débordement mémoire tampon

help help · le 27 Mai 2009 15:33

Bonjour,
J'ai un message de Mc Afee indiquant que j'ai un débordement de la mémoire tampon bloqué.
Le PC est vraiment ralenti ...
J'ai regardé d'anciens messages du forum mais je ne m'en sors pas ...
Si quelqu'un pouvait me conseiller, ce serait sympa.

Merci beaucoup

Pac428 · le 27 Mai 2009 17:01

Bonjour et bienvenue Help

Tu peux nous poster un rapport HijackThis en suivant > ce tuto < si besoin ?
++ :wink:

help help · le 27 Mai 2009 17:39

Merci pour la réponse rapide.
J'ai installé HijackThis mais je n'ai pas eu le choix de le mettre sur le bureau.
Du coup, je ne sais pas où il est (j'ai fait rechercher sur le C. mais en vain) et je n'ai pas pu le renommer ...
J'ai quand même lancé un scan et voici le résultat :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:33, on 27/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32axp.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesWindows LiveFamily Safetyfsssvc.exe
C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:program filesfichiers communsmcafeemnamcnasvc.exe
c:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32sopidkc.exe
C:WINDOWSSystem32svchost.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32wscntfy.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:
pdie.exe
C:WINDOWSsystem32MDM.EXE
C:WINDOWSSystem32 eader_s.exe
C:WINDOWSSystem32svchost.exe
c:program FilesThunMail estabd.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32avast!Antivirus.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsMAISONLocal SettingsTemporary Internet FilesContent.IE5QIEFFFVWHiJackThis[1].exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe baxp.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~1MAISONLOCALS~1Tempinit.exe
O2 - BHO: C:WINDOWSsystem32yhafd78auhd.dll - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - C:WINDOWSsystem32yhafd78auhd.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [998] C:
pdie.exe
O4 - HKLM..Run: [reader_s] C:WINDOWSSystem32 eader_s.exe
O4 - HKCU..Run: [svc] c:program FilesThunMail estabd.exe
O4 - HKCU..Run: [reader_s] C:Documents and SettingsMAISON eader_s.exe
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.photoreflex.com/tools/ImageU ... oader3.cab
O17 - HKLMSystemCCSServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLMSystemCS1ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 86.64.145.146 84.103.237.146
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:progra~1ThunMail estabd.dll
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:WINDOWSsystem32yhafd78auhd.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast!antivirus - Unknown owner - C:WINDOWSSystem32avast!Antivirus.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:WINDOWS
O23 - Service: GhostStartService - Symantec Corporation - C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filesfichiers communsmcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:Program FilesSiSoftwareSiSoftware Sandra Lite 2005.SR1RpcSandraSrv.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:WINDOWSsystem32sopidkc.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:WINDOWS

--
End of file - 7253 bytes

C'est incompréhensible pour moi ...

Merci de votre aide pour la suite des actions à mener

H3bus · le 27 Mai 2009 18:06

Joli, tu es l'heureux propriétaire d'une machine bien vérolée !

O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:WINDOWSsystem32sopidkc.exe
O20 - AppInit_DLLs: c:progra~1ThunMail estabd.dll
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O4 - HKCU..Run: [reader_s] C:Documents and SettingsMAISON eader_s.exe
O4 - HKCU..Run: [svc] c:program FilesThunMail estabd.exe
O4 - HKLM..Run: [reader_s] C:WINDOWSSystem32 eader_s.exe
O4 - HKLM..Run: [998] C:
pdie.exe

Ces lignes sont à effacer.

Ensuite :

r|b a écrit:2_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.

Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.

Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.

_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.

_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.

Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.

help help · le 27 Mai 2009 18:21

Comment je fais pour supprimer des lignes ?
Est-ce que c'est un risque pour mon ordi ?
Comment se fait-il que j'ai des virus avec Mc Afee à jour ?
Il faudrait un autre antivirus plus performant ?

Merci

r@in | b0w · le 27 Mai 2009 19:22

Bonjour.

help help a écrit:Comment je fais pour supprimer des lignes ?

Tu suis le tutorial...

help help a écrit:Est-ce que c'est un risque pour mon ordi ?

Non si tu suis nos conseils.

help help a écrit:Comment se fait-il que j'ai des virus avec Mc Afee à jour ?

Disons que l'antivirus parfait n'existe pas, ni l'utilisateur parfait d'ailleurs.

help help a écrit:Il faudrait un autre antivirus plus performant ?

Tu as MacAfee. Pourquoi installer un soit disant Avast qui, en vrai, est un antivirus, dans ton cas, est probablement un rogue?

Conduite à risque, rien de plus.

