Se connecter / S'enregistrer
Votre question

...n'est pas une application win 32 valide, help

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Décembre 2008 01:44:03

Bonsoir,
Je reformule mon prededent post afin d'avoir une réponse, parce que je commence a bien galérer avec mon ordi. Les applications .exe ne se lancent plus, je n'ai plus de son et mes antivirus sont bloqués. A chaque fois j'ai le message suivant qui s'affiche: ... n'est pas une application win32 valide, ou encore... module spécifié introuvable. J'ai désinstallé antivir, tenté de mettre avast a la place mais ça échoue à chaque fois. Est-ce un virus, quelqu'un a-t-il la solution?

Merci.

Autres pages sur : application win valide help

29 Décembre 2008 12:41:08

Bonsoir,

Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.

  • Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    1 Janvier 2009 13:35:45

    ComboFix 08-12-31.01 - Badra 2009-01-01 13:19:00.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.597 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Badra\Bureau\combo-fix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\SystemDoctor Free
    c:\documents and settings\Badra\Application Data\SystemDoctor Free
    c:\documents and settings\Badra\err.log
    c:\documents and settings\Badra\ResErrors.log
    c:\documents and settings\Jérôme\Application Data\drivers\downld
    c:\documents and settings\Jérôme\Application Data\drivers\downld\100218.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\100234.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\100375.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1007375.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\100765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1007875.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1007921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\101734.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1025562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1025937.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1026015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\106421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\119093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\120578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\120750.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\120890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\121484.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\121812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\121921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\122593.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\122890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\125125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\125796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\128031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\128796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\129421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\129718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\142546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\143000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\158968.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\178515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\179187.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\179203.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\179843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\180421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\180484.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1922921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1923406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\193171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\194203.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\194421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\194875.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\1950546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195484.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195597171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195597718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195597734.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195604515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195626312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195626953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195627265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\195890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\196609.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\197000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\197453.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\197500.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\197515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\198312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\198812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\199140.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\199656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\199859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2037312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2037953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2038250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\209609.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\210750.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\211171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\211906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\212890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\213812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\214015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\214421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\215156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\215859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\217765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\219156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\220531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\221109.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\221421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\222328.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2227171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\222906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\223187.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2272640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2273046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2273062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\227796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2286953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2288125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2288546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2307796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2308359.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2308640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2321500.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2326312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2327031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2327468.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\232812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\233515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\233921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2344250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2353906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2354265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2354343.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\235703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\236406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\236734.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\236828.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\237265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\237578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\240109.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\240656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\240953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\245515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\249875.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\253078.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\253781.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\254250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\257765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\258500.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\258906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\260984.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\261343.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\261406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\270593.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\271031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\271109.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\282375.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\282796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\282859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\297468.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\297765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\298078.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\298109.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\298156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\298390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\320781.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\322765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\322953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\331812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\355921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\356578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\356937.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\407562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\409015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\409031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\412859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\419171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\419750.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\420062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\423312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\425718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\425734.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\439390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\440546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\440984.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\468390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\468968.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\469265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\479093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\508390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\513187.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\513953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\514437.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\544875.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\545640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\545703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\547468.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\548031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\548046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\560343.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\561640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\562062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\562796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\563484.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\564156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\564453.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\565546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\566953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\587640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\588234.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\588546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\594843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\600000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\601281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\603609.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\637984.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\638390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\638453.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\646062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\656234.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\657125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\657140.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\671421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\672546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\672953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\673656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\676687.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\678531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\688390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\688828.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\701765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\702968.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\703390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\707671.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\708328.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\708640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\733515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\734125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\734437.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\742046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\750078.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\750890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\751562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\756296.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\757406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\757484.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\763468.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\777531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\778921.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\779359.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\779406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\782281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\783000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\783421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\784906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\787421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\787718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\874562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\875078.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\88859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\90171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\90468.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\90578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\91093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\91390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\914875.