Virus mais je n'arrive pas à le supprimer
nattaly
Messages postés
2
Statut
Membre
-
nattaly Messages postés 2 Statut Membre -
nattaly Messages postés 2 Statut Membre -
Bonjour,
Voila...comme beaucoup de monde, je pense avoir été infectée. Zlob downloader.bs est détecté par spybot. En faisant le tour dans différents forum, j'ai lu qu'on pouvait télécharger Hijackt, pour avoir un log de...je ne sais plus quoi (suis pas très calée en informatique), mais j'ai vu que ça aidait ceux qui nous dépanne gentillement.
Donc voici le log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:00, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HIJACKTHIS V 2.02\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AWWFSPU] "C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g[...]ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 8363 bytes
De plus, mon écran de veille se transforme en espèce de blatte ou cafard qui se promène sur mon pc (charman, beurk). J'ai réussi à supprimer certaines choses mais je pense que le problème n'est pas résolu.
J'ai téléchargé aussi Deckard (de la part d'un copain), j'ai aussi un log :
Deckard's System Scanner v20071014.68
Run by Nattecass on 2008-05-16 13:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 2 Restore Point(s) --
2: 2008-05-16 11:10:44 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-15 12:23:48 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Nattecass.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:44, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Nattecass\Bureau\dss.exe
D:\HIJACK~1.02\NATTEC~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AWWFSPU] "C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g[...]ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 8102 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\2_BAT-CMD.ico,0
.cmd - cmdfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\2_BAT-CMD.ico,0
.inf - inffile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\INF.ico,0
.reg - regfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\REG.ico,0
.txt - txtfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\58_TXT.ico,0
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R3 AR2425 (AzureWave AR5006 Wireless Network Adapter Service) - c:\windows\system32\drivers\aw5006.sys <Not Verified; AzureWave Technologies, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>
S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 V2i Protector - c:\program files\powerquest\drive image 7.0\agent\pqv2isvc.exe <Not Verified; PowerQuest Corporation; V2i Protector>
S2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA GeForce 8500 GT
Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_82421043&REV_A1\4&20F16817&0&0008
Manufacturer: NVIDIA
Name: NVIDIA GeForce 8500 GT
PNP Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_82421043&REV_A1\4&20F16817&0&0008
Service: nv
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Claviers standard)
Name: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-03-29 16:46:34 413 --a------ C:\WINDOWS\Tasks\4 Copernic Monthly ~NATH Nattecass.job
2008-03-29 16:46:34 416 --a------ C:\WINDOWS\Tasks\3 Copernic Weekly ~NATH Nattecass.job
2008-03-29 16:46:34 411 --a------ C:\WINDOWS\Tasks\2 Copernic Daily ~NATH Nattecass.job
2008-03-29 16:46:34 421 --a------ C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~NATH Nattecass.job
-- Files created between 2008-04-16 and 2008-05-16 -----------------------------
2008-05-16 09:58:26 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-16 09:13:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 09:13:12 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Mozilla
2008-05-15 23:02:56 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-15 22:45:03 0 d-------- C:\Program Files\CCleaner
2008-05-15 21:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-15 21:47:17 0 d-------- C:\Program Files\Fichiers communs\PC Tools
2008-05-15 20:37:27 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 20:37:14 0 d-------- C:\Program Files\Spyware Doctor
2008-05-15 20:37:14 0 d-------- C:\Documents and Settings\Nattecass\Application Data\PC Tools
2008-05-15 17:55:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 17:35:18 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Help
