Total Physical Memory | 246,00 Mb Available Physical Memory | 48,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,25 Gb Total Space | 61,36 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive D: | 4,78 Gb Total Space | 0,98 Gb Free Space | 20,50% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOM-B0A1C0A3909
Current User Name: HP_Propriétaire
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/04/27 21:05:32 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\OTL.exe
PRC - [2010/04/27 18:53:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\temp\oxkr.exe
PRC - [2010/04/27 18:53:51 | 000,007,680 | ---- | M] () -- C:\WINDOWS\temp\bspxv.exe
PRC - [2010/04/27 18:53:27 | 000,011,264 | ---- | M] () -- C:\WINDOWS\temp\winiljx.exe
PRC - [2010/03/18 11:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 11:26:08 | 000,241,960 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2005/01/01 11:09:11 | 000,311,409 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
PRC - [2005/01/01 11:09:11 | 000,102,513 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/06/16 14:03:04 | 000,151,552 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2004/03/04 05:00:00 | 000,167,936 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/04/27 21:05:32 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\OTL.exe
MOD - [2010/03/18 11:37:18 | 000,103,720 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/18 11:26:08 | 000,241,960 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/11/14 01:06:04 | 000,139,264 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (abp470n5)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/09/16 13:34:16 | 000,150,272 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2004/10/01 18:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/29 23:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/29 21:23:00 | 002,744,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/09/24 11:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/06/29 18:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/11 23:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F FB 85 A2 1B 71 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010/04/26 21:31:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Vue HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Vue HP) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/01 10:44:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]
 
[2010/04/27 21:05:30 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\OTL.exe
[2010/04/26 23:40:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Propriétaire\Recent
[2010/04/26 23:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/26 22:18:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/26 22:12:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/26 22:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\navilog1
[2010/04/26 22:02:16 | 000,000,000 | ---D | C] -- C:\Navilog1
[2010/04/26 21:27:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/26 21:21:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/26 21:21:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/26 21:21:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/26 21:21:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/26 21:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/26 21:19:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/25 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/25 19:47:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 19:47:05 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 05:37:03 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/15 09:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Propriétaire\Application Data\TeamViewer
[2010/04/15 09:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/15 09:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
[2010/03/15 09:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
[2010/03/15 09:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/15 09:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/15 08:54:06 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]
 
[2010/04/27 21:05:32 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\OTL.exe
[2010/04/27 21:04:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\g295yu2z.exe
[2010/04/27 20:56:17 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED361F16-8958-42A1-AC08-5EE221228A13}.job
[2010/04/27 18:50:32 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/27 18:50:26 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/27 18:50:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 18:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 18:49:50 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT
[2010/04/27 18:10:31 | 030,143,928 | ---- | M] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\avira_antivir_personal_free.exe
[2010/04/26 23:56:22 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\Raccourci vers Blabla.exe.lnk
[2010/04/26 23:10:08 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 23:10:08 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/04/26 23:10:08 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 21:31:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/25 20:16:31 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\HP_Propriétaire\ntuser.ini
[2010/04/25 19:47:09 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/25 10:52:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/15 09:54:31 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TeamViewer 5.lnk
[2010/04/15 09:53:20 | 002,896,384 | ---- | M] () -- C:\Documents and Settings\HP_Propriétaire\Mes documents\TeamViewer_Setup.exe
[2010/04/15 09:40:50 | 001,126,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 09:40:50 | 000,512,624 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/04/15 09:40:50 | 000,442,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 09:40:50 | 000,085,984 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/04/15 09:40:50 | 000,072,182 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/09 23:43:32 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Connexion facile à Internet.job
[2010/04/09 23:43:25 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Connexion facile à Internet.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/17 16:08:07 | 000,011,084 | ---- | M] () -- C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 08:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/10 08:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/04/27 21:04:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\g295yu2z.exe
[2010/04/27 18:09:29 | 030,143,928 | ---- | C] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\avira_antivir_personal_free.exe
[2010/04/26 23:56:22 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\HP_Propriétaire\Bureau\Raccourci vers Blabla.exe.lnk
[2010/04/26 23:10:07 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
[2010/04/26 23:10:07 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
[2010/04/26 23:10:07 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
[2010/04/26 21:21:16 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/26 21:21:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/26 21:21:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/26 21:21:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/26 21:21:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/25 19:47:09 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/15 09:54:31 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TeamViewer 5.lnk
[2010/04/15 09:53:06 | 002,896,384 | ---- | C] () -- C:\Documents and Settings\HP_Propriétaire\Mes documents\TeamViewer_Setup.exe
[2010/04/09 23:43:25 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\Connexion facile à Internet.job
[2009/06/15 12:33:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/02/09 19:07:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/07/09 10:39:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/03/08 20:03:43 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/02/13 20:28:45 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/02/13 20:28:45 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/02/13 20:15:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/13 20:10:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini
[2008/02/13 19:52:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/13 19:27:55 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/02/13 19:14:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2005/01/02 01:26:50 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/01/02 01:26:50 | 000,095,251 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/01/01 18:33:01 | 000,000,632 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/01 17:12:33 | 000,013,859 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/01 17:12:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/01 14:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/01 11:37:14 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/01 11:00:20 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/14 00:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 04:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 04:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 00:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 19:57:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/11 19:57:43 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/04/14 04:33:30 | 000,072,192 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\msacm32.dll
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >
 