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\91515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\91531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\915593.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\915625.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\916281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\916296.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\92296.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\929718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\930453.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\93062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\930843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\931265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\931625.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\93171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\932031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\932093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\93265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\932781.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\934281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\935328.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\93546.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\935656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\941578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\95250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\961953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\962562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\96281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\962859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\96328.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\96390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\969265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\97109.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\97125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\97140.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\975125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\976406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\976812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\978093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\978812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\979218.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\986750.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\98953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\994046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\994578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\994640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\995031.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\996796.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\998312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\srosa.sys
    c:\documents and settings\Jérôme\Application Data\drivers\srosa2.sys
    c:\documents and settings\Jérôme\Application Data\drivers\winupgro.exe
    c:\documents and settings\Jérôme\Application Data\m
    c:\documents and settings\Jérôme\Application Data\m\data.oct
    c:\documents and settings\Jérôme\Application Data\m\list.oct
    c:\documents and settings\Jérôme\Application Data\m\shared
    c:\documents and settings\Jérôme\Application Data\m\shared\3D Yellow Ribbons 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ABC Amber Paradox Converter 4.05.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ADMLink Network Inventory 1.81.703.13194.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Aimersoft DVD to iPod Converter 2.0.1.12.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Alien Technology 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Alt MP3 Bitrate Converter 2.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AmplifX 1.5.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Amplitude Imposer 1.00.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AS3 Class Diagram Viewer 0.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Audio Dub Pack 1.55.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Audio Producer 2006.8.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\avast!_4_Antivirus_Protection_Server_Edition_v4.1.63.[Crack].zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Avatar.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AVOne Pro Video Converter 3.61.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AyaNova 4.2.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\BeSure 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Biorythm 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\BTCrack 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Bulletin Wireless SMS Widget 2.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Chameleon Folder 1.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Client Keeper 1.0.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Color Cop 5.4.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ColorEdge 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Coloristic 1.6.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Cool DVD Ripper Platinum 5.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Cottage Rental Manager 3.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\CountryCodes 1.7.6.148.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\CRM Logical Database Diagrams 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Crypto Tools 1.01.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\DB Data Difftective 1.1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\DDManager 2.01.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Desktop Icon Toy 3.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Dial-Up VPN Password Recovery 2.1.7.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\DirMerge 1.0 beta.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\DivX Operational Player 1.35.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Easy Songwriter 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Evidence 6.22.14.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Ewido Anti-Malware 3.5Plus+Crack.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Excel Class .NET 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Exlib 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\EZSnap 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Fast Browser Pro 8.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Fast Duplicate File Finder 1.0.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\File Bar 0.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\FilePocket 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Find it! 1.11.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\GenesisIV 6.0.5.02.0002.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Gisele Bundchen 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\golf games screensaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\gps mobile n70 pt peerbox.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\HiTechy SnipClip 1.35.00.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Hollywood Hills 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\HomeSuite 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\HtmlPedigree 1.28.1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Icon Extractor 2.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IDAutomation Universal Barcode Font 8.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Igor Engraver 1.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IMDB Search Widget 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\iMediaCONVERT 3.3.23.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IntraSeek 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IP Anonymizer 3.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IRS 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\iVolume 3.1.4.2134.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IXAT 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Java Contactor 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\key_drweb_kasp.КЛЮЧ.ДЛЯ.Д.ВЕБ.И.КАСПЕРСКИЙ.ДО.2007.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\KingConvert For Archos404 605 4.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\List Media Player 1.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Lock it Easy 1.2.4.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\LongPlayer 1.01.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Loop Horse 3.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\McAfee_Total_Protection_2007_FR.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Mean Swapper 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\MEDA TXT2PDF 2.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\MedReader
    c:\documents and settings\Jérôme\Application Data\m\shared\Membership Librarian 98 1.6b.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\MiceWork Screen Saver 1.01.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Morpheus Turbo Booster 6.0.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Mortal Kombat Icons.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Mota Wallpaper Changer 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Mutron 1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\My Bug Free PC 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Nature of God Screen Saver 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Norman Vundo Cleaner 1.0.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Office Diary 2006 3.25.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\OSS Video Decompiler 5.5.0.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Pandora Recovery 2.0.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Password Hasher Opera Widget 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PDF Split-Merge COM Unlimited License 3.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Picture Finder Pro 2.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PitchDark for Fx 3.0.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Pixelate Edges Transparent 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PolyViz 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Processor Affinity Manager 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PyroDVD 1.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Quick Log 1.0.0.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\QuizPro 3.4.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Raven 1.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Registry Space Profiler 1.0.18 Beta 2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\RenameWiz 3.4.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Rulers 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Save Page As 0.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SimpleDOX 4.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SKIF PPDS 1.0.0 Build 1148.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SNMPTest 1.05 Build 28.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SoftWaterWare 1.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Solaris 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Speed Reader 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SQL Deadlock Detector 2.0.2008.416.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Stickam Widget 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SubFutzer 1.0.8.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Summer Beach Balls Screensaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Super Video To Audio Converter 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SWF 'n Slide Pro 1.028.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Symantec.LiveState.Recovery.Desktop.v3.0.WinALL.Cracked-iNFECTED.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Syncura Document Sharing Service 1.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Trackert 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Trellian WebTidy 1.0.3.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\TSMDBCombobox & TSMDBFilterCombobox components.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\uCertify Collection for test 70-210 70-215 6.10.05.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\USB-ToolBox 2.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\utility.-.AVG.Antivirus.Pro.v7.0.206+keygen.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Walk of Faith 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\WallMaster Pro 4.0a.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Web Form SPAM Protection 1.5.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Weight Loss 4 U 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\WeldSym 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\srvlist.oct
    C:\InfoSat.txt
    c:\program files\Fichiers communs\SystemDoctor
    c:\program files\Fichiers communs\SystemDoctor\err.log
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\fxstaller.exe
    c:\windows\system32\aahxsncf.ini
    c:\windows\system32\afmsxmuv.ini
    c:\windows\system32\aqunvrss.dll
    c:\windows\system32\aznsrd.dll
    c:\windows\system32\bajdnfom.ini
    c:\windows\system32\byXPHaAT.dll
    c:\windows\system32\ccrofusg.dll
    c:\windows\system32\efexfbps.dll
    c:\windows\system32\fwwangqn.ini
    c:\windows\system32\geBQIyYQ.dll
    c:\windows\system32\hwqpopvf.dll
    c:\windows\system32\iifdbAqp.dll
    c:\windows\system32\iiftgc.dll
    c:\windows\system32\imaywnqq.dll
    c:\windows\system32\ivbcocxw.dll
    c:\windows\system32\jkkJcYRj.dll
    c:\windows\system32\jxbdrl.dll
    c:\windows\system32\khgocpqq.ini
    c:\windows\system32\kkaskgon.dll
    c:\windows\system32\kpfjknkh.ini
    c:\windows\system32\krsnyqnx.dll
    c:\windows\system32\lpqzpe.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mdelk.exe
    c:\windows\system32\mofndjab.dll
    c:\windows\system32\MTtDcMoq.ini
    c:\windows\system32\MTtDcMoq.ini2
    c:\windows\system32\myihuu.dll
    c:\windows\system32\ngunicmx.dll
    c:\windows\system32\nipfsbjg.ini
    c:\windows\system32\NnnonUtv.ini
    c:\windows\system32\NnnonUtv.ini2
    c:\windows\system32\nqgnawwf.dll
    c:\windows\system32\nryhpofe.dll
    c:\windows\system32\opnnlKdB.dll
    c:\windows\system32\oucdmn.dll
    c:\windows\system32\pjgbrdjs.ini
    c:\windows\system32\pqAbdfii.ini
    c:\windows\system32\pqAbdfii.ini2
    c:\windows\system32\qbisiu.dll
    c:\windows\system32\qoMcDtTM.dll
    c:\windows\system32\qoMdBQKB.dll
    c:\windows\system32\qqnwyami.ini
    c:\windows\system32\qqpcoghk.dll
    c:\windows\system32\roqlnkbg.dll
    c:\windows\system32\rqRHbCtS.dll
    c:\windows\system32\rvgktkfp.dll
    c:\windows\system32\sanomscy.dll
    c:\windows\system32\sdjfzx.dll
    c:\windows\system32\ssqPJyxy.dll
    c:\windows\system32\ssrvnuqa.ini
    c:\windows\system32\TAaHPXyb.ini
    c:\windows\system32\TAaHPXyb.ini2
    c:\windows\system32\tbframnx.dll
    c:\windows\system32\tjoeqg.dll
    c:\windows\system32\urqNETkh.dll
    c:\windows\system32\vtUnonnN.dll
    c:\windows\system32\wintems.exe
    c:\windows\system32\wxcocbvi.ini
    c:\windows\system32\xrgset.dll
    c:\windows\system32\xwahyhgu.dll
    c:\windows\system32\xxyApQGW.dll
    c:\windows\system32\ycsmonas.ini
    c:\windows\system32\yoxhwf.dll
    c:\windows\system32\yvdwudod.dll
    c:\windows\system32\zupogg.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SK9OU0S
    -------\Legacy_SROSA
    -------\Service_sK9Ou0s


