Analyse log merci

Sebdo Messages postés 7 Statut Membre -  
Sebdo Messages postés 7 Statut Membre -
Bonjour à tous,

Depuis quelque temps mon PC subit quelques plantages...

De plus hier j'ai eu un soucis avec un trojan newdot, enfin le problème est reglé :)

Serait il possible d'analyser un log hijack afin de me noter d'aventuelles défaillance de mon système.

Je me permets ainsi de le poster ici:

Logfile of HijackThis v1.99.1 
Scan saved at 19:34:23, on 12/06/2006 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\Explorer.EXE 
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe 
C:\Program Files\Microsoft IntelliType Pro\type32.exe 
C:\Program Files\Microsoft IntelliPoint\point32.exe 
C:\WINDOWS\system32\LVCOMSX.EXE 
C:\Program Files\Logitech\Video\LogiTray.exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\WINDOWS\Mixer.exe 
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe 
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe 
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\system32\cisvc.exe 
C:\Program Files\F-Secure\fswsclds.exe 
C:\Program Files\Logitech\Video\FxSvr2.exe 
C:\WINDOWS\System32\FTRTSVC.exe 
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Inventel\Gateway\wlancfg.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\cidaemon.exe 
C:\Program Files\MSN Messenger\msnmsgr.exe 
C:\Documents and Settings\poste\Bureau\Simulateur Ogame\9.4.2\SpeedSim.exe 
C:\Documents and Settings\poste\Bureau\Simulateur Ogame\9.4.2\SpeedSim.exe 
C:\Documents and Settings\poste\Bureau\Simulateur Ogame\9.4.2\SpeedSim.exe 
C:\Documents and Settings\poste\Bureau\Simulateur Ogame\9.4.2\SpeedSim.exe 
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\Documents and Settings\poste\Mes documents\Dossiers Séb\HijackThis.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll 
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe 
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" 
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" 
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE 
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= 
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe 
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot 
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe 
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe 
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html 
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html 
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html 
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html 
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe 
O9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe 
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) 
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) 
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe 
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe 
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll 
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) 
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) 
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe 
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe 
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe 
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe 


Je précise que je ne suis pas un surdoué en informatique, donc j'essaierai de faire ce que vous aller me dire au mieux.

Dans l'attente de retour de votre part.

A bientôt.

Sébastien.

6 réponses

  1. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello
    ===========
    tout d abord fais ceci :

    3/ - Ewido (download)- gratuit même après 14 jours d’essai
    http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
    Copie/COLLE le rapport généré sur ce forum
    Pour certaines versions de Windows antérieures à XP, Ewido peut ne pas être compatible
    Dans ce cas, il te faudra utiliser a-squared free et demander une clef pour son usage gratuit
    https://www.emsisoft.com/fr/

    4/ - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
    Télécharge ici :
    https://www.ccleaner.com/ccleaner/download
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    6/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
    https://assiste.com/404_La_page_demandee_n_existe_pas.php
    http://www.bitdefender.fr/scan8/ie.html
    Copie/COLLE le rapport entier
    0
  2. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re

    pas de p-feu ???

    (A)- Si tu n’ as pas de pare-feu, autre que le ‘joujou’ de Windows (à désactiver), je te conseille Kerio (gratuit même après les 30 jours d’ essai)
    Tutorial et téléchargement ici :
    https://www.vulgarisation-informatique.com/kerio.php
    (B)- Règle d’ or à respecter : 1 seul pare-feu, 1 seul antivirus
    0
  3. Sebdo Messages postés 7 Statut Membre
     
    Ok,

    Désolé pour le délai de réponse, mais j'étais au boulot...

    Je commence par le log "ewido":

    --------------------------------------------------------
     ewido anti-malware - Rapport de scan
    ---------------------------------------------------------
    
     + Créé le:		06:29:07, 14/06/2006
     + Somme de contrôle:	733C1B76
    
     + Résultats du scan:
    
    	HKU\S-1-5-21-823518204-1935655697-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Nettoyer et sauvegarder
    	HKU\S-1-5-21-823518204-1935655697-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Nettoyer et sauvegarder
    	[1512] C:\Program Files\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Erreur durant le nettoyage
    	[2644] C:\Program Files\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Erreur durant le nettoyage
    	C:\Documents and Settings\poste\Cookies\poste@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
    	C:\Documents and Settings\poste\Cookies\poste@zedo[2].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
    	C:\Program Files\Macrogaming\SweetIM\__delete_on_reboot__mghooking.dll -> Logger.Agent.gk : Nettoyer et sauvegarder
    	C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\Quarantine\Quarantine - 10-28-2005 - 23-49-04.SBU/{73C9CB0B-ECCA-41D8-BE83-79B92ABA2DC0} -> Adware.NewDotNet : Nettoyer et sauvegarder
    	C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\Quarantine\Quarantine - 10-28-2005 - 23-49-04.SBU/{CD286049-3FE1-4632-A468-EC31E28B953C} -> Adware.NewDotNet : Nettoyer et sauvegarder
    	C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
    	C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
    	C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
    
    
    ::Fin du rapport


    Le log bitdefender viendra un peu plus tard!!!
    0
  4. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    ok ça marche
    ewido bosse bien
    on verra plus tard s'il faut mettre les mains ds le cambouis
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Sebdo Messages postés 7 Statut Membre
     
    Re,

    Donc voici le rapport de scan avec bitdefendre!!!

