Ecran noir avec message disk boot failure

djidji -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Windows XP SP2 Pc a ma frangine . Bloquage après 1 redemarrage.

Une fois entré dans la session, que je clique ok ou Cancel, l'ordinateur affiche le message suivant :
" Windows disk dianostic. Tool will scan the systeme to identity performance issue, check disk option" :
- 1) CHECK HARD DRIVE SECTORS
- 2) CHECK FILE SYSTEM INTEGRITY
On m'invite donc à cocher l'une ou l'autre ou les deux options puis de lancer un diagnostic.
Quoi que je coche, un chargement s"effectue et un autre message s'affiche :
"A problem with the hard drive has been dectected. It is strongly recommended that you download and install the following certified software to fix dectected hard drive error. Do you want to download recommended software?"

J'ai crée 1 cd OLTPE avec lequel j'ai extrait 1 rapport mais que je ne sais pas exploité.
Peut on m'aider
Merci

11 réponses

  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    1)

    DhcpDomain = priv.ifreduc.com

    tu connais ?

    .............

    2)

    Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\Baby\Mes documents\guillaume\U96.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Baby\Mes documents\guillaume\U96.exe (.not file.)
    O69 - SBI: SearchScopes [HKCU] {043C5167-00BB-4324-AF7E-62013FAEDACF} - (Web Search...) - http://ww1.toolbarhome.com
    MBRFix


    Puis Lance ZHPFix depuis le raccourci du bureau .

    * Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    * Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    Copie/Colle le rapport à l'écran dans ton prochain message

    le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
    1
  2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    fais ceci plutôt

    * Télécharge sur le bureau RogueKiller (par tigzy)
    https://www.luanagames.com/index.fr.html

    *( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )

    * Quitte tous tes programmes en cours
    * Lance RogueKiller.exe.
    * Lorsque demandé, tape 2 et valide

    * puis l'option 4
    * Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    * Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. ou renommer l'outil en firefox.exe ou roguekiller.com

    0
    1. djidji
       
      Je n'arrive pas a acceder au bureau meme avec ctrl+alt+supp
      je reste avec les fenêtres "check hard drive sector"
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      en mode sans echec non plus ?

      si c'est non

      Rend toi sur http://pjjoint.malekal.com/

      Clique sur "Parcourir "

      Sélectionne le rapport OLTPE

      Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
      0
    3. djidji
       
      Merci de ton aide.

      Voici le lien http://pjjoint.malekal.com/files.php?id=60d8cd0da1101510
      0
    4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      étrange

      tous les fichiers néfastes semblent supprimés

      as tu déjà commencer une désinfection ailleurs ?

      et en mode sans echec, as tu essayé d'avoir ton bureau ?
      0
    5. djidji
       
      Mode sans echec ou mode normal impossible d'avoir le bureau.

      Je n'ai commencé aucune desinfection, je n'ai accés a aucune ligne de commande.
      j'ai juste via OLTPE essayé d'intaller malwrebytes mais je ne peux pas le lancer à partir d'OLTPE.
      0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    essai ca

    * Télécharge OTH (de OldTimer) sur ton Bureau

    http://oldtimer.geekstogo.com/OTH.scr
    http://oldtimer.geekstogo.com/OTH.com

    * Lance OTH et clique sur "Kill All Processes" (tout devrait disparaitre de ton écran à part OTH)
    * Ensuite, clique sur "Start Misc Program" et lance malwrebytes
    0
  4. djidji
     
    je ne peux lancer une application qu' a patir du bureau OLTPE.
    Comment je peux tuer les process de c; alors que le disque n'est pas en activité ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Redémarre sous OTLPE (si tu as fermé ton ordi, sinon pas nécessaire)

    Dans le cadre custom scans/fixes colle les lignes ci-dessous

    :OTL

    O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKU\Baby_ON_C\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O4 - HKLM..\Run: [wuaucldt] C:\WINDOWS\system32\wuaucldt.exe ()
    O4 - HKU\Baby_ON_C..\Run: [wuaucldt] C:\Documents and Settings\Baby\wuaucldt.exe ()
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
    O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll) - C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll ()

    :Files
    C:\Documents and Settings\All Users\Application Data\85012
    C:\Documents and Settings\All Users\Application Data\85012.exe
    C:\Documents and Settings\All Users\Application Data\~46246
    C:\Documents and Settings\All Users\Application Data\~46246r
    C:\Documents and Settings\All Users\Application Data\46246.exe
    C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
    C:\Documents and Settings\Baby\wuaucldt.exe
    C:\WINDOWS\System32\wuaucldt.exe
    C:\WINDOWS\System32\ALZZip.BIN
    C:\Documents and Settings\Baby\Application Data\Toolbar4

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ? Clique sur "Correction" pour lancer la suppression.

    ? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail apres le redemarrage.

    0
    1. djidji
       
      Merci encore de t'interresser a ce pb.

      voici le lien http://pjjoint.malekal.com/files.php?id=38b08aced05156

      J'en ai profité en étant sur OLTPE de réactiver dans la base de registre de c: la valeur de la clé TaskMgr a 0.

      Pendant que tu regardes le fichier, je vas rebooter mon poste en mode echec si je peux.
      Je te tiens au courant.
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      ce n'est pas le rapport de suppression

      dis moi ce que ca dit
      0
    3. djidji
       
      J'ai bien vu que dans ton fichier il y avait
      :commands
      [emptytemp]
      [start explorer]
      [reboot]

      mais je n'ai ni eu de rapport ou alors je n'ai pas compris, ni mon pc n'a rebooter.

      Par contre, j'ai bien réussi a redemarrer ma machine en mode echec et en mode normal, par contre j'ai tjs le meme message au démarrage "disk boot failure etc..", mais j'ai pu ouvrir via le gestionnaire de tache une commande explorer j'ai commecé une maj de mon anti virus et maintenant il reboote tout seul avant la fin de maj.

      il est repartie en mode echec, mon gestionnaire de tache est de nouveau bloqué, je redemarre avec mon CD OLTPE
      0
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    * Double-click sur l'icone OTLPE
    * Quand demandé "Do you wish to load the remote registry", select Yes
    * Quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
    * Vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK

    * Sous Custom Scan box copie_colle le contenu en gras ci dessous:

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.exe
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    c:\$recycle.bin\*.* /s


    * clic Run Scan pour démarrer le scan.
    * une fois terminé , le fichier se trouve là C:\OTL.txt
    * copie_colle le contenu dans ta prochaine réponse
    0
    1. djidji
       
      OTL logfile created on: 3/16/2011 1:17:08 AM - Run
      OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
      Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
      Internet Explorer (Version = 7.0.5730.11)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
      1,010.00 Mb Paging File | 954.00 Mb Available in Paging File | 94.00% Paging File free
      Paging file location(s): C:\pagefile.sys 0 0 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 104.55 Gb Total Space | 67.19 Gb Free Space | 64.27% Space Free | Partition Type: NTFS
      Drive D: | 18.63 Gb Total Space | 16.42 Gb Free Space | 88.15% Space Free | Partition Type: FAT32
      Drive E: | 48.82 Gb Total Space | 42.38 Gb Free Space | 86.80% Space Free | Partition Type: FAT32
      Drive F: | 3.84 Gb Total Space | 0.56 Gb Free Space | 14.55% Space Free | Partition Type: FAT32
      Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

      Computer Name: REATOGO | User Name: SYSTEM
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
      Using ControlSet: ControlSet001

      [color=#E56717]========== Win32 Services (SafeList) ==========/color

      SRV - [2005/08/18 06:50:02 | 000,153,416 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
      SRV - [2005/08/18 06:49:52 | 001,111,880 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
      SRV - [2005/08/18 06:49:46 | 000,030,528 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
      SRV - [2005/05/04 18:52:58 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)


      [color=#E56717]========== Driver Services (SafeList) ==========/color

      DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
      DRV - File not found [Kernel | System] -- -- (PCIDump)
      DRV - File not found [Kernel | System] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System] -- -- (Changer)
      DRV - [2011/03/07 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20110307.002\NAVEX15.SYS -- (NAVEX15)
      DRV - [2011/03/07 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20110307.002\NAVENG.SYS -- (NAVENG)
      DRV - [2009/08/05 17:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
      DRV - [2007/04/11 09:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
      DRV - [2007/04/11 09:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
      DRV - [2007/04/11 09:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
      DRV - [2006/08/11 01:12:22 | 000,042,496 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (ser2pl)
      DRV - [2005/07/28 08:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
      DRV - [2005/06/17 09:08:46 | 000,050,312 | R--- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
      DRV - [2005/06/17 09:08:44 | 000,323,720 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
      DRV - [2005/05/04 20:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
      DRV - [2004/08/19 19:02:01 | 000,607,452 | ---- | M] (LT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
      DRV - [2004/08/19 18:59:12 | 000,053,376 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
      DRV - [2004/08/04 02:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
      DRV - [2003/02/17 06:22:24 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
      DRV - [2003/02/14 05:59:14 | 001,169,792 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
      DRV - [2002/09/23 13:16:50 | 000,611,328 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
      DRV - [2001/10/31 20:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
      DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
      DRV - [2001/08/17 15:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
      DRV - [2001/05/04 12:04:32 | 000,095,902 | ---- | M] (Scm Microsystems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stihp2k.sys -- (stihp2k)