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 02:38 . 2008-12-29 02:38 <REP> d-------- C:\combo-fix.exe
    2008-12-29 00:53 . 2008-12-29 01:07 <REP> d-------- c:\documents and settings\Badra\Application Data\Free Download Manager
    2008-12-29 00:44 . 2008-12-29 00:44 <REP> d-------- c:\program files\Trend Micro
    2008-12-28 20:33 . 2008-12-28 20:33 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\windows\system32\ZoneLabs
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\program files\Zone Labs
    2008-12-28 20:31 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
    2008-12-28 20:31 . 2008-12-28 20:31 352,624 --a------ c:\windows\system32\vsconfig.xml
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\program files\ma-config.com
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2008-12-28 17:06 . 2009-01-01 13:28 <REP> d--h----- c:\documents and settings\Jérôme\Application Data\drivers
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt18.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata18.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt16.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata16.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 244 --ah----- C:\sqmnoopt15.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 232 --ah----- C:\sqmdata15.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 244 --ah----- C:\sqmnoopt14.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 232 --ah----- C:\sqmdata14.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 244 --ah----- C:\sqmnoopt13.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 232 --ah----- C:\sqmdata13.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt08.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata08.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 244 --ah----- C:\sqmnoopt07.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 232 --ah----- C:\sqmdata07.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 12:29 --------- d-----w c:\program files\Wanadoo
    2008-12-29 00:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-12-28 22:54 --------- d-----w c:\program files\Steam
    2008-12-28 18:54 --------- d-----w c:\program files\eMule
    2008-11-24 16:13 --------- d-----w c:\program files\Windows Live
    2008-11-24 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-21 21:36 --------- d-----w c:\documents and settings\Jérôme\Application Data\ArcSoft
    2008-11-21 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-21 16:31 --------- d-----w c:\program files\Fichiers communs\ArcSoft
    2008-11-21 16:31 --------- d-----w c:\program files\ArcSoft
    2008-11-20 19:36 --------- d-----w c:\documents and settings\Badra\Application Data\ArcSoft
    2007-08-15 22:39 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2008-10-05 14:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-10-05 14:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-10-05 14:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-10-05 14:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-10-05 14:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "WOOKIT"="c:\program files\Wanadoo\Shell.exe" [2004-08-23 122880]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-01 81000]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    --a------ 2007-12-23 00:03 916240 c:\program files\Eraser\Eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-10-08 09:07 1410296 c:\program files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Vietcong\\vietcong.exe"=
    "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\jerome664\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    S1 aswSP;avast! Self Protection; []
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
    S3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2007-08-16 281984]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-13 33752]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-12-19 195752]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-12 356920]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-01 c:\windows\Tasks\uigyxany.job
    - c:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{348B70B3-AA0C-4910-9D15-6539A7E22FA2} - c:\windows\system32\byXPHaAT.dll
    BHO-{7329abe3-34a2-4609-aa41-914402d13d20} - c:\windows\system32\qbisiu.dll
    BHO-{FFE0DACB-AB35-42B8-BC82-45771A29BFE2} - (no file)
    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
    Notify-WgaLogon - (no file)
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys
    SafeBoot-wd.sys
    SafeBoot-sacsvr


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: { - c:\program files\Messenger\msmsgs.exe
    TCP: {8CF39EB9-AAB3-4858-B8BF-BF34E93865E8} = 192.168.1.1