2008-05-15 16:39:31 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-15 16:39:31 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-05-15 16:39:31 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-15 16:39:31 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-05-15 16:39:31 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-15 16:39:30 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-05-15 16:39:30 1835008 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-15 16:39:30 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-15 16:39:30 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-05-15 14:18:45 1188 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 14:17:43 0 d-------- C:\Documents and Settings\Nattecass\SmitfraudFix
2008-05-15 14:04:37 0 d--h----- C:\WINDOWS\PIF
2008-05-15 13:34:35 0 d--hs---- C:\AntivirusFiable
2008-05-15 13:34:22 0 d-------- C:\Documents and Settings\Nattecass\Application Data\AntivirusFiable
2008-05-15 13:33:05 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-15 13:27:00 0 d-------- C:\Documents and Settings\Nattecass\Application Data\TmpRecentIcons
2008-05-15 12:02:13 0 --a------ C:\winxplogon.sys
2008-05-15 11:40:21 28800 --a------ C:\WINDOWS\system32\khfEWpNh.dll
2008-05-15 11:39:44 81920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 11:39:44 94208 --a------ C:\WINDOWS\epfg.exe
2008-05-15 11:39:43 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-15 11:39:43 217088 --a------ C:\WINDOWS\fvowketqxfo.dll
2008-05-12 21:54:04 0 d-------- C:\Documents and Settings\All Users\Application Data\LxThumbs
2008-05-08 18:31:56 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-08 18:31:54 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-08 18:31:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-08 18:31:53 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-08 18:31:53 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-08 18:31:52 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-08 18:31:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-08 12:06:08 0 d-------- C:\Program Files\Sherwood Media
2008-04-29 20:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-28 14:45:27 0 d-------- C:\Program Files\uTorrent
2008-04-28 14:45:22 0 d-------- C:\Documents and Settings\Nattecass\Application Data\uTorrent
-- Find3M Report ---------------------------------------------------------------
2008-05-16 11:37:59 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Adobe
2008-05-15 21:47:17 0 d-------- C:\Program Files\Fichiers communs
2008-05-15 20:39:13 468038 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-15 20:39:13 75936 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-15 17:30:41 0 d-------- C:\Program Files\MSBuild
2008-05-15 17:30:40 0 d-------- C:\Program Files\Lexmark 1400 Series
2008-05-15 17:30:36 0 d-------- C:\Program Files\Azureus
2008-05-15 17:30:29 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Desktop Sidebar
2008-05-15 17:30:28 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Azureus
2008-05-10 10:25:24 0 d-------- C:\Documents and Settings\Nattecass\Application Data\AdobeUM
2008-05-08 17:04:02 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-08 12:06:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 19:23:53 0 d-------- C:\Program Files\Desktop Sidebar
2008-04-11 11:41:46 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Lexmark Productivity Studio
2008-04-10 11:22:29 2528 --a------ C:\Documents and Settings\Nattecass\Application Data\$_hpcst$.hpc
2008-04-10 11:21:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-10 11:21:11 0 d-------- C:\Program Files\Ressources Windows Mobile
2008-04-08 08:08:17 0 d-------- C:\Program Files\Google
2008-04-05 06:25:44 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Google
2008-03-30 19:09:45 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Media Player Classic
2008-03-30 15:56:49 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Sun
2008-03-29 17:51:36 0 d-------- C:\Documents and Settings\Nattecass\Application Data\IsolatedStorage
2008-03-29 17:48:54 0 d-------- C:\Program Files\PowerQuest
2008-03-29 17:42:45 0 d-------- C:\Documents and Settings\Nattecass\Application Data\WinRAR
2008-03-29 17:20:17 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-29 17:18:32 0 d-------- C:\Program Files\MessengerPlus! 3
2008-03-29 17:15:40 0 d-------- C:\Program Files\Windows Live
2008-03-29 17:15:22 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-29 16:46:28 0 d-------- C:\Program Files\Copernic Agent
2008-03-29 16:46:00 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Copernic