      [color=#E56717]========== Standard Registry (SafeList) ==========/color


      [color=#E56717]========== Internet Explorer ==========/color

      IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\Babou_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      IE - HKU\Babou_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\Baby_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
      IE - HKU\Baby_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
      IE - HKU\Baby_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
      IE - HKU\Baby_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\Baby_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

      IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      FF - HKLM\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/29 09:45:21 | 000,000,000 | ---D | M]


      O1 HOSTS File: ([2008/05/21 11:03:31 | 000,245,890 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 www.008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 www.00hq.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 www.1001-search.info
      O1 - Hosts: 127.0.0.1 1001-search.info
      O1 - Hosts: 127.0.0.1 www.100888290cs.com
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 www.100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 www.10sek.com
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 www.123topsearch.com
      O1 - Hosts: 127.0.0.1 123topsearch.com
      O1 - Hosts: 127.0.0.1 www.132.com
      O1 - Hosts: 127.0.0.1 132.com
      O1 - Hosts: 127.0.0.1 www.136136.net
      O1 - Hosts: 127.0.0.1 136136.net
      O1 - Hosts: 8576 more lines...
      O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
      O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
      O3 - HKU\Baby_ON_C\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
      O4 - HKLM..\Run: [$OWF] File not found
      O4 - HKLM..\Run: [Hot Key Kbd Daemon] C:\WINDOWS\System32\SKDAEMON.EXE ()
      O4 - HKLM..\Run: [hpqSRMon] File not found
      O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
      O4 - HKLM..\Run: [Regedit32] File not found
      O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
      O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
      O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
      O4 - HKLM..\Run: [wuaucldt] C:\WINDOWS\system32\wuaucldt.exe ()
      O4 - HKLM..\Run: [zzzHPSETUP] File not found
      O4 - HKU\Administrateur_ON_C..\Run: [cmd] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
      O4 - HKU\Baby_ON_C..\Run: [wjfrjCrTGl] C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe (NetInternals)
      O4 - HKU\Baby_ON_C..\Run: [wuaucldt] C:\Documents and Settings\Baby\wuaucldt.exe ()
      O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (TLC Multimedia Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
      O4 - Startup: C:\Documents and Settings\Baby\Menu Démarrer\Programmes\Démarrage\igfxtray.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
      O7 - HKU\Babou_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Baby_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Baby_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
      O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/... (MSSecurityAdvisor Class)
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/... (MUWebControl Class)
      O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
      O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
      O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
      O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/06/01 03:11:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll) - C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll ()
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      NetSvcs: 6to4 - File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found


      SafeBootMin: Base - Driver Group
      SafeBootMin: Boot Bus Extender - Driver Group
      SafeBootMin: Boot file system - Driver Group
      SafeBootMin: File system - Driver Group
      SafeBootMin: Filter - Driver Group
      SafeBootMin: PCI Configuration - Driver Group
      SafeBootMin: PNP Filter - Driver Group
      SafeBootMin: Primary disk - Driver Group
      SafeBootMin: SCSI Class - Driver Group
      SafeBootMin: sermouse.sys - Driver
      SafeBootMin: System Bus Extender - Driver Group
      SafeBootMin: vds - Service
      SafeBootMin: vga.sys - Driver
      SafeBootMin: WdfLoadGroup -
      SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
      SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      SafeBootNet: Base - Driver Group
      SafeBootNet: Boot Bus Extender - Driver Group
      SafeBootNet: Boot file system - Driver Group
      SafeBootNet: File system - Driver Group
      SafeBootNet: Filter - Driver Group
      SafeBootNet: NDIS Wrapper - Driver Group
      SafeBootNet: NetBIOSGroup - Driver Group
      SafeBootNet: NetDDEGroup - Driver Group
      SafeBootNet: Network - Driver Group
      SafeBootNet: NetworkProvider - Driver Group
      SafeBootNet: PCI Configuration - Driver Group
      SafeBootNet: PNP Filter - Driver Group
      SafeBootNet: PNP_TDI - Driver Group
      SafeBootNet: Primary disk - Driver Group
      SafeBootNet: SCSI Class - Driver Group
      SafeBootNet: sermouse.sys - Driver
      SafeBootNet: Streams Drivers - Driver Group
      SafeBootNet: System Bus Extender - Driver Group
      SafeBootNet: TDI - Driver Group
      SafeBootNet: UploadMgr - Service
      SafeBootNet: vga.sys - Driver
      SafeBootNet: WdfLoadGroup -
      SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
      SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
      SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
      SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
      SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
      ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
      ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
      ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
      ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
      ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
      ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
      ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
      ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
      ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
      ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
      ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
      ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
      ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
      ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
      ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
      ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
      ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
      ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
      ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
      ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
      ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
      ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
      ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
      ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
      ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
      ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
      ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
      ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
      ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
      ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
      ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
      ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
      ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
      ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
      ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
      ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
      ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
      ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
      ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
      ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
      ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
      ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
      ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
      ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
      ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

      Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
      Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
      Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
      Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

      [color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

      File not found --
      [2011/03/15 18:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baby\Application Data\Malwarebytes
      [2011/03/15 18:52:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
      [2011/03/15 18:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
      [2011/03/15 18:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      [2011/03/15 18:43:46 | 000,573,440 | ---- | C] (NetInternals) -- C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe
      [2011/03/15 10:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
      [2011/03/14 21:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2011/03/14 11:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Windows Safemode
      [2011/03/07 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baby\Menu Démarrer\Programmes\Windows Safemode
      [2011/03/07 13:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      [color=#E56717]========== Files - Modified Within 30 Days ==========/color

      [2011/03/15 19:03:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2011/03/15 19:01:57 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2011/03/15 19:01:41 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2011/03/15 18:52:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
      [2011/03/15 18:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
      [2011/03/15 18:44:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2011/03/15 18:43:42 | 000,573,440 | ---- | M] (NetInternals) -- C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe
      [2011/03/15 18:43:23 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2011/03/15 18:36:55 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
      [2011/03/14 13:12:20 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\85012
      [2011/03/14 12:17:19 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
      [2011/03/14 11:42:57 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Windows Safemode.lnk
      [2011/03/14 11:42:10 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\85012.exe
      [2011/03/09 14:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Silverlight
      [2011/03/07 13:18:49 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\46246
      [2011/03/07 13:15:08 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~46246
      [2011/03/07 13:15:07 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~46246r
      [2011/03/07 13:13:35 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Baby\Bureau\Windows Safemode.lnk
      [2011/03/07 13:13:16 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\46246.exe
      [2011/03/07 13:08:06 | 000,696,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
      [2011/03/06 09:54:54 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Baby\wuaucldt.exe
      [2011/03/06 09:54:51 | 000,032,256 | ---- | M] () -- C:\WINDOWS\System32\wuaucldt.exe
      [2011/03/05 04:29:03 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Baby\Bureau\Zimbra draft.url
      [2011/03/03 13:57:03 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Baby\Mes documents\spider.sav
      [2011/03/01 16:59:51 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
      [2011/02/27 15:18:43 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2011/02/27 15:18:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
      [2011/02/26 08:35:21 | 000,054,734 | ---- | M] () -- C:\Documents and Settings\Baby\Application Data\Microsoft\Internet Explorer\Quick Launch\Facebook.url
      [2011/02/23 13:27:01 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Baby\Bureau\Raccourci vers filou.lnk
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      [color=#E56717]========== Files Created - No Company Name ==========/color

