eaumer

merci pour tous ces conseils, ça marche bien maintenant. Je ne poste pas ce que tu m'as demandé, parce que comme j'ai réinstallé tous les prog de mon ordi après formatage de la partition, il y en a des pages et des pages avec combofix. Le rapport Hijackthis semble correct à présent A voir... Encore mille mercis

j'ai fait virtumundo, parce que je m'en suis occupée avant d'avoir ta réponse, j'ai fait ce que j'ai pu! sinon, voila le rapport de panda, et cela ne me semble pas de bons augures. Que dois-je faire ? STP ? Incident Status Location Possible Virus. Not disinfected C:\Documents and Settings\Administrateur\Bureau\backups\backup-20061105-021239-578.dll Possible Virus. Not disinfected C:\Documents and Settings\Administrateur\Bureau\backups\backup-20061105-021338-728.dll Possible Virus. Not disinfected C:\Documents and Settings\Administrateur\Bureau\backups\backup-20061105-024657-449.dll Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe[²ƒÇ] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrateur\Cookies\administrateur@drivecleaner[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrateur\Cookies\administrateur@stats.drivecleaner[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrateur\Cookies\administrateur@www.drivecleaner[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Administrateur\Local Settings\Temp\cmdinst.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrateur\Local Settings\Temp\nsv5.tmp Adware:Adware/CommAd Not disinfected C:\WINDOWS\Sm9z\mA6W.vbs Possible Virus. Not disinfected C:\WINDOWS\system32\cbxxuro.dll Possible Virus. Not disinfected C:\WINDOWS\system32\glsa.exe Possible Virus. Not disinfected C:\WINDOWS\system32\khfddba.dll Possible Virus. Not disinfected C:\WINDOWS\system32\khfecca.dll Possible Virus. Not disinfected C:\WINDOWS\system32\rqrrqpq.dll Virus:W32/RxBot.CU.worm Disinfected C:\WINDOWS\system32\winamp.exe Possible Virus. Renamed C:\WINDOWS\system32\?dobe\?xplorer.exe Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs Virus:Eicar.Mod Not disinfected D:\Kaspersky pro v4.5.0.94 fr All Windows\data1.cab[eicar.html] Potentially unwanted tool:Application/Pskill.K Not disinfected D:\MOI\midi\clean.zip[clean/pskill.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\MOI\midi\SmitfraudFix.zip[smitfraudFix/Process.exe] Possible Virus. Not disinfected D:\MOI\midi\SmitfraudFix.zip[smitfraudFix/swsc.exe]

voici donc les rapports: [11/05/2006, 9:38:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" ) [11/05/2006, 9:38:59] - Detected System Information: [11/05/2006, 9:38:59] - Windows Version: 5.1.2600, Service Pack 1 [11/05/2006, 9:38:59] - Current Username: Administrateur (Admin) [11/05/2006, 9:38:59] - Windows is in SAFE mode with Networking. [11/05/2006, 9:38:59] - Searching for Browser Helper Objects: [11/05/2006, 9:38:59] - BHO 1: {9A36CEDC-2619-43F0-8108-50A321AD3057} () [11/05/2006, 9:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 9:38:59] - Checking for HKLM\...\Winlogon\Notify\awtqnkh [11/05/2006, 9:38:59] - Found: HKLM\...\Winlogon\Notify\awtqnkh - This is probably Virtumundo. [11/05/2006, 9:38:59] - Assigning {9A36CEDC-2619-43F0-8108-50A321AD3057} MSEvents Object [11/05/2006, 9:38:59] - BHO list has been changed! Starting over... [11/05/2006, 9:38:59] - BHO 1: {9A36CEDC-2619-43F0-8108-50A321AD3057} (MSEvents Object) [11/05/2006, 9:38:59] - ALERT: Found MSEvents Object! [11/05/2006, 9:38:59] - BHO 2: {A8B28872-3324-4CD2-8AA3-7D555C872D96} (DeskbarBHO) [11/05/2006, 9:38:59] - Finished Searching Browser Helper Objects [11/05/2006, 9:38:59] - *** Detected MSEvents Object [11/05/2006, 9:38:59] - Trying to remove MSEvents Object... [11/05/2006, 9:39:00] - Terminating Process: IEXPLORE.EXE [11/05/2006, 9:39:00] - Terminating Process: RUNDLL32.EXE [11/05/2006, 9:39:00] - Disabling Automatic Shell Restart [11/05/2006, 9:39:00] - Terminating Process: EXPLORER.EXE [11/05/2006, 9:39:00] - Suspending the NT Session Manager System Service [11/05/2006, 9:39:00] - Terminating Windows NT Logon/Logoff Manager [11/05/2006, 9:39:01] - Re-enabling Automatic Shell Restart [11/05/2006, 9:39:01] - File to disable: C:\WINDOWS\system32\awtqnkh.dll [11/05/2006, 9:39:01] - Renaming C:\WINDOWS\system32\awtqnkh.dll -> C:\WINDOWS\system32\awtqnkh.dll.vir [11/05/2006, 9:39:01] - File successfully renamed! [11/05/2006, 9:39:01] - Removing HKLM\...\Browser Helper Objects\{9A36CEDC-2619-43F0-8108-50A321AD3057} [11/05/2006, 9:39:01] - Removing HKCR\CLSID\{9A36CEDC-2619-43F0-8108-50A321AD3057} [11/05/2006, 9:39:01] - Adding Kill Bit for ActiveX for GUID: {9A36CEDC-2619-43F0-8108-50A321AD3057} [11/05/2006, 9:39:01] - Deleting ATLEvents/MSEvents Registry entries [11/05/2006, 9:39:01] - Removing HKLM\...\Winlogon\Notify\awtqnkh [11/05/2006, 9:39:01] - Searching for Browser Helper Objects: [11/05/2006, 9:39:01] - BHO 1: {A8B28872-3324-4CD2-8AA3-7D555C872D96} (DeskbarBHO) [11/05/2006, 9:39:01] - Finished Searching Browser Helper Objects [11/05/2006, 9:39:01] - Finishing up... [11/05/2006, 9:39:01] - A restart is needed. [11/05/2006, 9:39:14] - Attempting to Restart via STOP error (Blue Screen!) hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:03:25, on 05/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe Est-ce que cela te paraît clean ? J'ai nettoyé la BDR avec xoftspy, et j'ai réinstallé kerio (avant que tu me dise de faire ZA), et puis les mises à jour de windows. Merci mille fois