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
    c:\windows\Downloaded Program Files\hardwaredetection.inf

    c:\windows\System32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
    hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    c:\windows\Downloaded Program Files\gtdownde_110.inf
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 13:29:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\€*NULL*À`Ò*NULL*]
    @Security="Inherited"
    "DisplayName"="??"
    "DeviceDesc"="??"
    "ProviderName"="???\11? ?\11??"
    "MFG"="????"
    "ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\???\11\\DriverFiles\\.INF"
    "DeviceInstanceIds"=multi:"c:\\dell\\drivers\\r119714\\driver\\xp_inf\\cx_30546.inf\00"

    [HKEY_LOCAL_MACHINE\software\SigmaTel\GlobalState]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Denied: (Full) (Guests)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (B 1 2 3 4 5) (S-1-5-4)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\FTRTSVC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\Wanadoo\TaskBarIcon.exe
    c:\program files\Wanadoo\GestionnaireInternet.exe
    c:\program files\Wanadoo\ComComp.exe
    c:\program files\Wanadoo\Toaster.exe
    c:\program files\Wanadoo\Inactivity.exe
    c:\program files\Wanadoo\PollingModule.exe
    c:\windows\system32\AlertModule\AlertModule.exe
    c:\program files\Wanadoo\Watch.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\progra~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-01 13:34:12 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-01 12:34:09

    Avant-CF: 29 185 306 624 octets libres
    Après-CF: 29,693,710,336 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

    737 --- E O F --- 2008-12-18 02:01:01
    Contenus similaires
    1 Janvier 2009 13:47:50

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    1 Janvier 2009 17:22:43

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1589
    Windows 5.1.2600 Service Pack 2

    01/01/2009 17:18:31
    mbam-log-2009-01-01 (17-18-31).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 118991
    Temps écoulé: 2 hour(s), 48 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 105

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Documents and Settings\Jérôme\Application Data\drivers\srosa2.sys.vir (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aqunvrss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\aznsrd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPHaAT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ccrofusg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efexfbps.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\geBQIyYQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hwqpopvf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iifdbAqp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iiftgc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\imaywnqq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ivbcocxw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkJcYRj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jxbdrl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kkaskgon.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\krsnyqnx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lpqzpe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mofndjab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\myihuu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ngunicmx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nqgnawwf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nryhpofe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnlKdB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\oucdmn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qbisiu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMcDtTM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMdBQKB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qqpcoghk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\roqlnkbg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRHbCtS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rvgktkfp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sanomscy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sdjfzx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPJyxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tbframnx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tjoeqg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNETkh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUnonnN.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xrgset.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xwahyhgu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyApQGW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yoxhwf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yvdwudod.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\zupogg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP618\A0066049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP621\A0066285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP621\A0066286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP621\A0066295.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP621\A0066313.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP621\A0066338.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP623\A0066384.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP624\A0066422.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP624\A0066440.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP624\A0066504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP624\A0066517.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP624\A0066535.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP625\A0066664.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP625\A0066681.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP625\A0066695.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP625\A0066977.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP625\A0066978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067351.sys (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067360.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067362.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067364.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067366.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067367.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067368.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067372.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067377.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067378.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067379.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067381.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067382.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067387.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067388.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067391.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067392.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067397.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067404.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067406.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{091888E3-DE1A-4C41-8226-69EAA6254D59}\RP626\A0067414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    1 Janvier 2009 21:37:40

    Bonsoir, y a t il quelqu'un pour analyser mon scan? Merci et bonne année.
    2 Janvier 2009 11:52:24

    Pas de réponse?
    2 Janvier 2009 12:50:13

    Re,

    Sois patient :) 