2008-03-29 16:42:02 0 d-------- C:\Program Files\Fichiers communs\Copernic
2008-03-29 16:38:20 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-29 16:28:50 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-29 16:27:17 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-03-29 16:21:39 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Nero
2008-03-29 16:20:48 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-03-29 16:19:59 0 d-------- C:\Program Files\Nero
2008-03-29 16:12:27 0 d-------- C:\Program Files\AskTBar
2008-03-29 15:58:06 0 d-------- C:\Documents and Settings\Nattecass\Application Data\GRETECH
2008-03-29 15:57:58 0 d-------- C:\Program Files\GRETECH
2008-03-29 15:30:45 0 d-------- C:\Program Files\Microsoft Works
2008-03-29 15:30:15 0 d-------- C:\Program Files\Microsoft.NET
2008-03-29 15:28:46 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-29 15:21:07 0 d-------- C:\Program Files\Alcohol Soft
2008-03-29 15:13:18 86 --a------ C:\WINDOWS\system32\computer
2008-03-29 15:12:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-29 14:03:51 0 d-------- C:\Program Files\PowerArchiver
2008-03-29 08:53:04 0 d-------- C:\Program Files\My Company Name
2008-03-29 08:52:03 0 d-------- C:\Program Files\ASUS
2008-03-29 08:46:30 0 d-------- C:\Program Files\Intel
2008-03-29 08:44:59 0 d-------- C:\Program Files\ASUS WiFi-AP Solo
2008-03-29 08:44:03 0 d-------- C:\Documents and Settings\Nattecass\Application Data\InstallShield
2008-03-29 08:43:46 0 d-------- C:\Program Files\Attansic
2008-03-29 08:40:03 0 d-------- C:\Program Files\Realtek
2008-03-29 08:36:50 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-03-29 08:09:01 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-03-29 08:08:58 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-03-29 08:08:38 62 --ahs---- C:\Documents and Settings\Nattecass\Application Data\desktop.ini
2008-03-29 07:31:12 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Identities
2008-03-29 07:30:18 0 d-------- C:\Program Files\Java
2008-03-29 07:29:54 0 d-------- C:\Program Files\Fichiers communs\Java
2008-03-29 07:29:51 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Macromedia
2008-03-29 07:28:32 0 d-------- C:\Program Files\Messenger
2008-03-29 07:28:23 0 d-------- C:\Program Files\Photo Story 3 for Windows
2008-03-29 07:27:39 0 d-------- C:\Program Files\Windows Media Components
2008-03-29 07:27:37 0 d-------- C:\Program Files\WMV9_VCM
2008-03-29 07:26:51 0 d-------- C:\Program Files\Windows Journal Viewer
2008-03-29 07:22:09 0 d-------- C:\Program Files\JEUX
2008-03-29 07:22:07 0 d-------- C:\Program Files\UTILS
2008-03-29 07:17:04 0 d-------- C:\Program Files\microsoft frontpage
2008-03-29 07:16:10 0 -rahs---- C:\MSDOS.SYS
2008-03-29 07:16:10 0 -rahs---- C:\IO.SYS
2008-03-29 07:16:10 0 --a------ C:\CONFIG.SYS
2008-03-29 07:16:10 0 --a------ C:\AUTOEXEC.BAT
2008-03-29 07:15:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 07:14:33 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-03-29 07:14:28 0 d-------- C:\Program Files\Movie Maker
2008-03-29 07:13:50 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-29 07:13:24 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-29 07:13:17 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
15/05/2008 03:48 217088 --a------ C:\WINDOWS\fvowketqxfo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [12/10/2006 20:36 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [17/05/2006 20:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 20:43 C:\WINDOWS\Alcmtr.exe]
"AWWFSPU"="C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" [18/12/2006 13:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/03/2007 04:50]
"nwiz"="nwiz.exe" [22/03/2007 04:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/03/2007 04:50]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [05/03/2007 22:40]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [19/05/2007 23:36]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messeng
Si quelqu'un peut m'aider, merci d'avance (le post est long à lire je sais...désolée)
Voila...comme beaucoup de monde, je pense avoir été infectée. Zlob downloader.bs est détecté par spybot. En faisant le tour dans différents forum, j'ai lu qu'on pouvait télécharger Hijackt, pour avoir un log de...je ne sais plus quoi (suis pas très calée en informatique), mais j'ai vu que ça aidait ceux qui nous dépanne gentillement.