********************************************************************************

********************************************************************************

OTL Extras logfile created on: 27/04/2010 21:06:10 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
511,00 Mb Total Physical Memory | 246,00 Mb Available Physical Memory | 48,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,25 Gb Total Space | 61,36 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive D: | 4,78 Gb Total Space | 0,98 Gb Free Space | 20,50% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOM-B0A1C0A3909
Current User Name: HP_Propriétaire
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9420:TCP" = 9420:TCP:*:Enabled:BitComet 9420 TCP
"9420:UDP" = 9420:UDP:*:Enabled:BitComet 9420 UDP
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" = C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe:*:Enabled:ipsec -- (Hewlett-Packard Company)
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\WINDOWS\SMINST\RECGUARD.EXE" = C:\WINDOWS\SMINST\RECGUARD.EXE:*:Enabled:ipsec -- ()
"C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe" = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"C:\WINDOWS\msagent\AgentSvr.exe" = C:\WINDOWS\msagent\AgentSvr.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"C:\Program Files\Symantec\LiveUpdate\AUpdate.exe" = C:\Program Files\Symantec\LiveUpdate\AUpdate.exe:*:Enabled:ipsec -- File not found
"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" = C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE:*:Enabled:ipsec -- File not found
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE:*:Enabled:ipsec -- (SEIKO EPSON CORPORATION)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:ipsec -- (TeamViewer GmbH)
"C:\WINDOWS\TEMP\wingdronq.exe" = C:\WINDOWS\TEMP\wingdronq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\mqxg.exe" = C:\WINDOWS\TEMP\mqxg.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winfkexrq.exe" = C:\WINDOWS\TEMP\winfkexrq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winpqvfl.exe" = C:\WINDOWS\TEMP\winpqvfl.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\hfaoa.exe" = C:\WINDOWS\TEMP\hfaoa.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ccyjkp.exe" = C:\WINDOWS\TEMP\ccyjkp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ywfo.exe" = C:\WINDOWS\TEMP\ywfo.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\vglxkh.exe" = C:\WINDOWS\TEMP\vglxkh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winxltod.exe" = C:\WINDOWS\TEMP\winxltod.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\apue.exe" = C:\WINDOWS\TEMP\apue.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\dsixs.exe" = C:\WINDOWS\TEMP\dsixs.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winhsmg.exe" = C:\WINDOWS\TEMP\winhsmg.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\gdoehe.exe" = C:\WINDOWS\TEMP\gdoehe.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\sgrx.exe" = C:\WINDOWS\TEMP\sgrx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winsclw.exe" = C:\WINDOWS\TEMP\winsclw.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winxyxdv.exe" = C:\WINDOWS\TEMP\winxyxdv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\xsbok.exe" = C:\WINDOWS\TEMP\xsbok.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\gnuil.exe" = C:\WINDOWS\TEMP\gnuil.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winwomjb.exe" = C:\WINDOWS\TEMP\winwomjb.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\fgukpk.exe" = C:\WINDOWS\TEMP\fgukpk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winkgpsa.exe" = C:\WINDOWS\TEMP\winkgpsa.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winchsyn.exe" = C:\WINDOWS\TEMP\winchsyn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\yhhfw.exe" = C:\WINDOWS\TEMP\yhhfw.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winouxlrk.exe" = C:\WINDOWS\TEMP\winouxlrk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winrwtn.exe" = C:\WINDOWS\TEMP\winrwtn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\qynut.exe" = C:\WINDOWS\TEMP\qynut.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winunjk.exe" = C:\WINDOWS\TEMP\winunjk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\bolre.exe" = C:\WINDOWS\TEMP\bolre.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winnpav.exe" = C:\WINDOWS\TEMP\winnpav.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ghym.exe" = C:\WINDOWS\TEMP\ghym.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\slhvky.exe" = C:\WINDOWS\TEMP\slhvky.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winuhslu.exe" = C:\WINDOWS\TEMP\winuhslu.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ueqab.exe" = C:\WINDOWS\TEMP\ueqab.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\lmjom.exe" = C:\WINDOWS\TEMP\lmjom.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winonccqg.exe" = C:\WINDOWS\TEMP\winonccqg.