    Poste un nouveau rapport ComboFix.
    2 Janvier 2009 16:52:51

    ComboFix 08-12-31.01 - Badra 2009-01-02 15:58:05.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.566 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Badra\Bureau\combo-fix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jérôme\Application Data\drivers\downld
    c:\documents and settings\Jérôme\Application Data\drivers\downld\100250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\184250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\188375.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\189375.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\189593.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\218250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\219125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\219140.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\232171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\233406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\233843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\234531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\235203.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\235625.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\252937.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\254781.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\255343.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\255656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\258671.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2591906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2592312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2592328.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\259640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2597187.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\259859.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2620156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2620843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2621156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\262765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2633890.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\273781.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\274000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\274015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2775718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2781531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2782703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2782906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2814765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2815703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2828765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2830046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2830703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2831718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2832671.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2833156.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2854125.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2854671.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2855000.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2864640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2870734.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2870953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2871015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2888015.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2898515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2898906.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\2899062.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\304234.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\304562.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\304609.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\333656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\337500.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\337515.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\352296.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\353437.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\353843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\354578.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\355281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\355718.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\375687.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\376296.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\376609.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\385265.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\392531.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\392750.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\392765.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\418312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\418640.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\418703.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\59390.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\60218.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\60312.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\61234.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\61250.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\66078.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\67171.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\84656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\85421.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\85812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\86046.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\86656.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\86953.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\8695843.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\8696281.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\8701140.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\99984.exe
    c:\documents and settings\Jérôme\Application Data\drivers\srosa.sys
    c:\documents and settings\Jérôme\Application Data\drivers\srosa2.sys
    c:\documents and settings\Jérôme\Application Data\drivers\winupgro.exe
    c:\documents and settings\Jérôme\Application Data\m
    c:\documents and settings\Jérôme\Application Data\m\data.oct
    c:\documents and settings\Jérôme\Application Data\m\list.oct
    c:\documents and settings\Jérôme\Application Data\m\shared
    c:\documents and settings\Jérôme\Application Data\m\shared\(Dj.Shanti).Panda.Titanium.2006.V5.Antivirus.Antispyware.(Español.y.Crackeado).zip
    c:\documents and settings\Jérôme\Application Data\m\shared\@PROMT French-Spanish Professional Translator 7.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\4RealFX for DFX 2.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AA File Sharing 1.6.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AajaxSurrealFreak.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Acrolexic 2.0.201.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Active Menu 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AES Password Manager 2.6.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AirEQ 1.3.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Ap PDF to Image converter 3.6.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Argente - Registry Cleaner 1.5.1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Aries Icons.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Aspose.Words for Reporting Services 2.2.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AstrologyExplorer3D 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Audio WAV to MP3 Converter 1.3.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Avast.Pro.v4.7.892.German.Incl.Keymaker-CORE.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AVI to DVD Maker 1.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\AyeConvert 1.20.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\BabelPix 1.0.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Bookmark Trash 0.1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Button Up! Screensaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Cell Phone DVD Converter 3.2.6.40.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Coda codec pack 3.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Cool Mixer 99 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\CPLAT II 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\D-Soft HTML Wizard 0.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Desktop Reminder 1.0.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Direct Registry Browser 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Doc.Em 1.15.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Duplicate Finder 3.5.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\DVD To AVI Converter 1.00.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\dwgConvert 4.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Earth Screensaver.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Easy Sunday School Administrator 3.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Emailchef 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Eset Nod32 Antivirus Administrator Edition v2.50.16-Dvt For Win98 Me.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Ewido.Anti-Spyware.v.4.0.0.172.plus.+.serial.(03-02-2007).by.Rocco[ITA].updated-fixed.01-2007.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\F-Secure Anti-Virus for MIMEsweeper 5.61.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\FAT32 for Windows NT 4.0 1.06.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\FeedAmasser 2.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Folder2Junction 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\FolderISO 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Forrest Gump Screensaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Glass Orb icons.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\GoogRankCmd 1.01.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Gusto MiniCinema 1.40.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\HideHelper - Hide windows and tray icons 5.3.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Honda S2000 Screensaver 1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\i.Mage 1.09.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\IL Radio 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ImgConverter 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\KartOO Meta Search 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Kaspersky.Personal.Security.Suite.Antispam.Antihacker.Keys.2007.(Todo.Espa繩Ol-Spanish).zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Kaspersky.Personal.Security.Suite.Serials.All.versions.infos.2006.fr.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\KeyLaunch 2.1.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Lastcomfort Active Shield 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\LinkChecker 0.6.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\lock and go 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\MadLogic ScreenShot 1.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Magic City screensaver.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Magnetic Cascades Screensaver.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Making the Start in the Sawdust Life 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Message Of The Day Mover 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Microsoft Junk E-mail Reporting Tool for Microsoft Office Outlook 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Miscellaneous Icon Set 2.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\My Password Manager for Pocket PC 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\myPdf3 1.9.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\n-Pass Pro 2.7.0.445.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\NabStuff Extractor 1.0.19.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Namexif 1.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\NETClick 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\NetSender 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Nexgen Server SDK 3.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Norton.Antivirus.2007.Crack.Key.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Notes 1.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\OggFix 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\On-Screen Keyboard Magic 1.0.0.27.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\OPCNetListener 2.20.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\OptiVec for Visual C++ 5.2.3.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Origami Master.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\OTrader Portfolio Management 4.1.14.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Paprotka ScreenSaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Paradox to Sybase SQL Anywhere Conversion Software 7.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Paranormal Research Filer 3.4.4.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\pdfDeliver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PerfectDisk 2008 Build 64.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Philipp Winterberg Guatemala 2.00.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Pick Random From M3U 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Power Capture 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\PQ Talking Photo.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Private Eye 2.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ProcessInfo 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ProstoDiskCleaner 2.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ReaSoft Network Firewall 2.50.269.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Recovery Commander 3.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\refspoof 0.9.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Rename Master 2.9.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ResChange 3.12.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Rumshot 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\screenMX 4.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Service Hawk 2.2.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\SnagIt Movable Type Blogging Output 1.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Softboy.net On Screen Keyboard .080910.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Spleak Yahoo Widget 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\StartMenu Cleaner 1.11.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Symantec.Norton.Password.Manager.2004.+.keygen.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Symantec.Pc.Anywhere.12.Full.Retail.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\The Letterhead Kit 7.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\TransportNext March 08.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Tray Bar Lite 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\TrayPing 1.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\UnixCrypt 1.2.2.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Unlinker by twinturbo.org 1.3.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Unreal 2004 Key Changer 1.2.0.1.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Waterfall Beauty Screen Saver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Widget Gallery Counter 2.7.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Wigs 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Win Backup Software 1.7.5.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Windows XP Unofficial TheHotfix.net Pack -.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Winter Thaw Screensaver 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Working Model of a Genuine Tourbillon Wrist Watch 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Xenical 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Yahoo Auto Reply 3.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ZENifier 1.0.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\Zip Password Recovery 2.05.zip
    c:\documents and settings\Jérôme\Application Data\m\shared\ZoneIDTrimmer 1.0.0.zip
    c:\documents and settings\Jérôme\Application Data\m\srvlist.oct
    c:\windows\system32\ban_list.txt
    c:\windows\system32\mdelk.exe
    c:\windows\system32\wintems.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\documents and settings\Badra\Application Data\Malwarebytes
    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-01 14:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-01 14:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-29 02:38 . 2008-12-29 02:38 <REP> d-------- C:\combo-fix.exe
    2008-12-29 00:53 . 2008-12-29 01:07 <REP> d-------- c:\documents and settings\Badra\Application Data\Free Download Manager
    2008-12-29 00:44 . 2008-12-29 00:44 <REP> d-------- c:\program files\Trend Micro
    2008-12-28 20:33 . 2008-12-28 20:33 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\windows\system32\ZoneLabs
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\program files\Zone Labs
    2008-12-28 20:31 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
    2008-12-28 20:31 . 2008-12-28 20:31 352,624 --a------ c:\windows\system32\vsconfig.xml
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\program files\ma-config.com
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2008-12-28 17:06 . 2009-01-02 16:04 <REP> d--h----- c:\documents and settings\Jérôme\Application Data\drivers
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt18.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata18.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt16.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata16.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 244 --ah----- C:\sqmnoopt15.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 232 --ah----- C:\sqmdata15.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 244 --ah----- C:\sqmnoopt14.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 232 --ah----- C:\sqmdata14.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 244 --ah----- C:\sqmnoopt13.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 232 --ah----- C:\sqmdata13.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt08.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata08.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 244 --ah----- C:\sqmnoopt07.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 232 --ah----- C:\sqmdata07.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-02 15:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-02 15:05 --------- d-----w c:\program files\Wanadoo
    2009-01-01 13:08 --------- d-----w c:\program files\Google
    2008-12-28 22:54 --------- d-----w c:\program files\Steam
    2008-12-28 18:54 --------- d-----w c:\program files\eMule
    2008-11-24 16:13 --------- d-----w c:\program files\Windows Live
    2008-11-24 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-21 21:36 --------- d-----w c:\documents and settings\Jérôme\Application Data\ArcSoft
    2008-11-21 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-21 16:31 --------- d-----w c:\program files\Fichiers communs\ArcSoft
    2008-11-21 16:31 --------- d-----w c:\program files\ArcSoft
    2008-11-20 19:36 --------- d-----w c:\documents and settings\Badra\Application Data\ArcSoft
    2007-08-15 22:39 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2008-10-05 14:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-10-05 14:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-10-05 14:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-10-05 14:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-10-05 14:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-01_13.33.09.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-01-09 22:46:53 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\update.exe
    + 2009-01-02 10:42:00 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\update.exe
    - 2004-01-09 22:46:53 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\update.exe
    + 2009-01-02 10:42:00 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\update.exe
    - 2003-07-15 00:41:14 441,856 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\update.exe
    + 2009-01-02 10:42:00 441,856 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\update.exe
    - 2003-03-21 14:55:08 420,864 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\update.exe
    + 2009-01-02 10:42:00 420,864 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\update.exe
    - 2004-08-19 23:09:34 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
    + 2004-02-23 20:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
    + 1996-01-12 17:00:00 24,576 ----a-w c:\windows\system32\STKIT432.DLL
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "WOOKIT"="c:\program files\Wanadoo\Shell.exe" [2004-08-23 122880]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-01 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    --a------ 2007-12-23 00:03 916240 c:\program files\Eraser\Eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-10-08 09:07 1410296 c:\program files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Vietcong\\vietcong.exe"=
    "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\jerome664\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    S3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2007-08-16 281984]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-13 33752]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-12-19 195752]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-12 356920]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-02 c:\windows\Tasks\uigyxany.job
    - c:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: { - c:\program files\Messenger\msmsgs.exe
    TCP: {8CF39EB9-AAB3-4858-B8BF-BF34E93865E8} = 192.168.1.1