Donc voici le log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:00, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HIJACKTHIS V 2.02\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AWWFSPU] "C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g[...]ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 8363 bytes
De plus, mon écran de veille se transforme en espèce de blatte ou cafard qui se promène sur mon pc (charman, beurk). J'ai réussi à supprimer certaines choses mais je pense que le problème n'est pas résolu.
J'ai téléchargé aussi Deckard (de la part d'un copain), j'ai aussi un log :
Deckard's System Scanner v20071014.68
Run by Nattecass on 2008-05-16 13:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 2 Restore Point(s) --
2: 2008-05-16 11:10:44 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-15 12:23:48 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Nattecass.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:44, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Nattecass\Bureau\dss.exe
D:\HIJACK~1.02\NATTEC~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Rhythm - {D4E26A3A-80E0-4467-B116-4F0DC4441C4A} - C:\WINDOWS\fvowketqxfo.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AWWFSPU] "C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g[...]ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 8102 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\2_BAT-CMD.ico,0
.cmd - cmdfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\2_BAT-CMD.ico,0
.inf - inffile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\INF.ico,0
.reg - regfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\REG.ico,0
.txt - txtfile - DefaultIcon - %userprofile%\Mes documents\ICONES\XPCoccinelle\58_TXT.ico,0
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R3 AR2425 (AzureWave AR5006 Wireless Network Adapter Service) - c:\windows\system32\drivers\aw5006.sys <Not Verified; AzureWave Technologies, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>
S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 V2i Protector - c:\program files\powerquest\drive image 7.0\agent\pqv2isvc.exe <Not Verified; PowerQuest Corporation; V2i Protector>
S2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA GeForce 8500 GT
Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_82421043&REV_A1\4&20F16817&0&0008
Manufacturer: NVIDIA
Name: NVIDIA GeForce 8500 GT
PNP Device ID: PCI\VEN_10DE&DEV_0421&SUBSYS_82421043&REV_A1\4&20F16817&0&0008
Service: nv
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Claviers standard)
Name: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-03-29 16:46:34 413 --a------ C:\WINDOWS\Tasks\4 Copernic Monthly ~NATH Nattecass.job
2008-03-29 16:46:34 416 --a------ C:\WINDOWS\Tasks\3 Copernic Weekly ~NATH Nattecass.job
2008-03-29 16:46:34 411 --a------ C:\WINDOWS\Tasks\2 Copernic Daily ~NATH Nattecass.job
2008-03-29 16:46:34 421 --a------ C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~NATH Nattecass.job
-- Files created between 2008-04-16 and 2008-05-16 -----------------------------
2008-05-16 09:58:26 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-16 09:13:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 09:13:12 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Mozilla
2008-05-15 23:02:56 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-15 22:45:03 0 d-------- C:\Program Files\CCleaner
2008-05-15 21:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-15 21:47:17 0 d-------- C:\Program Files\Fichiers communs\PC Tools
2008-05-15 20:37:27 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 20:37:14 0 d-------- C:\Program Files\Spyware Doctor
2008-05-15 20:37:14 0 d-------- C:\Documents and Settings\Nattecass\Application Data\PC Tools
2008-05-15 17:55:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 17:35:18 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Help
2008-05-15 16:39:31 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-15 16:39:31 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-05-15 16:39:31 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-15 16:39:31 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-05-15 16:39:31 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-15 16:39:30 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-05-15 16:39:30 1835008 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-15 16:39:30 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-15 16:39:30 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-15 16:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-05-15 14:18:45 1188 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 14:17:43 0 d-------- C:\Documents and Settings\Nattecass\SmitfraudFix
