Trojan dropper/trojan downloader [RÉSOLU] - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Trojan dropper/trojan downloader [RÉSOLU]
 
scarbo
Profil : IDNaute
Plus d'informations
n°275334
22-01-2008 à 05:34:09

Bonjour,

Suite à des problèmes avec mon navigateur internet, j'ai décidé de faire une analyse avec kaspersky online et il a détecté 2 virus (8 objets infectés)

Quelqu'un peut m'aidé?

Je colle un résumé de l'analyse ainsi qu'un rapport hijackthis

Merci d'avance

kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
08-01-21 08:27
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 21/01/2008
Enregistrements dans la base antivirus Kaspersky : 491073
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\

Statistiques de l'analyse:
Total d'objets analysés: 373010
Nombre de virus trouvés: 2
Nombre d'objets infectés: 8 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:46:34

Nom de l'objet infecté / Nom du virus / Dernière action

C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\131474_3732_572_2960.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\131758_3800_584_2296.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\197222_3732_572_3824.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\262646_3800_584_3888.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\393416_2928_584_3108.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Local Settings\Temp\590146_3732_572_2256.26962.tmp Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Mes documents\téléchargements\Google_Earth_BZXD.exe Infecté : Trojan-Dropper.Win32.Agent.dsm ignoré
C:\WINDOWS\system32\e404d.dll Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Francis\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/CA/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ [...] .6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://scarbo1966.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-C [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5783944484
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/download [...] _Win32.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O21 - SSODL: E404Helper - {db8368dc-6fa0-41a3-b04b-96789df1d1ff} - e404d.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11785 bytes


Message édité par scarbo le 30-01-2008 Ã  20:40:27
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Eric_71
Profil : Helper
Plus d'informations
n°275378
22-01-2008 à 12:56:22


Bonjour ,

Télécharge Smitfraudfix [:eric_71:7] < ici

Enregistre le sur ton bureau

Double clique sur SmitfraudFix.exe ( le .exe peut ne pas apparaitre )
Choisis ensuite l'Option 1 ( Recherche )

Poste le rapport généré


---------------
- Comment Fixer avec HiJackThis -
- Mode Sans Echec -
scarbo
Profil : IDNaute
Plus d'informations
n°275391
22-01-2008 à 14:40:02

re,

voici le rapport

SmitFraudFix v2.274

Rapport fait à 8:30:13.46, 22/01/2008
Executé à partir de C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SUESIM~1.000\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

xpdx détecté, utilisez un scanner de Rootkit


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E06B9EB-3071-4E9F-BCFB-65606A738232}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E06B9EB-3071-4E9F-BCFB-65606A738232}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E06B9EB-3071-4E9F-BCFB-65606A738232}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

scarbo
Profil : IDNaute
Plus d'informations
n°275473
22-01-2008 à 17:58:50

Bonjour,
que dois-je faire ensuite?

scarbo
Profil : IDNaute
Plus d'informations
n°275568
22-01-2008 à 20:04:16

Je remonte mon message

scarbo
Profil : IDNaute
Plus d'informations
n°275620
22-01-2008 à 21:35:44

Je remonte encore!!!

Eric_71
Profil : Helper
Plus d'informations
n°275625
22-01-2008 à 21:40:33


Re , il faut être patient

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

scarbo
Profil : IDNaute
Plus d'informations
n°275727
23-01-2008 à 01:41:59

Re, je ne suis pas impatiente, c'est simplement que je ne veux pas voir mon message se perde dans les autres pages. Désolée :)
Merci de ton aide.