_ Tu peux aussi fixer les lignes suivantes:

F2 - REG:system.ini: Shell=Explorer.exe baxp.exe
O2 - BHO: C:WINDOWSsystem32yhafd78auhd.dll - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - C:WINDOWSsystem32yhafd78auhd.dll
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:WINDOWSsystem32yhafd78auhd.dl
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:WINDOWS
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:WINDOWS

help help · le 27 Mai 2009 21:02

Voici le rapport de Malwarebytes :

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 2

27/05/2009 22:01:29
mbam-log-2009-05-27 (22-01-29).txt

Type de recherche: Examen complet (C:|D:|E:|H:|)
Eléments examinés: 244221
Temps écoulé: 33 minute(s), 11 second(s)

Processus mémoire infecté(s): 11
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 33
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 74

Processus mémoire infecté(s):
C:Documents and SettingsMAISONLocal SettingsTemphuth39.exe (Trojan.WinWebSec) -> Unloaded process successfully.
C:Documents and SettingsMAISONLocal SettingsTemphuth39.exe (Trojan.WinWebSec) -> Unloaded process successfully.
C:Documents and SettingsMAISONLocal SettingsTemphuth39.exe (Trojan.WinWebSec) -> Unloaded process successfully.
C:Documents and SettingsMAISON eader_s.exe (Trojan.Backdoor) -> Unloaded process successfully.
C:WINDOWSdhcpsvchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:WINDOWSsystem32SYSDLL.exe (Trojan.Proxy) -> Unloaded process successfully.
C:WINDOWSsystem32avast!Antivirus.exe (Trojan.Agent) -> Unloaded process successfully.
C:WINDOWSsystem32 eader_s.exe (Trojan.Backdoor) -> Unloaded process successfully.
C:WINDOWSsystem32sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
c:WINDOWSld08.exe (Worm.Koobface) -> Unloaded process successfully.
c:program FilesThunMail estabd.exe (Spyware.OnlineGamer) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:WINDOWSsystem32spria.dll (Rogue.Multiple) -> Delete on reboot.
c:WINDOWSsystem326to4v32.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOTCLSID{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{ada8c222-95d2-47b5-950b-aebc0a508839} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{21eeb010-57f3-11dd-b116-dad055d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTorb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTorb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{ada8c222-95d2-47b5-950b-aebc0a508839} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREfcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREAGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREIGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ada8c222-95d2-47b5-950b-aebc0a508839} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesdhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesfips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicessopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesws2_32sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Services6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicesfips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicesmsncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicessopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicesws2_32sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesavast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesfips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesmsncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesws2_32sik (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun (Trojan.WinWebSec) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun12cfg515-k641-55sf-n66p (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun12zfg94-f641-2sf-k31p-5n1er6h6l2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
zdflkioezncfiunfindiuchiuenfcdc (Trojan.WinWebSec) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun eader_s (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunsvc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunsysdll (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon askman (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{c6c7b2a1-00f3-42bd-f434-00aaba2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun eader_s (Trojan.Backdoor) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Spyware.OnlineGamer) -> Data: c:progra~1 hunmail estabd.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Hijack.UserInit) -> Bad: (C:WINDOWSsystem32userinit.exe,C:DOCUME~1MAISONLOCALS~1Tempinit.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: c:docume~1maisonlocals~1 empinit.exe -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:Program FilesInternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:Program FilesThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:RECYCLERS-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontent (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavoris3dhyperjetracing (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavorismxstunts (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavorisxml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgameboxskins (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:Documents and SettingsMAISONLocal SettingsTemphuth39.exe (Trojan.WinWebSec) -> Quarantined and deleted successfully.
C:Documents and SettingsMAISON eader_s.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:RECYCLERS-1-5-21-0243636035-3055115376-381863306-1556pqlmq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:RECYCLERS-1-5-21-0470717560-4328620448-554307442-0949service.exe (Trojan.Agent) -> Delete on reboot.
C:WINDOWSdhcpsvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:WINDOWSsystem326to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:WINDOWSsystem32FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32SYSDLL.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:WINDOWSsystem32avast!Antivirus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32driversfips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32driversws2_32sik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32
vs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:WINDOWSsystem32 eader_s.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:WINDOWSsystem32sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32spria.dll (Rogue.Multiple) -> Delete on reboot.
C:WINDOWSsystem32syslocsysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:WINDOWSsystem32 psaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32 pszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wtukd32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:RECYCLERs-1-5-21-0243636035-3055115376-381863306-1556Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:WINDOWSTempe4009d36cc852e27e1a0bfbae950d9b4.txt (Trojan.FakeAlert) -> Delete on reboot.
c:WINDOWSsystem32dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:WINDOWSsystem32dpcxool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:WINDOWSsystem32dsktjun_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32dsktjun_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32gyoigyi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32gyoigyi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:WINDOWSsystem32oeosmum_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32oeosmum_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32pnyavuh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32pnyavuh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32qjmauvuxd_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:WINDOWSsystem32qjmauvuxd_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:documents and settingsMAISONLocal SettingsTempinit.exe (Trojan.Agent) -> Delete on reboot.
c:documents and settingsMAISONSharedwindows_xp_sp3_crack.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:documents and settingsMAISONSharedwindows_xp_vista_crack.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTemp962.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTempBN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTempBN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTempBN23.tmp (Trojan.Agent) -> Delete on reboot.
c:documents and settingsMAISONlocal settingsTemper5bxq.exe (Trojan.WinWebSec) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTempjvyo31.exe (Trojan.WinWebSec) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settingsTempzjhufhdfe.exe (Trojan.WinWebSec) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settings emporary internet filesContent.IE5834REF61g500[1].pad (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settings emporary internet filesContent.IE5I4AH1D1Vu531[1].psd (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settings emporary internet filesContent.IE5NK7A7LGTu838[1].psd (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settings emporary internet filesContent.IE5O67AVK6Xccsuper2[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:documents and settingsMAISONlocal settings emporary internet filesContent.IE5O67AVK6Xwcmznr[1].htm (Trojan.Qhost) -> Quarantined and deleted successfully.
c:program filesPinnacleshared filesinstantcddvdPixieRegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
c:program filesThunMail estabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
c:program filesThunMail estabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
c:program filesinternetgameboxInternetGameBox.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesAttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesAttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesNoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesconfig_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscatalogue.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavoris3dhyperjetracing3dhyperjetracing.dcr (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavoris3dhyperjetracing3dhyperjetracing.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavoriscontentfavoris3dhyperjetracing3dhyperjetracing.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavorisdefault.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgamebox essourcesfavorisxmlfavoris.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgameboxskinsdefault.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesinternetgameboxuninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:slahpyt.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
c:wxhsq.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
d:program fileseMuleIncomingwindows_xp_sp3_crack.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:program fileseMuleIncomingwindows_xp_vista_crack.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
h:
ameless.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.