    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner -Scan Report</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    <meta name="generator" content="Namo WebEditor v5.0(Trial)">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF  leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
    
    
    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
        <tr>
            <td width="458">
                <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender 
                Online Scanner</b></span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
        <tr>
            <td colspan="3" width="912">
                <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated 
                at: Wed, Jun 14, 2006 - 18:34:30</b></span></font></p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                <p><font face="Arial"><span style="font-size:11pt;"><B>Scan 
                path: </b></span><span style="font-size:10pt;">A:\;C:\;E:\;F:\;</span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
        <tr>
            <td width="458">
                    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                        <tr>
                            <td width="451" colspan="2" bgcolor="#CCCCCC">
                                <p><font face="Arial" size="2"><B>Statistics</b></font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Time</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">01:23:57</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Files</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">232964</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Folders</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">2748</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Boot Sectors</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">2</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Archives</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">4438</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Packed Files</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">23070</font></p>
                            </td>
                        </tr>
                    </table>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
       
    
    	<tr>
            <td width="458">
                    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                        <tr>
                            <td width="451" colspan="2" bgcolor="#CCCCCC">
                                <p><font face="Arial" size="2"><B>Results</b></font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Identified Viruses </font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">1</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Infected Files </font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">1</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Suspect Files </font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">0</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Warnings</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">0</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Disinfected</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">0</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Deleted Files</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">1</font></p>
                            </td>
                        </tr>
                    </table>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                        <tr>
                            <td width="451" colspan="2" bgcolor="#CCCCCC">
                                <p><font face="Arial" size="2"><B>Engines Info</b></font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Virus Definitions</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">388030</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Engine build</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan plugins</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">13</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Archive plugins</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">39</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Unpack plugins</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">5</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">E-mail plugins</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">6</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">System plugins</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">1</font></p>
                            </td>
                        </tr>
                    </table>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                        <tr>
                            <td width="451" colspan="2" bgcolor="#CCCCCC">
                                <p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">First Action</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Disinfect</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                            <p><font face="Arial" size="2">Second Action</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Delete</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Heuristics</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Enable Warnings</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
    	                <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scanned Extensions</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">*;</font></p>
                            </td>
                        </tr>
    
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Exclude Extensions</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2"> </font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan Emails</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan Archives</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan Packed</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan Files</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                        <tr>
                            <td width="57%">
                                <p><font face="Arial" size="2">Scan Boot</font></p>
                            </td>
                            <td width="43%" align="right">
                                <p><font face="Arial" size="2">Yes</font></p>
                            </td>
                        </tr>
                    </table>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td colspan=2>  
                    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                        <tr>
                            <td width="252" bgcolor="#CCCCCC">
                                <p><font face="Arial" size="2"><B>Scanned File</b></font></p>
                            </td>
                            <td width="195" bgcolor="#CCCCCC" align="right">
                            <p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
                            </td>
                        </tr>
                        <tr>
    	<td width="57%">
    	<p><font face="Arial" size="2">C:\System Volume Information\_restore{DAE57689-0FF9-4627-B581-4A794CA33E6B}\RP288\A0204967.exe</font></p>
    	</td>
    	<td width="43%" align="left">
    		<p><font face="Arial" size="2">Infected with: Trojan.Nuker.Nukenabber.A</font></p>
    	</td>
    </tr><tr>
    	<td width="57%">
    	<p><font face="Arial" size="2">C:\System Volume Information\_restore{DAE57689-0FF9-4627-B581-4A794CA33E6B}\RP288\A0204967.exe</font></p>
    	</td>
    	<td width="43%" align="left">
    		<p><font face="Arial" size="2">Disinfection failed</font></p>
    	</td>
    </tr><tr>
    	<td width="57%">
    	<p><font face="Arial" size="2">C:\System Volume Information\_restore{DAE57689-0FF9-4627-B581-4A794CA33E6B}\RP288\A0204967.exe</font></p>
    	</td>
    	<td width="43%" align="left">
    		<p><font face="Arial" size="2">Deleted</font></p>
    	</td>
    </tr>
                    </table>
            </td>
           
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    	<tr>
            <td width="458">
                <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
            </td>
            <td width="40%">
                <p> </p>
            </td>
            <td width="10%">
                <p> </p>
            </td>
        </tr>
    
    </table>
    <p> </p>
    
    </body>
    </html>


    Excusez moi je pense avoir fait une bétise lors de la sauvegarde du rapport :s
    0
  7. Sebdo Messages postés 7 Statut Membre
     
    Ensuite voici un log hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:22:10, on 14/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\F-Secure\fswsclds.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\poste\Mes documents\Dossiers Séb\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe
    O9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe


    Voilà je pense avoir suivi les instructions, je suis à votre écoute pour la suite...

    Excusez moi pour la longueur de réponse et merci pour votre disponibilité!!!

    Séb.
    0