Derniers tutoriels :
Sondage :
Publicité
Derniers articles :
[RESOLU]probleme avec un worm - Version imprimable +- Forums d'entraide informatique - Les forums de PCW (http://forum.pcinfo-web.com) +-- Forum : Forum Informatique (/forumdisplay.php?fid=39) +--- Forum : Sécurité Informatique (/forumdisplay.php?fid=2) +--- Discussion : [RESOLU]probleme avec un worm (/showthread.php?tid=2032) |
- -Sh4D0w- - 27-01-2008 13:05 PM on trouvera, lance un scan kaspersky , et secuser ensuite attention secuser est tres long - joul - 27-01-2008 17:21 PM alors voila le resultat du scan kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, January 27, 2008 6:18:55 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/01/2008 Kaspersky Anti-Virus database records: 534065 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 55422 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 01:50:16 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080127_Time-153014984_EnterceptExceptions.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080127_Time-153014984_EnterceptRules.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_JULIEN.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_JULIEN.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\cert8.db Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\history.dat Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\key3.db Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\parent.lock Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\search.sqlite Object is locked skipped C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\julien\Cookies\index.dat Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\julien\Local Settings\Application Data\Mozilla\Firefox\Profiles\n5kqxmwt.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\julien\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\julien\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\julien\ntuser.dat Object is locked skipped C:\Documents and Settings\julien\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\julien\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\chandir.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\chandir.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\chn.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\chn.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\D0000000.FCS Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\inuse.txt Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\L0000015.FCS Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\main.log Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_die.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_die.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_dnd.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_dnd.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_ext.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_ext.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_rcv.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\prs_rcv.idx Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\storydb.dat Object is locked skipped C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Users\julien\Data\storydb.idx Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{995B8547-97AD-4B00-9641-BBAB02A7B87A}\RP1\change.log Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\MASTER\log\wxp_firewall.log Object is locked skipped C:\WINNT\SchedLgU.Txt Object is locked skipped C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINNT\Sti_Trace.log Object is locked skipped C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINNT\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\default Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\Internet.evt Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\software Object is locked skipped C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\system Object is locked skipped C:\WINNT\system32\config\system.LOG Object is locked skipped C:\WINNT\system32\h323log.txt Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINNT\Temp\Perflib_Perfdata_690.dat Object is locked skipped C:\WINNT\wiadebug.log Object is locked skipped C:\WINNT\wiaservc.log Object is locked skipped C:\WINNT\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{995B8547-97AD-4B00-9641-BBAB02A7B87A}\RP1\change.log Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{995B8547-97AD-4B00-9641-BBAB02A7B87A}\RP1\change.log Object is locked skipped Scan process completed. et sur secuser il ne trouve rien bizarre d ailleurs mon a pc à rebooté alors que je faisais un scan avec secuser est ce que c est possible que se soit a cause du fait que je n ai pas desactivé mon autre anti vir? - -Sh4D0w- - 27-01-2008 19:56 PM le virus a du sentir un danger et a fais rebooter le pc j'ai déja vu sa , est ce que tu vide bien tous tes temps ? - Bilifly - 27-01-2008 20:36 PM Bonsoir à vous A premère vue, il n'y a pas de virus dans ce rapport hormis le fichier cmdow.exe, mais qui est en réalité un faux positif détecté par Kaspersky. Un log Hijackthis peut être ? Télécharges Hijackthis : http://forum.pcinfo-web.com/t53-Hijackthis.htm Exécutes HJTInstall Clic sur Install Coupes ta connexion internet et fermes tous les programmes en cours (sauf Hijackthis) Clic sur "Do a system scan and save a logfile" Le bloc notes s'ouvre, copies l'intégralité du rapport et poste-le ici A suivre - joul - 27-01-2008 22:08 PM alors il y a 2 fichiers que j arrive pas a virer dans temp Perflib_ Perfdata_670.dat et Perflib_Perfdata_690.dat et voici le rapport hijackthis que j ai lancé en mode sans echec je sais pas si c est mieux? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:32, on 27/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe D:\Program Files\aawservice.exe D:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\system32\taskswitch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\PnPdrvers\006_mouse\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/hous" O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe -- End of file - 6789 bytes - Bilifly - 27-01-2008 22:18 PM Merci de faire ton rapport en mode normal, c'est-à-dire sous Windows, et les fichiers temporaires que tu viens de dire inutile de les supprimer, ils ne sont pas infectés par le virus - joul - 27-01-2008 22:20 PM - Bilifly - 28-01-2008 17:12 PM Bonsoir à toi Relances Hijackthis Do a system scan read only Coches les lignes suivantes : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PnPdrvers\006_mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Fermes tous les programmes en cours et coupes ta connexion internet, et clic sur Fix Checked Effaces les répertoires temporaires avec CCleaner (Analyse >> Lancer le nettoyage) Refais un scan avec ton antivirus A suivre - joul - 28-01-2008 19:04 PM slt bili alors j ai fais les opérations recommandé pui j ai lancé ad aware2007 et grande surprise un @~#^\ de worm je comprends pas :x et mac Afee ne le détecte que lorsque je lance ad aware et j ai remarqué aussi que c'est lorsqu'il change de disque donc du C: D: que l antir vir le détecte et non quand il survole le dossier temp dit précèdement alors est ce que le problème ne viendrait il pas de ad aware par hasard parce que il est placé sur mon disque D: pourtant quand je scan mon lecteur D: il ne trouve rien enfin c est une supposition qu en penses tu?? - Bilifly - 28-01-2008 19:22 PM Assez étrange Essaye avec l'outils Stinger : http://vil.nai.com/vil/stinger/ |