Posez votre question Signaler

[Virus]Worm/Sdbot.51068 [Résolu]

anakin6661 39Messages postés 30 septembre 2006Date d'inscription 14 février 2011Dernière intervention - Dernière réponse le 19 déc. 2006 à 11:54

Bonjours a tous
Je reviens vous voir car j ai un worm qui a infecté mon PC
J ai lancé l analyse hyjack et ca m a donné:
*****************************************Logfile of HijackThis v1.99.1
Scan saved at 17:32:40, on 16/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E08E51DF-7CBA-43D3-80FC-52888CEF8691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
*****************************************************
Que dois je faire a partir de cela ?

[Virus]Worm/Sdbot.51068 »

Suggestions

[Virus]Worm/Sdbot.51068
Virus WORM/SdBot » Forum
Probleme de virus : Worm/SdBot.173056.1 » Forum
Virus worm sdbot et troj dloader : que faire? » Forum
Virus W32/Sdbot.worm.gen.ax (Résolu) » Forum
Virus w32/sdbot.worm!ftp (Résolu) » Forum

Plus

Réponse

philo2100 10083Messages postés 22 août 2005Date d'inscription 16 déc. 2006 à 17:50

Commences par désinstaller ceci dans ajout/suppression de programe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
messenger de xp fonctione parfaitement.
On y verras déjà plus clair
Ensuite repost un log HJT

Ajouter un commentaire

Réponse

anakin6661 39Messages postés 30 septembre 2006Date d'inscription 14 février 2011Dernière intervention 17 déc. 2006 à 16:10

Voila j ai desinstallé ce que tu m a dit:

******************************************
Logfile of HijackThis v1.99.1
Scan saved at 16:09:23, on 17/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

****************************************

A partir de la pouvez vous me dire ce que je dois fixer comme objet?

Ajouter un commentaire

Réponse

philo2100 10083Messages postés 22 août 2005Date d'inscription 17 déc. 2006 à 16:37

Nettement plus clair....merci.
coches les lignes suivantes avec Hijackthis, en refaisant un scan seulement:
---------------------------------------------------------------------------------
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
------------------------------------------------------------------------------
Je t'ai fait enlevé la clé du démarrage de Messenger qui va tenter de se connecter alors que le pc vient à peine de finir son boot.
Vraiment pas utile. Lances le quand tu en as besoin.
--------------------------------------------------------------------------
Je vois que tu as fait un scan en ligne avec Bitdefender.
Il n'y a plus l'air d'avoir des bestioles dans ton ordi.
Veux-tu faire ceci:
download ceci et installes-le.
Démarre le programme.
http://www.ccleaner.com/download/
tuto ici:
http://www.pcentraide.com/index.php?showtopic=3847
----------------------------------------------------------------------------
Ensuite ceci:
http://www.atribune.org/ccount/click.php?id=1
regardes ici:
http://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
A utiliser à chaque fois que tu as été sur le Net.
----------------------------------------------------------------------

Ajouter un commentaire

Réponse

anakin6661 39Messages postés 30 septembre 2006Date d'inscription 14 février 2011Dernière intervention 17 déc. 2006 à 23:43

l analyse que tu a vu de bitdefender c est une vieille analyse que j avais fait, voila la derniere en date:

**************************
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dba.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dc5.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dd3.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ddd.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de0.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44de7.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44ded.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df2.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44df8.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dfc.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44dff.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e06.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e10.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e17.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e19.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1b.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e1e.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e24.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e26.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e29.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e2e.qua
Supprimé

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Infecté par: Trojan.VBS.Starter.G

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45b44e32.qua
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfr)=>Setup.exe
Infecté par: Trojan.WhenU.H

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)=>Setup.exe
Echec de la désinfection

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)=>Setup.exe
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007704.exe=>(CAB Sfx r)
Echec de la mise à jour

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Infecté par: Trojan.WhenU.H

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Echec de la désinfection

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)=>Setup.exe
Supprimé

C:\System Volume Information\_restore{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}\RP56\A0007705.exe=>(CAB Sfx r)
Echec de la mise à jour

C:\WINDOWS\system32\i
Infecté par: Generic.Botget.550ACE1A

C:\WINDOWS\system32\i
Supprimé

Ajouter un commentaire

Réponse

philo2100 10083Messages postés 22 août 2005Date d'inscription 18 déc. 2006 à 10:19

Ce qui veut dire que ce point de restauration a été infecté...je te conseille de le supprimer.
{0BFC8C28-7CCC-411B-9C9B-BB51816671E5}
Pour info, les points de restauration se trouvent dans le dossier :
System Volume Information\Restore
Celui-ci est un dossier caché qui se trouve à la racine du disque.
Pour y accéder (uniquement en cas de nécessité) il faut s'en rendre propriétaire :
http://www.d2i.ch/pn/az/p.html#p025
Voir aussi :
http://support.microsoft.com/kb/309531/fr
-----------------------------------------------------------------------------
Tu sais aussi virer tous tes points de restauration.
- menu Démarrer, Tous les programmes, Accessoires, Outils système, Restauration du système,
Clic à droite sur paramètres de la restauration du système et coche la case" désactiver la restauration du système sur tous les lecteurs"

----------------------------------------------------------------------------
refaits un log HJT

Ajouter un commentaire

Réponse

anakin6661 39Messages postés 30 septembre 2006Date d'inscription 14 février 2011Dernière intervention 19 déc. 2006 à 06:53

Je n ai pas reussi a supprimer le fichier infecté. un fichier : change.log est considéré comme utilisé par le systeme et je ne peux pas le supprimé, j ai essayé en mode sans echec mais il me met qu il est toujours utilisé.
de plus j ai l ordinateur qui plante rapidement c est dire un freez enorme qui me fige le pc et il ne repond plus a rien. impossible de faire l update windows

je te remet un scan hijack voir si tu peux m aider

par contre je pars aujourd hui en vacance je serai de retour chez moi le 29 ou 30 decembre donc je te pourrai te dire si j ai resolu le probleme avant. Le pc sera eteint en attendant.

*****************************************
Logfile of HijackThis v1.99.1
Scan saved at 06:51:03, on 19/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Ajouter un commentaire

Réponse

philo2100 10083Messages postés 22 août 2005Date d'inscription 19 déc. 2006 à 11:54

Pour moi je ne vois pas d'infection grave dans ton pc.
Faudra vérifier l'intégrétité de tes disques durs, et la défragmentation.
Propriété de ton disque c: (clic droit dessu dans poste de travail)
Onglet outils/bouton vérifications des erreurs et cochers les cases adhocs.
Ensuite tu download ce qui est demandé dans ce lien:
http://leblogdeclaude.blogspot.com/...
et tu exécutes.

Si ton pc freeze maintenant faudra se pencher sur hardware.

Ajouter un commentaire

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

[Virus]Worm/Sdbot.51068 [Résolu]

[Virus]Worm/Sdbot.51068 »

Passage au tout numérique : quel coût pour les particuliers ?