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winpfbthq.exe" = C:\WINDOWS\TEMP\winpfbthq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\hwlh.exe" = C:\WINDOWS\TEMP\hwlh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winslsnjn.exe" = C:\WINDOWS\TEMP\winslsnjn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winneplho.exe" = C:\WINDOWS\TEMP\winneplho.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winngvfe.exe" = C:\WINDOWS\TEMP\winngvfe.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winubsdc.exe" = C:\WINDOWS\TEMP\winubsdc.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\cugus.exe" = C:\WINDOWS\TEMP\cugus.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winqisxn.exe" = C:\WINDOWS\TEMP\winqisxn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\pcgy.exe" = C:\WINDOWS\TEMP\pcgy.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winewlakk.exe" = C:\WINDOWS\TEMP\winewlakk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winrdjb.exe" = C:\WINDOWS\TEMP\winrdjb.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\qmaxf.exe" = C:\WINDOWS\TEMP\qmaxf.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\apgrj.exe" = C:\WINDOWS\TEMP\apgrj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winiljx.exe" = C:\WINDOWS\TEMP\winiljx.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\bspxv.exe" = C:\WINDOWS\TEMP\bspxv.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\oxkr.exe" = C:\WINDOWS\TEMP\oxkr.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\winylhe.exe" = C:\WINDOWS\TEMP\winylhe.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wingrqnn.exe" = C:\WINDOWS\TEMP\wingrqnn.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winwtfgp.exe" = C:\WINDOWS\TEMP\winwtfgp.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winkdgagq.exe" = C:\WINDOWS\TEMP\winkdgagq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winfwkdwj.exe" = C:\WINDOWS\TEMP\winfwkdwj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winnawkiu.exe" = C:\WINDOWS\TEMP\winnawkiu.exe:*:Enabled:ipsec -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08783603-FFD0-479c-9160-E2FA46E62883}" = Mise à niveau de Works
"{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}" = HP Image Zone Plus 4.2.3
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}" = Complément Microsoft Word pour Microsoft Works Suite
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Album 10
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Appareils photos Photosmart 4.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{561A9B4E-2E48-4149-B977-59C7AFF62B52}" = HPIZ423
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@
"{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series (fra)
"{AC76BA86-7AD7-1036-7B44-A70000000000}" = Adobe Reader 7.0 - Français
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"CCleaner" = CCleaner
"DVD X Player 4.1 Professionnel_is1" = DVD X Player 4.1 Professionnel
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ESCX3600 Guide de réf." = ESCX3600 Guide de réf.
"ESCX3600 Guide des logiciels" = ESCX3600 Guide des logiciels
"Free Easy Burner_is1" = Free Easy Burner V 3.0
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"InstallShield_{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v10" = Microsoft Photo Premium 10
"SFR_Kit" = SFR - Kit de connexion
"SiS VGA Driver" = SiS VGA Utilities
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Sélecteur d'installation de Microsoft Works 2005
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 07/03/2010 17:38:32 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 07/03/2010 17:38:34 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Word 2002 - La mise à jour '{10864676-F019-4492-91BC-6A5F68C72840}'
 n'a pas pu être installée. Code d'erreur 1603.  Windows Installer peut créer des
 journaux pour faciliter la résolution des éventuelles erreurs d'installation des
 packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant
 l'activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 23/04/2010 14:15:46 | Computer Name = NOM-B0A1C0A3909 | Source = Application Hang | ID = 1002
Description = Application bloquée wlarp.exe, version 14.0.8089.726, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 26/04/2010 17:11:30 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 26/04/2010 18:37:33 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 26/04/2010 18:55:36 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 27/04/2010 05:56:15 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 27/04/2010 07:27:03 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 27/04/2010 12:07:26 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
Error - 27/04/2010 13:06:13 | Computer Name = NOM-B0A1C0A3909 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Word 2002 -- Erreur 1706. Le programme d'installation
 ne peut pas trouver les fichiers requis. Vérifiez votre connexion au réseau ou
votre lecteur de CD-ROM. Pour des solutions éventuelles à ce problème, consultez
 C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
 