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
    c:\windows\Downloaded Program Files\hardwaredetection.inf

    c:\windows\System32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
    hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    c:\windows\Downloaded Program Files\gtdownde_110.inf
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-02 16:05:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\.Default\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\CCSelect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Close\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Alarme batterie.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Insertion d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Suppression d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Échec d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\InternetAlert\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Batterie déchargée.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MailBeep\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Avertir.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Maximize\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Minimize\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Open\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\ShowBand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Erreur.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExit\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Arrêt du système.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemHand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Arrêt critique.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Infobulle.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemStart\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Démarrage.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Fermeture de session.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Ouverture de session.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Participant\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="c:\\Program Files\\NetMeeting\\Blip.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Recevoir l'appel\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="RingIn.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="RingIn.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Sortant\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="c:\\Program Files\\NetMeeting\\Blip.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="Windows XP Fenêtre publicitaire intempestive bloquée.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Corbeille.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\Navigating\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="Windows XP Barre d'informations.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\online.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\newalert.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\newemail.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\type.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\WLXPhotoGallery\WindowsPhotoGalleryChangeMetadata\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Windows Live\\Photo Gallery\\ChangeMetadata.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Names\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="son"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\€*NULL*À`Ò*NULL*]
    @Security="Inherited"
    "DisplayName"="??"
    "DeviceDesc"="??"
    "ProviderName"="???\11? ?\11??"
    "MFG"="????"
    "ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\???\11\\DriverFiles\\.INF"
    "DeviceInstanceIds"=multi:"c:\\dell\\drivers\\r119714\\driver\\xp_inf\\cx_30546.inf\00"

    [HKEY_LOCAL_MACHINE\software\SigmaTel\GlobalState]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Denied: (Full) (Guests)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (B 1 2 3 4 5) (S-1-5-4)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(684)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\FTRTSVC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\Wanadoo\TaskBarIcon.exe
    c:\program files\Wanadoo\GestionnaireInternet.exe
    c:\program files\Wanadoo\ComComp.exe
    c:\program files\Wanadoo\Toaster.exe
    c:\program files\Wanadoo\Inactivity.exe
    c:\program files\Wanadoo\PollingModule.exe
    c:\windows\system32\AlertModule\AlertModule.exe
    c:\program files\Wanadoo\Watch.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-02 16:10:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-02 15:10:52
    ComboFix2.txt 2009-01-01 12:34:13