2008-05-15 14:04:37 0 d--h----- C:\WINDOWS\PIF
2008-05-15 13:34:35 0 d--hs---- C:\AntivirusFiable
2008-05-15 13:34:22 0 d-------- C:\Documents and Settings\Nattecass\Application Data\AntivirusFiable
2008-05-15 13:33:05 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-15 13:27:00 0 d-------- C:\Documents and Settings\Nattecass\Application Data\TmpRecentIcons
2008-05-15 12:02:13 0 --a------ C:\winxplogon.sys
2008-05-15 11:40:21 28800 --a------ C:\WINDOWS\system32\khfEWpNh.dll
2008-05-15 11:39:44 81920 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 11:39:44 94208 --a------ C:\WINDOWS\epfg.exe
2008-05-15 11:39:43 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-15 11:39:43 217088 --a------ C:\WINDOWS\fvowketqxfo.dll
2008-05-12 21:54:04 0 d-------- C:\Documents and Settings\All Users\Application Data\LxThumbs
2008-05-08 18:31:56 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-08 18:31:54 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-08 18:31:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-08 18:31:53 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-08 18:31:53 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-08 18:31:52 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-08 18:31:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-08 12:06:08 0 d-------- C:\Program Files\Sherwood Media
2008-04-29 20:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-28 14:45:27 0 d-------- C:\Program Files\uTorrent
2008-04-28 14:45:22 0 d-------- C:\Documents and Settings\Nattecass\Application Data\uTorrent
-- Find3M Report ---------------------------------------------------------------
2008-05-16 11:37:59 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Adobe
2008-05-15 21:47:17 0 d-------- C:\Program Files\Fichiers communs
2008-05-15 20:39:13 468038 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-15 20:39:13 75936 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-15 17:30:41 0 d-------- C:\Program Files\MSBuild
2008-05-15 17:30:40 0 d-------- C:\Program Files\Lexmark 1400 Series
2008-05-15 17:30:36 0 d-------- C:\Program Files\Azureus
2008-05-15 17:30:29 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Desktop Sidebar
2008-05-15 17:30:28 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Azureus
2008-05-10 10:25:24 0 d-------- C:\Documents and Settings\Nattecass\Application Data\AdobeUM
2008-05-08 17:04:02 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-08 12:06:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 19:23:53 0 d-------- C:\Program Files\Desktop Sidebar
2008-04-11 11:41:46 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Lexmark Productivity Studio
2008-04-10 11:22:29 2528 --a------ C:\Documents and Settings\Nattecass\Application Data\$_hpcst$.hpc
2008-04-10 11:21:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-10 11:21:11 0 d-------- C:\Program Files\Ressources Windows Mobile
2008-04-08 08:08:17 0 d-------- C:\Program Files\Google
2008-04-05 06:25:44 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Google
2008-03-30 19:09:45 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Media Player Classic
2008-03-30 15:56:49 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Sun
2008-03-29 17:51:36 0 d-------- C:\Documents and Settings\Nattecass\Application Data\IsolatedStorage
2008-03-29 17:48:54 0 d-------- C:\Program Files\PowerQuest
2008-03-29 17:42:45 0 d-------- C:\Documents and Settings\Nattecass\Application Data\WinRAR
2008-03-29 17:20:17 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-29 17:18:32 0 d-------- C:\Program Files\MessengerPlus! 3
2008-03-29 17:15:40 0 d-------- C:\Program Files\Windows Live
2008-03-29 17:15:22 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-29 16:46:28 0 d-------- C:\Program Files\Copernic Agent
2008-03-29 16:46:00 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Copernic
2008-03-29 16:42:02 0 d-------- C:\Program Files\Fichiers communs\Copernic