      [2011/03/15 18:52:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
      [2011/03/15 18:36:55 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
      [2011/03/14 12:17:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
      [2011/03/14 11:42:57 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Windows Safemode.lnk
      [2011/03/14 11:42:17 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\85012
      [2011/03/14 11:42:09 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\85012.exe
      [2011/03/07 13:15:07 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~46246
      [2011/03/07 13:15:07 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~46246r
      [2011/03/07 13:13:35 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Baby\Bureau\Windows Safemode.lnk
      [2011/03/07 13:13:29 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\46246
      [2011/03/07 13:13:16 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\46246.exe
      [2011/03/07 13:08:06 | 000,696,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
      [2011/03/06 09:54:54 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Baby\wuaucldt.exe
      [2011/03/06 09:54:51 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
      [2011/03/05 04:29:02 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Baby\Bureau\Zimbra draft.url
      [2011/02/26 08:35:21 | 000,054,734 | ---- | C] () -- C:\Documents and Settings\Baby\Application Data\Microsoft\Internet Explorer\Quick Launch\Facebook.url
      [2011/02/23 13:27:01 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\Baby\Bureau\Raccourci vers filou.lnk
      [2010/05/13 05:24:08 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Baby\Application Data\$_hpcst$.hpc
      [2010/04/07 04:10:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
      [2010/03/29 09:44:04 | 000,023,796 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
      [2009/11/29 10:35:17 | 000,078,333 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
      [2009/08/08 15:12:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Baby\PUTTY.RND
      [2009/07/02 07:43:39 | 000,188,437 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
      [2009/07/02 07:43:38 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
      [2009/07/02 06:51:20 | 000,188,045 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
      [2009/07/02 06:51:20 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
      [2008/12/17 13:24:01 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
      [2008/12/04 13:49:06 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
      [2008/12/04 13:44:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
      [2008/12/04 13:44:57 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll
      [2008/12/04 13:44:56 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll
      [2008/08/10 03:09:47 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
      [2008/07/28 05:11:59 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2008/06/14 04:27:58 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
      [2008/06/14 04:27:58 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
      [2008/06/14 04:27:58 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
      [2008/06/14 04:27:58 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
      [2008/06/14 04:27:58 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
      [2008/06/14 04:27:58 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
      [2008/06/14 04:27:58 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
      [2008/06/14 04:27:58 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
      [2008/06/14 04:27:58 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
      [2008/06/14 04:27:58 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
      [2008/06/14 04:27:58 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
      [2008/06/14 04:27:58 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
      [2008/06/14 04:27:57 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
      [2008/06/14 04:27:57 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
      [2008/06/14 04:27:57 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
      [2008/06/14 04:27:57 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
      [2008/06/14 04:27:57 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
      [2008/06/14 04:25:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED68PE.ini
      [2008/06/14 04:13:07 | 000,001,467 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
      [2008/06/14 04:11:10 | 000,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
      [2008/06/14 04:09:27 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
      [2008/06/14 03:52:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
      [2008/06/14 03:52:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
      [2008/06/09 10:01:16 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Baby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2008/05/27 04:36:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
      [2008/05/27 03:45:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Babou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2008/05/21 11:05:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SKDAEMON.EXE
      [2008/05/21 11:00:35 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
      [2008/05/21 11:00:35 | 000,002,548 | ---- | C] () -- C:\WINDOWS\unins000.dat
      [2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
      [2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
      [2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
      [2006/12/04 04:29:42 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
      [2006/06/08 09:18:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
      [2006/06/08 09:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
      [2006/06/08 08:51:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
      [2006/06/07 03:52:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
      [2006/06/02 07:34:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
      [2006/06/01 05:05:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
      [2006/05/31 11:36:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
      [2006/05/31 11:36:09 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\PX.INI
      [2006/05/31 11:30:31 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Welcome.ini
      [2006/05/31 11:13:30 | 000,002,500 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
      [2005/08/01 14:46:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
      [2005/08/01 14:46:08 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
      [2003/07/02 19:25:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
      [2003/07/02 19:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
      [2002/11/14 19:14:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
      [2002/09/30 10:36:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2002/09/30 10:26:50 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
      [2002/09/30 10:20:41 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
      [2002/09/30 10:19:47 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2002/01/21 08:48:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
      [2001/08/23 01:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
      [2001/08/23 01:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
      [2001/08/07 13:00:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
      [2001/01/24 03:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
      [2000/04/14 10:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
      [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
      [1998/06/11 08:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
      [1998/04/26 19:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
      [1994/07/24 19:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
      [1994/04/06 19:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
      [1979/12/31 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
      [1979/12/31 18:00:00 | 000,500,814 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
      [1979/12/31 18:00:00 | 000,432,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
      [1979/12/31 18:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
      [1979/12/31 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
      [1979/12/31 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
      [1979/12/31 18:00:00 | 000,080,856 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
      [1979/12/31 18:00:00 | 000,067,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
      [1979/12/31 18:00:00 | 000,053,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
      [1979/12/31 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
      [1979/12/31 18:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
      [1979/12/31 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
      [1979/12/31 18:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
      [1979/12/31 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

      [color=#E56717]========== LOP Check ==========/color

      File not found --
      [2006/12/04 05:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Babou\Application Data\OfficeUpdate12
      [2008/12/23 13:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\ACD Systems
      [2008/06/14 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\Dossier de téléchargement Share-to-Web
      [2008/06/14 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\Dossier de téléchargement Share-to-Web
      [2008/12/08 06:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\EPSON
      [2008/12/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\InterVideo
      [2006/12/04 05:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\OfficeUpdate12
      [2010/08/27 03:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\Toolbar4
      [2010/08/28 15:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baby\Application Data\vShare
      [2008/12/04 13:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
      [2010/04/07 12:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
      [2010/11/15 15:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
      [2006/05/31 11:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
      [2009/09/16 02:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
      [2009/06/21 05:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
      [2010/11/08 10:35:11 | 000,000,756 | ---- | M] () -- C:\WINDOWS\Tasks\Sauve.job

      [color=#E56717]========== Purity Check ==========/color



      [color=#E56717]========== Custom Scans ==========/color


      Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

      Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

      Invalid Environment Variable: %APPDATA%\*.

      Invalid Environment Variable: %APPDATA%\*.exe

      [color=#A23BEC]< %SYSTEMDRIVE%\*.* >/color
      [2011/03/15 23:17:51 | 000,071,796 | ---- | M] () -- C:\$OTL.Txt
      [2006/06/01 03:11:00 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
      [2006/06/02 07:47:58 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
      [2002/08/29 23:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
      [2006/05/31 11:33:00 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
      [2006/05/31 11:36:56 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
      [2002/09/30 10:12:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
      [2006/07/24 07:21:11 | 000,000,028 | ---- | M] () -- C:\conf.cmd
      [2006/06/01 03:11:00 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
      [2006/05/31 11:32:20 | 000,001,230 | ---- | M] () -- C:\drivez.log
      [2006/06/01 03:11:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
      [2006/07/24 07:20:41 | 000,000,029 | ---- | M] () -- C:\lance.cmd
      [2009/07/04 05:08:12 | 000,000,000 | ---- | M] () -- C:\Log.txt
      [2006/05/31 11:29:18 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
      [2006/12/08 03:54:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2006/06/06 08:47:09 | 000,000,033 | ---- | M] () -- C:\nofile.txt
      [2006/06/02 07:41:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2006/06/02 07:41:58 | 000,251,712 | RHS- | M] () -- C:\ntldr
      [2011/03/15 23:19:31 | 000,071,796 | ---- | M] () -- C:\OTL.txt
      [2011/03/15 19:01:32 | 1205,850,112 | -HS- | M] () -- C:\pagefile.sys
      [2006/05/31 11:26:32 | 000,000,090 | ---- | M] () -- C:\setup.log
      [2006/12/04 04:02:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
      [2006/12/04 04:04:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
      [2008/05/21 10:51:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
      [2008/06/09 09:55:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
      [2008/07/07 14:39:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
      [2008/08/30 17:12:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
      [2008/10/10 17:52:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
      [2009/05/09 11:31:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
      [2009/05/13 15:35:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
      [2009/09/23 09:54:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
      [2006/12/04 04:02:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
      [2006/12/04 04:04:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
      [2008/05/21 10:51:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
      [2008/06/09 09:55:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
      [2008/07/07 14:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
      [2008/08/30 17:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
      [2008/10/10 17:52:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
      [2009/05/09 11:31:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
      [2009/05/13 15:35:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
      [2009/09/23 09:54:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
      [2006/05/31 11:13:30 | 000,000,830 | ---- | M] () -- C:\SYSLEVEL.IBM
      [2006/05/31 11:12:40 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG
      [2009/09/13 04:09:03 | 000,000,922 | ---- | M] () -- C:\updatedatfix.log
      [2009/06/09 07:07:17 | 000,002,465 | ---- | M] () -- C:\xPos.txt

      [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

      [color=#A23BEC]< %PROGRAMFILES%\*.* >/color

      [color=#A23BEC]< %PROGRAMFILES%\*. >/color
      [2011/03/15 18:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\$OvisLink
      [2008/06/14 04:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
      [2009/11/29 06:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
      [2006/12/04 05:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
      [2008/06/14 04:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
      [2008/12/04 13:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
      [2002/09/30 10:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
      [2008/05/27 03:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
      [2008/08/03 05:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\eCover3D
      [2009/06/21 05:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
      [2006/12/08 03:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\ESTsoft
      [2009/11/20 06:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Fichiers communs
      [2010/12/02 15:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Google
      [2008/10/22 12:09:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
      [2010/07/06 13:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\HP
      [2010/08/27 03:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\Iminent
      [2010/05/13 05:58:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
      [2006/07/24 05:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
      [2010/06/09 16:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
      [2006/12/08 03:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
      [2009/07/04 16:22:31 | 000,000,000 | ---D | M] -- C:\Program Files\Jaquette Express
      [2006/12/04 05:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
      [2008/06/14 03:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
      [2011/03/15 18:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2008/08/13 10:02:58 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
      [2008/09/12 12:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Micro Application
      [2009/11/20 06:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
      [2010/05/13 05:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
      [2008/05/21 10:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [2006/12/04 05:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Carioca
      [2009/09/16 02:03:14 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
      [2009/09/16 02:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
      [2011/03/09 14:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
      [2009/11/20 06:16:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
      [2009/11/20 06:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
      [2010/03/10 17:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
      [2009/11/21 18:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
      [2002/09/30 10:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
      [2002/09/30 10:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
      [2008/05/21 10:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
      [2009/07/03 10:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
      [2009/11/21 18:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
      [2006/06/02 07:44:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
      [2010/05/12 16:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
      [2010/07/10 16:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
      [2008/08/07 06:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltre
      [2006/12/04 04:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
      [2006/12/04 04:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Real
      [2009/11/21 18:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
      [2006/05/31 11:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\SBApps
      [2002/09/30 10:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Services en ligne
      [2009/09/16 02:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
      [2008/05/21 11:01:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
      [2006/06/06 08:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com
      [2006/06/08 08:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
      [2011/03/15 19:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
      [2006/06/06 09:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
      [2008/08/10 03:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Trellix Corporation
      [2002/09/30 10:37:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
      [2010/05/13 05:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\ViaMichelin
      [2010/08/28 15:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
      [2008/12/04 13:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
      [2011/02/06 02:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
      [2009/11/20 06:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
      [2006/12/04 04:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
      [2006/12/04 04:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
      [2006/06/02 07:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
      [2006/06/01 04:42:31 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
      [2002/09/30 10:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
      [2008/09/09 14:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