    Avant-CF: 29 294 903 296 octets libres
    Après-CF: 29,289,357,312 octets libres

    936 --- E O F --- 2008-12-18 02:01:01
    2 Janvier 2009 21:52:08

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    c:\windows\Tasks\uigyxany.job


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    3 Janvier 2009 02:01:23

    ComboFix 08-12-31.01 - Badra 2009-01-03 1:48:54.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.550 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Badra\Bureau\combo-fix.exe
    Commutateurs utilisés :: c:\documents and settings\Badra\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\Tasks\uigyxany.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jérôme\Application Data\drivers\downld
    c:\documents and settings\Jérôme\Application Data\drivers\downld\14290406.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\14290812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\14466218.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\14466812.exe
    c:\documents and settings\Jérôme\Application Data\drivers\downld\14467093.exe
    c:\documents and settings\Jérôme\Application Data\drivers\srosa.sys
    c:\documents and settings\Jérôme\Application Data\drivers\srosa2.sys
    c:\documents and settings\Jérôme\Application Data\drivers\winupgro.exe
    c:\windows\Tasks\uigyxany.job

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-03 au 2009-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\documents and settings\Badra\Application Data\Malwarebytes
    2009-01-01 14:16 . 2009-01-01 14:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-01 14:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-01 14:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-29 02:38 . 2008-12-29 02:38 <REP> d-------- C:\combo-fix.exe
    2008-12-29 00:53 . 2008-12-29 01:07 <REP> d-------- c:\documents and settings\Badra\Application Data\Free Download Manager
    2008-12-29 00:44 . 2008-12-29 00:44 <REP> d-------- c:\program files\Trend Micro
    2008-12-28 20:33 . 2008-12-28 20:33 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\windows\system32\ZoneLabs
    2008-12-28 20:31 . 2008-12-28 20:31 <REP> d-------- c:\program files\Zone Labs
    2008-12-28 20:31 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
    2008-12-28 20:31 . 2008-12-28 20:31 352,624 --a------ c:\windows\system32\vsconfig.xml
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\program files\ma-config.com
    2008-12-28 20:10 . 2008-12-28 20:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2008-12-28 17:06 . 2009-01-03 01:49 <REP> d--h----- c:\documents and settings\Jérôme\Application Data\drivers
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 244 --ah----- C:\sqmnoopt18.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata19.sqm
    2008-12-28 02:08 . 2008-12-28 02:08 232 --ah----- C:\sqmdata18.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 244 --ah----- C:\sqmnoopt16.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata17.sqm
    2008-12-28 02:07 . 2008-12-28 02:07 232 --ah----- C:\sqmdata16.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 244 --ah----- C:\sqmnoopt15.sqm
    2008-12-28 00:35 . 2008-12-28 00:35 232 --ah----- C:\sqmdata15.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 244 --ah----- C:\sqmnoopt14.sqm
    2008-12-23 01:44 . 2008-12-23 01:44 232 --ah----- C:\sqmdata14.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 244 --ah----- C:\sqmnoopt13.sqm
    2008-12-19 01:20 . 2008-12-19 01:20 232 --ah----- C:\sqmdata13.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 244 --ah----- C:\sqmnoopt08.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata12.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata11.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata10.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata09.sqm
    2008-12-07 03:35 . 2008-12-07 03:35 232 --ah----- C:\sqmdata08.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 244 --ah----- C:\sqmnoopt07.sqm
    2008-12-07 03:34 . 2008-12-28 02:09 232 --ah----- C:\sqmdata07.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-03 00:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-03 00:52 --------- d-----w c:\program files\Wanadoo
    2009-01-01 13:08 --------- d-----w c:\program files\Google
    2008-12-28 22:54 --------- d-----w c:\program files\Steam
    2008-12-28 18:54 --------- d-----w c:\program files\eMule
    2008-11-24 16:13 --------- d-----w c:\program files\Windows Live
    2008-11-24 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-21 21:36 --------- d-----w c:\documents and settings\Jérôme\Application Data\ArcSoft
    2008-11-21 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-21 16:31 --------- d-----w c:\program files\Fichiers communs\ArcSoft
    2008-11-21 16:31 --------- d-----w c:\program files\ArcSoft
    2008-11-20 19:36 --------- d-----w c:\documents and settings\Badra\Application Data\ArcSoft
    2007-08-15 22:39 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2008-10-05 14:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-10-05 14:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-10-05 14:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-10-05 14:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-10-05 14:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-01_13.33.09.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-01-09 22:46:53 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\update.exe
    + 2009-01-02 10:42:00 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\update.exe
    - 2004-01-09 22:46:53 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\update.exe
    + 2009-01-02 10:42:00 580,096 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\update.exe
    - 2003-07-15 00:41:14 441,856 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\update.exe
    + 2009-01-02 10:42:00 441,856 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\update.exe
    - 2002-09-21 10:44:10 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\update.exe
    + 2009-01-02 10:42:00 282,624 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\update.exe
    - 2002-11-14 08:01:18 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\update.exe
    + 2009-01-02 10:42:00 418,816 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\update.exe
    - 2003-03-21 14:55:08 420,864 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\update.exe
    + 2009-01-02 10:42:00 420,864 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\update.exe
    - 2004-08-19 23:09:34 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
    + 2004-02-23 20:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
    + 1996-01-12 17:00:00 24,576 ----a-w c:\windows\system32\STKIT432.DLL
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "WOOKIT"="c:\program files\Wanadoo\Shell.exe" [2004-08-23 122880]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-01 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    --a------ 2007-12-23 00:03 916240 c:\program files\Eraser\Eraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-10-08 09:07 1410296 c:\program files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Vietcong\\vietcong.exe"=
    "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\jerome664\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    S3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2007-08-16 281984]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-13 33752]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-12-19 195752]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-12 356920]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: { - c:\program files\Messenger\msmsgs.exe
    TCP: {8CF39EB9-AAB3-4858-B8BF-BF34E93865E8} = 192.168.1.1