2008-03-29 16:38:20 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-29 16:28:50 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-29 16:27:17 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-03-29 16:21:39 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Nero
2008-03-29 16:20:48 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-03-29 16:19:59 0 d-------- C:\Program Files\Nero
2008-03-29 16:12:27 0 d-------- C:\Program Files\AskTBar
2008-03-29 15:58:06 0 d-------- C:\Documents and Settings\Nattecass\Application Data\GRETECH
2008-03-29 15:57:58 0 d-------- C:\Program Files\GRETECH
2008-03-29 15:30:45 0 d-------- C:\Program Files\Microsoft Works
2008-03-29 15:30:15 0 d-------- C:\Program Files\Microsoft.NET
2008-03-29 15:28:46 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-29 15:21:07 0 d-------- C:\Program Files\Alcohol Soft
2008-03-29 15:13:18 86 --a------ C:\WINDOWS\system32\computer
2008-03-29 15:12:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-29 14:03:51 0 d-------- C:\Program Files\PowerArchiver
2008-03-29 08:53:04 0 d-------- C:\Program Files\My Company Name
2008-03-29 08:52:03 0 d-------- C:\Program Files\ASUS
2008-03-29 08:46:30 0 d-------- C:\Program Files\Intel
2008-03-29 08:44:59 0 d-------- C:\Program Files\ASUS WiFi-AP Solo
2008-03-29 08:44:03 0 d-------- C:\Documents and Settings\Nattecass\Application Data\InstallShield
2008-03-29 08:43:46 0 d-------- C:\Program Files\Attansic
2008-03-29 08:40:03 0 d-------- C:\Program Files\Realtek
2008-03-29 08:36:50 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-03-29 08:09:01 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-03-29 08:08:58 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-03-29 08:08:38 62 --ahs---- C:\Documents and Settings\Nattecass\Application Data\desktop.ini
2008-03-29 07:31:12 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Identities
2008-03-29 07:30:18 0 d-------- C:\Program Files\Java
2008-03-29 07:29:54 0 d-------- C:\Program Files\Fichiers communs\Java
2008-03-29 07:29:51 0 d-------- C:\Documents and Settings\Nattecass\Application Data\Macromedia
2008-03-29 07:28:32 0 d-------- C:\Program Files\Messenger
2008-03-29 07:28:23 0 d-------- C:\Program Files\Photo Story 3 for Windows
2008-03-29 07:27:39 0 d-------- C:\Program Files\Windows Media Components
2008-03-29 07:27:37 0 d-------- C:\Program Files\WMV9_VCM
2008-03-29 07:26:51 0 d-------- C:\Program Files\Windows Journal Viewer
2008-03-29 07:22:09 0 d-------- C:\Program Files\JEUX
2008-03-29 07:22:07 0 d-------- C:\Program Files\UTILS
2008-03-29 07:17:04 0 d-------- C:\Program Files\microsoft frontpage
2008-03-29 07:16:10 0 -rahs---- C:\MSDOS.SYS
2008-03-29 07:16:10 0 -rahs---- C:\IO.SYS
2008-03-29 07:16:10 0 --a------ C:\CONFIG.SYS
2008-03-29 07:16:10 0 --a------ C:\AUTOEXEC.BAT
2008-03-29 07:15:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 07:14:33 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-03-29 07:14:28 0 d-------- C:\Program Files\Movie Maker
2008-03-29 07:13:50 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-29 07:13:24 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-29 07:13:17 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4E26A3A-80E0-4467-B116-4F0DC4441C4A}]
15/05/2008 03:48 217088 --a------ C:\WINDOWS\fvowketqxfo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [12/10/2006 20:36 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [17/05/2006 20:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 20:43 C:\WINDOWS\Alcmtr.exe]
"AWWFSPU"="C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe" [18/12/2006 13:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/03/2007 04:50]
"nwiz"="nwiz.exe" [22/03/2007 04:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/03/2007 04:50]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [05/03/2007 22:40]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [19/05/2007 23:36]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messeng
Si quelqu'un peut m'aider, merci d'avance (le post est long à lire je sais...désolée)
Configuration: Windows XP Firefox 2.0.0.14
A voir également:
- Virus mais je n'arrive pas à le supprimer
- Supprimer rond bleu whatsapp - Guide
- Je n'arrive pas à supprimer une page word - Guide
- Fichier impossible à supprimer - Guide
- Supprimer le fichier hiberfil.sys - Guide
- Supprimer liste déroulante excel - Guide