[ System Events ]
Error - 26/04/2010 16:31:27 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 16:31:45 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 16:48:05 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 16:48:50 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 16:52:24 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 16:52:50 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 17:06:07 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 26/04/2010 17:06:42 | Computer Name = NOM-B0A1C0A3909 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service SeaPort
 avec les arguments "-Service"  pour démarrer le serveur :  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 27/04/2010 07:18:19 | Computer Name = NOM-B0A1C0A3909 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   viaagp1
 
Error - 27/04/2010 12:50:25 | Computer Name = NOM-B0A1C0A3909 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   viaagp1
 
 
< End of report >
 

 UP !

J'aurais à nouveau accès à ce PC Dimanche matin.

T'as pas fait pété le rapport GMER :)

@+

Et chiotte...

Bon ben je le récupère dimanche.

Voilà, mais j'ai comme l'impression que ce rapport ne nous avance pas grandement...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-02 05:44:54
Windows 5.1.2600 Service Pack 3
Running: g295yu2z.exe; Driver: C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\pfaoqfob.sys

J'ai une mauvaise nouvelle: après quelques recherche de mon coté, le PC est infecté par Win32/Sality

La collègue m'amène le PC demain, ce sera plus simple que par Teamviewer.

Je vais quand même tenter de le désinfecter, à première vu il n'y pas pas trop de chose installé sur ce PC. L'infection est arrivé par clé USB. J'ai détecté Sality en faisant un scan SDFix (Option 1) ce matin.

 Le premier scan a été arrêté par Sality certainement mais je n'étais pas devant le PC pendant le scan. Quand relancé le scan, ça a commencé à bugguer de partout, pleins d'erreurs dans le scan, mais j'ai quand même eu le temps de voir "Win32/Sality détecté" juste avant un compte à rebours m'annonçant le redémarrage du PC. Finalement le PC s'est arrêté et je n'y ai plus eu accès.

Avant un éventuelle formatage, il faudrait que je récupère la clé d'activation de Windows directement sur le PC parce qu'elle ne trouve plus ni le CD, ni la clé, et c'est un Windows original. J'ai testé ViewKeyXP sur un autre PC, ça a l'air de marcher, reste à voir si Sality me laissera faire.