Voici le rapport:

ComboFix 08-01-23.1 - Sue Sims2 2008-01-22 19:13:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.588 [GMT -5:00]
Endroit: C:\Documents and Settings\Sue Sims2.SUZANNE-9YTGV4T.000\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware349
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaykeyword.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ebaysearch.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\horoscopes.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Error.xml
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware349\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware349\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349
C:\Documents and Settings\Francis\Application Data\Starware349\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Francis\Application Data\Starware349\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Configurator\Configurator.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Configurator\Configurator.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Games\GamesOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Games\GamesOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Manager\ManagerOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Movies\MoviesOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Reference\ReferenceOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Francis\Application Data\Starware349\Weather\AlertArchive.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Weather\WeatherOptions.xml
C:\Documents and Settings\Francis\Application Data\Starware349\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349
C:\Documents and Settings\Karine_2\Application Data\Starware349\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Configurator\Configurator.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Configurator\Configurator.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\EbaySearch\EbaySearchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Games\GamesOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Games\GamesOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Horoscopes\HoroscopesOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Layouts\PitchLayout.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Manager\ManagerOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Movies\MoviesOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Reference\ReferenceOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Karine_2\Application Data\Starware349\Weather\AlertArchive.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Weather\WeatherOptions.xml
C:\Documents and Settings\Karine_2\Application Data\Starware349\Weather\WeatherOptions.xml.backup
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\Starware349
C:\Program Files\Starware349\brand.bmp
C:\Program Files\Starware349\Starware349Config.xml
C:\Program Files\Starware349\Starware349Uninstall.exe
C:\RECYCLER\RB1.tmp
C:\RECYCLER\RB2.tmp
C:\RECYCLER\RB2B.tmp
C:\RECYCLER\RB3.tmp
C:\RECYCLER\RB4.tmp
C:\RECYCLER\RB5.tmp
C:\RECYCLER\RBB3.tmp
C:\RECYCLER\RBCB.tmp
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\e404d.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\Web\Wallpaper\ntp2.ini
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTMLSVC
-------\xpdx


((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-22 19:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 08:30 . 2008-01-22 08:34 2,660 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 08:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-22 08:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-22 08:29 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-22 08:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-22 08:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-22 08:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-21 22:24 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-21 22:24 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-21 22:23 . 2008-01-21 22:23 <REP> d-------- C:\Program Files\Raxco
2008-01-21 22:23 . 2008-01-21 22:23 <REP> d-------- C:\Program Files\Fichiers communs\Scanner
2008-01-21 22:23 . 2008-01-21 22:23 <REP> d-------- C:\Program Files\Fichiers communs\Authentium
2008-01-21 22:23 . 2008-01-21 22:23 <REP> d-------- C:\Program Files\CA
2007-12-29 15:16 . 2007-12-29 15:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-29 15:16 . 2007-12-29 15:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 13:35 --------- d-----w C:\Program Files\flashget
2008-01-22 03:22 --------- d-----w C:\Program Files\Bell
2008-01-22 03:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 19:36 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 19:36 --------- d-----w C:\Program Files\SwiftSwitch Lite
2007-12-30 19:32 --------- d-----w C:\Program Files\Attack on Pearl Harbor Demo
2007-12-19 17:21 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-19 17:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-19 17:06 --------- d-----w C:\Program Files\Sony
2007-12-19 17:06 --------- d-----w C:\Program Files\Flying Lab Software
2007-12-19 16:47 --------- d-----w C:\Program Files\Sims2Pack Clean Installer
2007-12-17 23:38 --------- d-----w C:\Program Files\Disney
2007-12-17 04:34 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 04:34 --------- d-----w C:\Program Files\Messenger Plus! Live
2006-10-06 19:47 22 ----a-w C:\Program Files\rs.abc
2005-03-14 15:58 25 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-08-17 05:05 56 --sh--r C:\WINDOWS\system32\63545DEEAD.sys
2007-05-22 15:34 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 22:32 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2007-08-27 17:04 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 17:05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 17:05 13552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2007-08-27 17:04 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\Karine_2\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {db8368dc-6fa0-41a3-b04b-96789df1d1ff} - e404d.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant Internet.lnk
backup=C:\WINDOWS\pss\Assistant Internet.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.l