voici un nouveau log après formatage de la machine, je n'ai pas eu le choix. No adware repère un adware.virtumonde dont je ne peux me débarasser. Un fichier .dll était présent avant formatage et est trouLogfile of HijackThis v1.99.1 Scan saved at 09:11:48, on 05/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\system32\awtqnkh.dll O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing) O4 - HKLM\..\Run: [services] C:\prosys32.exe O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162672640546 O20 - Winlogon Notify: awtqnkh - C:\WINDOWS\SYSTEM32\awtqnkh.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9z\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) j'ai aussi réinstallé Kerio.

no-adware a repéré un trojandownloader win32.agent.e dans un fichier .dll que je ne peux supprimer. le pc bug. pas d'erreurs dans kerio, je crois qu'il ne sert à rien! voici mon log Logfile of HijackThis v1.99.1 Scan saved at 15:04:08, on 04/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\josephine\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/im...FormProtect.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

enfin, depuis ce matin, rien. clean up a été bien efficace et le scan en ligne kaspersky. merci mille fois.

possible que Kerio fonctionne mal, j'ai tout ouvert dedans. Sinon, pour l'infection, ça revient tout le temps, même quand je supprime les fichiers repérés.

voici les rapports : svcchost.exe, backdoor.win32.SdBot.awk pour kaspersky . Les autres objets sont vérrouillés. (dont sptd.sys, qui ne cesse de m'étonner). Logfile of HijackThis v1.99.1 Scan saved at 21:57:53, on 02/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svcchost.exe C:\Documents and Settings\josephine\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe et enfin clean up : Microsoft Windows XP [version 5.1.2600] Script execute en mode sans echec *** Suppression des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\iexplore.exe FOUND C:\WINDOWS\system32\logon.exe FOUND C:\WINDOWS\system32\o FOUND C:\WINDOWS\system32\winsys_32.exe FOUND C:\WINDOWS\system32\wupdmgr.exe FOUND Merci pour votre aide. Sinon, j'avais fait un scan de pandé, il m'avait trouvé deux lignes de la base de registre "infectées", je n'ai pas pu supprimer ces lignes. Ce sont HKLM\...\enum\Legacy_sptd et win32sr.

Bonjour, mon pc est donc infecté par des programmes malveillants qui font buguer ma machine, notamment en bloquant internet ou en utilisant 100% de l'UC. Je l'ai identifié comme winsys_32.exe et logon.exe. Mais impossible de les enlever définitivement. Pouvez-vous m'aider ? Voici mon rapport HijackthisLogfile of HijackThis v1.99.1 Scan saved at 14:38:05, on 01/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\System32\Tablet.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ftp.exe C:\Documents and Settings\josephine\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BCFBDFA-191B-4659-8EAD-51C8A6614990}: NameServer = 212.30.96.108,213.203.124.146 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe merci d'avance