Qu'en pensez-vous ?
Merci de vos réponses

help help · le 27 Mai 2009 21:20

J'ai redémarré le PC et j'ai à nouveau plusieurs messages de débordement de la mémoire tampon ...
Comme avant que je fasse ces manips ...
J'attends vos conseils.
Merci beaucoup

r@in | b0w · le 27 Mai 2009 22:50

Relance Mbam jusqu'à ce qu'il ne trouve rien.

Ensuite, tu fais un nouveau scan HiJackThis.

help help · le 28 Mai 2009 20:41

Bonsoir,
Je GA-LE-RE ...

En allumant ce soir mon PC, j'ai eu comme proposition :
- mode sans échec
- mode sans échec avec prise en charge réseau
- démarrer Windows normalement
- invite de cde en mode sans échec
- dernière bonne config connue.

Quand je choisis démarrer normalement, il reboute en boucle
J'ai donc choisi dernière bonne config connue.

J'espère ne pas avoir perdu les actions faites sur HijackThis et Malwarebytes hier.

Ensuite, j'ai essayé d'ouvrir Malwarebytes (icône sur mon bureau) pour lancer un nouveau scan comme vous m'avez conseillé hier mais rien ne se passe. J'ai tenté de le télécharger à nouveau mais la page se ferme toute seule.

Je suis dans une impasse ...

Si vous avez des idées pour me sortir de là ...

Merci

r@in | b0w · le 28 Mai 2009 21:30

Bonjour.

Cela a l'air d'être la galère oui.

Ton ordinateur est un ordinateur de marque? Sinon, tu as le CD de Windows?

Tente une réparation de Windows comme ceci.

H3bus · le 29 Mai 2009 09:46

Ton système semble être en mauvais état. Tu as un CD Windows, pour tenter une restauration du système ?

€dit : Argh, désolé r|b, j'avais pas vu ton post...

help help · le 02 Juin 2009 11:09

Je ne peux pas installer Windows à nouveau (pas de CD et mon PC a 5 ans sans mise à jour, sauf bien sûr de mon anti-virus) ...
Quand je clique sur certains îcones (Mbam, mcAfee, ...) rien ne se passe ...

J'ai essayé des scan en lignes mais à un moment, l'ordinateur plante et s'éteint.
J'ai quand même réussi à avoir, dans le compte rendu du début du scan :
C:lqwnwu.exe et C:lsass.exe suspectés de Behaveslike:Win32.Malware
+ échec désinfection et échec suppression

A l'ouverture, j'ai le message « Windows ne trouve pas baxp.exe »

Est-ce que ça vous dit quelque chose ?
Merci de votre aide précieuse

H3bus · le 02 Juin 2009 12:07

Ton système n'est pas à jour, donc c'est la porte ouvertes aux infections, même si tu as un antivirus à jour. Tu n'as vraiment aucun CD ?

r@in | b0w · le 02 Juin 2009 12:13

Bonjour.

Si tu arrives à avoir le Mode sans échec au moins, Mbam pourra peut-être améliorer la machine.

Sinon, c'est fini...

débordement mémoire tampon

débordement mémoire tampon

Sujets similaires

Qui est en ligne