      [color=#A23BEC]< MD5 for: AGP440.SYS >/color
      [2006/06/02 07:38:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
      [2006/06/02 07:38:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
      [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\agp440.sys
      [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
      [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

      [color=#A23BEC]< MD5 for: ATAPI.SYS >/color
      [2002/08/29 23:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
      [2002/08/29 23:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
      [2006/06/02 07:38:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
      [2006/06/02 07:38:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
      [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
      [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
      [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
      [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
      [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

      [color=#A23BEC]< MD5 for: AUTOCHK.EXE >/color
      [2004/08/19 19:09:51 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=0BB998A402272141809EE90F9081CB27 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
      [2004/08/19 19:09:51 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=0BB998A402272141809EE90F9081CB27 -- C:\WINDOWS\system32\autochk.exe
      [2002/08/29 23:00:00 | 000,602,112 | ---- | M] (Microsoft Corporation) MD5=2ED97FCADB647FEE2D141B2D71ACCE8B -- C:\I386\AUTOCHK.EXE
      [2008/04/13 22:33:53 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=B16CCBF66BF41F994D2810CC2299D9D6 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\autochk.exe

      [color=#A23BEC]< MD5 for: BEEP.SYS >/color
      [2002/08/29 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

      [color=#A23BEC]< MD5 for: EVENTLOG.DLL >/color
      [2004/08/19 19:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
      [2004/08/19 19:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll
      [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll

      [color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
      [2004/08/19 19:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
      [2007/06/13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\explorer.exe
      [2007/06/13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\system32\dllcache\explorer.exe
      [2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe

      [color=#A23BEC]< MD5 for: IMM32.DLL >/color
      [2008/04/13 22:33:26 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0469B73DB32E5520F342C5E163AA3CCA -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\imm32.dll
      [2004/08/19 19:09:28 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=E55DAFA1A354BD5CB69151563DC9748A -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
      [2004/08/19 19:09:28 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=E55DAFA1A354BD5CB69151563DC9748A -- C:\WINDOWS\system32\imm32.dll

      [color=#A23BEC]< MD5 for: KERNEL32.DLL >/color
      [2009/03/21 09:58:25 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=2087E2764822A8D93A4CA7FA0FED35E8 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
      [2008/04/13 22:33:28 | 001,054,720 | ---- | M] (Microsoft Corporation) MD5=3AC8886DFA5AB641417DF4D3B7F5512E -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kernel32.dll
      [2009/03/21 10:20:10 | 001,051,136 | ---- | M] (Microsoft Corporation) MD5=534040750B9E70B156A98F5D0E8F6D2A -- C:\WINDOWS\system32\dllcache\kernel32.dll
      [2009/03/21 10:20:10 | 001,051,136 | ---- | M] (Microsoft Corporation) MD5=534040750B9E70B156A98F5D0E8F6D2A -- C:\WINDOWS\system32\kernel32.dll
      [2007/04/16 11:53:11 | 001,049,600 | ---- | M] (Microsoft Corporation) MD5=6F1FE2AE7B22EB9CED1BFF533C9455EA -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
      [2009/03/21 10:07:58 | 001,054,720 | ---- | M] (Microsoft Corporation) MD5=98F08549604D090B6B2514AF845F329F -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
      [2009/03/21 10:00:17 | 001,056,768 | ---- | M] (Microsoft Corporation) MD5=C3AF0EEE26B59484E674673E3016AAB7 -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
      [2004/08/19 19:09:30 | 001,048,576 | ---- | M] (Microsoft Corporation) MD5=C88F74591579DBDE273C61312B2D3886 -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll

      [color=#A23BEC]< MD5 for: MSWSOCK.DLL >/color
      [2008/04/13 22:33:33 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=196CCC3FDD21665DCAA9F83FFC03B41A -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mswsock.dll
      [2008/06/20 13:37:01 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=4138FBDEDBC6FEAD215BB4C4B102F7DE -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
      [2008/06/20 13:47:22 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=58AF8498C62E1E1DAB5AE59C6E08C180 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
      [2004/08/19 19:09:34 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=6FA2DDF70DC9B762EBF8920F89B6BEA3 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
      [2004/08/19 19:09:34 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=6FA2DDF70DC9B762EBF8920F89B6BEA3 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
      [2008/06/20 13:41:06 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=8A52DE10680A40ECD04FA2C0FBC34190 -- C:\WINDOWS\system32\dllcache\mswsock.dll
      [2008/06/20 13:41:06 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=8A52DE10680A40ECD04FA2C0FBC34190 -- C:\WINDOWS\system32\mswsock.dll
      [2008/06/20 13:44:02 | 000,247,808 | ---- | M] (Microsoft Corporation) MD5=C759B3790D3BA760C52E218EF4886DAC -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

      [color=#A23BEC]< MD5 for: NDIS.SYS >/color
      [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
      [2004/08/04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
      [2004/08/04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

      [color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
      [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
      [2004/08/19 19:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
      [2004/08/19 19:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll
      [2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
      [2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

      [color=#A23BEC]< MD5 for: NTFS.SYS >/color
      [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\system32\dllcache\ntfs.sys
      [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\system32\drivers\ntfs.
      0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Relance OLTPE

    ?Copie la liste qui se trouve en gras ci-dessous,

    ? colle-la dans la zone sous "Personnalisation" :


    :OTL
    O4 - HKU\Baby_ON_C..\Run: [wjfrjCrTGl] C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe (NetInternals)

    :Files
    C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe

    :commands
    [emptytemp]


    Clique sur "Correction" pour lancer la suppression.

    redemarre le pc et dis moi ce que ca dit
    0
    1. djidji
       
      Bonjour moment de grace

      Comme demandé dans ton dernier message, j'ai effectué tes lignes de commandes dans OLTPE.

      J'ai rebooté, et j'avais tjs le meme message "disk failure".
      j'ai quand m^me pu lancé malware et au bout de 5 mn tout a rebooté.

      je suis donc repassé dans OLTPE, j'ai repris tes commandes du message d'hier à 18h44, puis rajouter celles du message de ce matin à 5h47 ( bonne nuit), j'ai tout fait executer, je suis aller dans ma registry via la cmd DOS d'OLTPE, réactiver dans la clé HKU mes TaskMGr, puis j'ai rebooté en mode echec.

      Surprise: le mesage avait disparu, j'ai lancé Malware et desinfecté les 6 problèmes rencontré.

      Maintenant j'ai rebooté en mode normal, je n'ai plus de message "disk failure", j'ai désactivé mon antivirus et je suis de nouveau en train de lancé malware pour un examen complet de la machine.
      Celà fait 15 minutes qu'il tourne, 0 fichier infecté pour l'instant et aucun message d'erreur.

      Je te remercie beaucoup pour ton aide très efficace.

      Je reposte un message quand tout aura été testé.
      0
  9. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    il faudrait que tu me postes des rapports stp...
    0
  10. djidji
     
    Jes suis désolé,, je n'ai pas gardé les derniers rapports.

    Voici la seule log qui me reste.

    Sinon tout fonctionne bien maintenant.

    ========== OTL ==========
    Registry value HKEY_USERS\Baby_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\wjfrjCrTGl deleted successfully.
    C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe moved successfully.
    ========== FILES ==========
    File\Folder C:\Documents and Settings\All Users\Application Data\wjfrjCrTGl.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 3145854 bytes
    ->Temporary Internet Files folder emptied: 213956 bytes

    User: All Users

    User: Babou
    ->Temp folder emptied: 18291640 bytes
    ->Temporary Internet Files folder emptied: 596943 bytes
    ->Flash cache emptied: 1527914 bytes

    User: Baby
    ->Temp folder emptied: 5242934 bytes
    ->Temporary Internet Files folder emptied: 52322825 bytes
    ->Google Chrome cache emptied: 9013385 bytes
    ->Flash cache emptied: 173118 bytes

    User: Default User
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 331 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 13725401 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Philippe

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19528 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34225799 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64767082 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 49046 bytes

    Total Files Cleaned = 194.00 mb

    OTLPE by OldTimer - Version 3.1.46.0 log created on 03162011_165550
    0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    oki

    apres MalwareByte's Anti-Malware et avoir posté le rapport

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    ou

    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/


    (outil de diagnostic)


    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur http://pjjoint.malekal.com/

    Clique sur "Parcourir "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message

    0
  12. djidji
     
    Resultat du diagnostic zhpdiag

    http://pjjoint.malekal.com/files.php?id=3d7ccbccf11387
    0