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
    c:\windows\Downloaded Program Files\hardwaredetection.inf

    c:\windows\System32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
    hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    c:\windows\Downloaded Program Files\gtdownde_110.inf
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-03 01:51:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\.Default\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\CCSelect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Close\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Alarme batterie.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Insertion d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Suppression d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Échec d'un matériel.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\InternetAlert\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Batterie déchargée.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MailBeep\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Avertir.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Maximize\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Minimize\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\Open\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\ShowBand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Erreur.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExit\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Arrêt du système.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemHand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Arrêt critique.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Infobulle.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemStart\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Démarrage.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Fermeture de session.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Ouverture de session.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Participant\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="c:\\Program Files\\NetMeeting\\Blip.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Recevoir l'appel\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="RingIn.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="RingIn.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Conf\Sortant\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="c:\\Program Files\\NetMeeting\\Blip.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="Windows XP Fenêtre publicitaire intempestive bloquée.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=expand:"%SystemRoot%\\media\\Windows XP Corbeille.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\Navigating\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @=""

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="Windows XP Barre d'informations.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\online.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\newalert.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\newemail.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Messenger\\type.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Apps\WLXPhotoGallery\WindowsPhotoGalleryChangeMetadata\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security="Inherited"
    @="c:\\Program Files\\Windows Live\\Photo Gallery\\ChangeMetadata.wav"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\AppEvents\Schemes\Names\s*NULL*o*NULL*n*NULL*0*NULL*Î=]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    @="son"

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-1645522239-2000478354-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (S-1-5-21-1645522239-2000478354-839522115-1004)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\€*NULL*À`Ò*NULL*]
    @Security="Inherited"
    "DisplayName"="??"
    "DeviceDesc"="??"
    "ProviderName"="???\11? ?\11??"
    "MFG"="????"
    "ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\???\11\\DriverFiles\\.INF"
    "DeviceInstanceIds"=multi:"c:\\dell\\drivers\\r119714\\driver\\xp_inf\\cx_30546.inf\00"

    [HKEY_LOCAL_MACHINE\software\SigmaTel\GlobalState]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-1645522239-2000478354-839522115-1003
    @Denied: (Full) (Guests)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (B 1 2 3 4 5) (S-1-5-4)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\FTRTSVC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Wanadoo\TaskBarIcon.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\Wanadoo\GestionnaireInternet.exe
    c:\program files\Wanadoo\ComComp.exe
    c:\program files\Wanadoo\Toaster.exe
    c:\program files\Wanadoo\Inactivity.exe
    c:\program files\Wanadoo\PollingModule.exe
    c:\windows\system32\AlertModule\AlertModule.exe
    c:\program files\Wanadoo\Watch.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-03 1:56:34 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-03 00:56:31
    ComboFix2.txt 2009-01-02 15:10:56
    ComboFix3.txt 2009-01-01 12:34:13

    Avant-CF: 29 313 810 432 octets libres
    Après-CF: 29,305,638,912 octets libres

    713 --- E O F --- 2008-12-18 02:01:01
    3 Janvier 2009 22:14:15

    Re,

    Télécharge Elibagla au bas de cette page.
    Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !

  • Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton Bureau.
  • Lance le en double cliquant dessus.
  • Vérifie que dans le menu déroulant Unidad, il y ait bien la racine de la racine de la partition où est installé Windows, généralement -> C:\
  • L'option Eliminar Ficheros Automaticamente doit également être cochée.
  • Clique sur Explorar pour lancer l'analyse.
  • Poste le rapport généré en fin fin d'analyse.

    Note : Le rapport se trouve ici : C:\infosat.txt
    4 Janvier 2009 02:11:51


    Sun Jan 04 01:26:28 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Sun Jan 04 01:26:31 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Sun Jan 04 01:42:05 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Sun Jan 04 01:42:11 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Sun Jan 04 01:43:18 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Sun Jan 04 01:43:26 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Sun Jan 04 01:43:48 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Sun Jan 04 01:59:58 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Sun Jan 04 02:00:25 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"
    C:\Qoobox\Quarantine\C\Documents and Settings\Jérôme\Application Data\drivers\SROSA.SYS.VIR --> Eliminado Bagle(rootkit)

    Nº Total de Directorios: 5368
    Nº Total de Ficheros: 63825
    Nº de Ficheros Analizados: 12534
    Nº de Ficheros Infectados: 1
    Nº de Ficheros Limpiados: 1
    5 Janvier 2009 10:16:30

    Quelqu'un pour lire mon rapport?
    5 Janvier 2009 12:51:20

    Ca serait sympa.
    5 Janvier 2009 17:10:13

    Re,

    Sois patient.

    Tu utilises des cracks ?

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    6 Janvier 2009 16:28:31

    Salut, j'ai voulu updater kaspersky comme ils le proposent sur ton lien et ça a échoué à la fin. Donc il n'y a pas moyen d'utiliser kaspersky et d'effectuer le scan. Hijackthis ne se lance pas. Dois-je le réinstaller? As tu un lien à me proposer?
    7 Janvier 2009 14:24:11

    Re,

    Télécharge Lop S&D.exe (d’ Eric 71) sur ton Bureau.

  • Double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS