Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

[Virus]Worm/Sdbot.51068

Dernière réponse le 19 déc 2006 à 11:54:15 anakin6661, le 16 déc 2006 à 17:37:09

Signaler ce message aux modérateurs

Bonjours a tous

Je reviens vous voir car j ai un worm qui a infecté mon PC

J ai lancé l analyse hyjack et ca m a donné:

*****************************************Logfile of HijackThis v1.99.1
Scan saved at 17:32:40, on 16/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

*****************************************************

Que dois je faire a partir de cela ?

Configuration: Windows XP
Firefox 1.5.0.8

Meilleures réponses pour « [Virus]Worm/Sdbot.51068 » dans :

Virus worm spybot ajs impossible a eradiquer (Résolu) Voir

Worm sdbot.dtl (Résolu) Voir

Virus Worm.Win32.Mabezat.b Voir

[Virus] Kit de désinfection pour éradiquer W32/SDBot VoirL'éditeur d'antivirus Sophos à mis au point un kit de désinfection permettant de supprimer les variantes suivantes du Virus W32.SDBot suivantes : W32/Sdbot-CAF W32/Sdbot-DP Troj/Sdbot-GG W32/Sdbot-H W32/Sdbot-HP W32/Sdbot-IU ...

Virus WORM/SdBot Voir

Probleme de virus : Worm/SdBot.173056.1 Voir

Virus worm impossible de supprimer Voir

Posez votre question Répondre

philo2100, le 16 déc 2006 à 17:50:46

Commences par désinstaller ceci dans ajout/suppression de programe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
messenger de xp fonctione parfaitement.
On y verras déjà plus clair
Ensuite repost un log HJT

Répondre à philo2100

anakin6661, le 17 déc 2006 à 16:10:32

Voila j ai desinstallé ce que tu m a dit:

******************************************
Logfile of HijackThis v1.99.1
Scan saved at 16:09:23, on 17/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

****************************************

A partir de la pouvez vous me dire ce que je dois fixer comme objet?

Répondre à anakin6661

philo2100, le 17 déc 2006 à 16:37:52

Nettement plus clair....merci.
coches les lignes suivantes avec Hijackthis, en refaisant un scan seulement:
---------------------------------------------------------------------------------
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
------------------------------------------------------------------------------
Je t'ai fait enlevé la clé du démarrage de Messenger qui va tenter de se connecter alors que le pc vient à peine de finir son boot.
Vraiment pas utile. Lances le quand tu en as besoin.
--------------------------------------------------------------------------
Je vois que tu as fait un scan en ligne avec Bitdefender.
Il n'y a plus l'air d'avoir des bestioles dans ton ordi.
Veux-tu faire ceci:
download ceci et installes-le.
Démarre le programme.
http://www.ccleaner.com/download/
tuto ici:
http://www.pcentraide.com/index.php?showtopic=3847
----------------------------------------------------------------------------
Ensuite ceci:
http://www.atribune.org/ccount/click.php?id=1
regardes ici:
http://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
A utiliser à chaque fois que tu as été sur le Net.
----------------------------------------------------------------------

Répondre à philo2100

anakin6661, le 17 déc 2006 à 23:43:26

L analyse que tu a vu de bitdefender c est une vieille analyse que j avais fait, voila la derniere en date:

**************************
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfr)=>Setup.exe
Infecté par: Trojan.WhenU.H

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)=>Setup.exe
Echec de la désinfection

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)=>Setup.exe
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)
Echec de la mise à jour

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Infecté par: Trojan.WhenU.H

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Echec de la désinfection

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)
Echec de la mise à jour

C:\WINDOWS\system32\i
Infecté par: Generic.Botget.550ACE1A

C:\WINDOWS\system32\i
Supprimé

Répondre à anakin6661

philo2100, le 18 déc 2006 à 10:19:47

Ce qui veut dire que ce point de restauration a été infecté...je te conseille de le supprimer.
{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}
Pour info, les points de restauration se trouvent dans le dossier :
System Volume Information\Restore
Celui-ci est un dossier caché qui se trouve à la racine du disque.
Pour y accéder (uniquement en cas de nécessité) il faut s'en rendre propriétaire :
http://www.d2i.ch/pn/az/p.html#p025
Voir aussi :
http://support.microsoft.com/kb/309531/fr
-----------------------------------------------------------------------------
Tu sais aussi virer tous tes points de restauration.
- menu Démarrer, Tous les programmes, Accessoires, Outils système, Restauration du système,
Clic à droite sur paramètres de la restauration du système et coche la case" désactiver la restauration du système sur tous les lecteurs"

----------------------------------------------------------------------------
refaits un log HJT

Répondre à philo2100

anakin6661, le 19 déc 2006 à 06:53:26

Je n ai pas reussi a supprimer le fichier infecté. un fichier : change.log est considéré comme utilisé par le systeme et je ne peux pas le supprimé, j ai essayé en mode sans echec mais il me met qu il est toujours utilisé.
de plus j ai l ordinateur qui plante rapidement c est dire un freez enorme qui me fige le pc et il ne repond plus a rien. impossible de faire l update windows

je te remet un scan hijack voir si tu peux m aider

par contre je pars aujourd hui en vacance je serai de retour chez moi le 29 ou 30 decembre donc je te pourrai te dire si j ai resolu le probleme avant. Le pc sera eteint en attendant.

*****************************************
Logfile of HijackThis v1.99.1
Scan saved at 06:51:03, on 19/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Répondre à anakin6661

philo2100, le 19 déc 2006 à 11:54:15

Pour moi je ne vois pas d'infection grave dans ton pc.
Faudra vérifier l'intégrétité de tes disques durs, et la défragmentation.
Propriété de ton disque c: (clic droit dessu dans poste de travail)
Onglet outils/bouton vérifications des erreurs et cochers les cases adhocs.
Ensuite tu download ce qui est demandé dans ce lien:
http://leblogdeclaude.blogspot.com/...
et tu exécutes.

Si ton pc freeze maintenant faudra se pencher sur hardware.

Répondre à philo2100

Posez votre question Répondre