Débordement de la mémoire tampon [Résolu/Fermé]

Signaler
Messages postés
3
Date d'inscription
vendredi 9 février 2007
Statut
Membre
Dernière intervention
13 février 2007
-
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
-
bonjour, j'ai besoin d'aide pour résoudre un problème de blocage pour cause de débordement de la mémoire tampon décelé par virus scan entreprise 8.0

Merci à l'avance pour votre aide!!

11 réponses

Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Bonjour,

Comment ça un "débordement de la mémoire tampon décelé par virus scan entreprise 8.0" ?

Comment un antivirus peut-il déceler un problème de mémoire tampon ?

Tu as plusieurs solutions :

-Racheter de la mémoire vive (c'est bien d'avoir au moins 512 MB voire plus)

-Changer d'antivirus si celui-ci te ralenti trop le PC

Bonne chance
Messages postés
3
Date d'inscription
vendredi 9 février 2007
Statut
Membre
Dernière intervention
13 février 2007

bonjour kristopher,
y a-t-il aucun programme qui puisse enrayer ce virus? Dans une discussion pour un problème similaire présentée sur le forum en 2006, la personne ayant le même problème que moi s'est fait conseiller d'utiliser hijackthis. Est-ce que ce programme pourrait m'aider à enrayer mon virus causant un débordement de la mémoire tampon?
merci de ton aide!
Charles
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Ah ! Maintenant que tu as explicité ton problème, je peux mieux t'aider Charles !

Commence par ceci stp.

virus methode preliminaire de desinfection version fr
bonjour kristopher, voici enfin le rapport du scan hijackthis que j'ai fait ce matin:

Logfile of HijackThis v1.99.1
Scan saved at 11:23:15, on 2007-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles Gagnon\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HELP ELSE WIN DRV] C:\Documents and Settings\All Users\Application Data\NewLicenseHelpElse\Exit Knob.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [Debug obj] C:\DOCUME~1\CHARLE~1\APPLIC~1\PROCFI~1\Send platform mode.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Charle07,

Stp, tu es très infecté donc tu ferais mieux de faire ce que je te conseille.

Sur cette page, tout est bien expliqué.

virus methode preliminaire de desinfection version fr

Tu dois passer par 4 logiciels et me fournir 3 rapports (regarde les tutoriels si besoin est).

J'attends cette fois-ci les bons rapports dans l'ordre :)

a+

Bonjour Kristopher,
Merci de ta patience dans tes explications... voici donc, dans l'ordre les rapports de avg anti-spyware, bitdefender et hijack this. Comme tu dis, ça grouille de vermines dans cet ordi...
Merci pour ton aide!
Charles

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:37:03 2007-02-15

+ Résultat de l'analyse:

HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Aucune action entreprise.
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Aucune action entreprise.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Aucune action entreprise.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Aucune action entreprise.
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP353\A0043431.exe -> Downloader.Swizzor.fo : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\Profiles\x0r262m7.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Program Files\BitDownload\ZM\minime.exe -> Trojan.Inject.ba : Aucune action entreprise.
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP353\A0043430.exe -> Trojan.Obfuscated.bk : Aucune action entreprise.


Fin du rapport

Rapport de BitDefender
BitDefender Online Scanner
Scan report generated at: Thu, Feb 15, 2007 - 16:02:21
Scan path: C:\;D:\;E:\;

Statistics
Time 01:56:15
Files 440389
Folders 6818
Boot Sectors 4
Archives 8819
Packed Files 67341

Results
Identified Viruses 1
Infected Files 3
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 3

Engines Info
Virus Definitions 388343
Engine build AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1


Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\Documents and Settings\Charles Gagnon\Application Data\PROC FIND\MagsBowsPlay.exe Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Charles Gagnon\Application Data\PROC FIND\MagsBowsPlay.exe Disinfection failed
C:\Documents and Settings\Charles Gagnon\Application Data\PROC FIND\MagsBowsPlay.exe Deleted
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP360\A0043660.exe Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP360\A0043660.exe Disinfection failed
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP360\A0043660.exe Deleted
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP364\A0043968.exe Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP364\A0043968.exe Disinfection failed
C:\System Volume Information\_restore{C0D8D08B-518F-4FEE-8456-723FC27D3021}\RP364\A0043968.exe Deleted

Rapport de HijackThis :
Scan saved at 16:10:10, on 2007-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Charles Gagnon\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Charles,

Tu es très infecté.

Mais tu n'as rien nettoyé avec AVG Anti-Spyware !

Regarde mon tutoriel et refais un scan puis nettoie tout le PC; copie/colle le rapport stp.

Puis un nouveau log de HijackThis aussi.

Et dis moi enfin quels sont tes logiciels de sécurité (antivirus, firewall, antispywares).

a+
Salut Kristopher,
Voici donc les 4 rapports que tu m'as demandé:
Rapport CCleaner
NETTOYAGE COMPLET - (6,445 secs)
------------------------------------------------------------------------------------------
45,0MB supprimés.
------------------------------------------------------------------------------------------

Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 1014) 25,7MB
Cookie:charles gagnon@www.portail.umontreal.ca/psp/PRTPRDS/UM_SITE_ETUDIANTS/ENTP/h/(&H100001) 147 bytes
Cookie:charles gagnon@ledevoir.com/(&H100001) 341 bytes
Cookie:charles gagnon@qc.yahoo.com/(&H100001) 134 bytes
Cookie:charles gagnon@portail.umontreal.ca/(&H100001) 92 bytes
Cookie:charles gagnon@branchez-vous.com/(&H100001) 98 bytes
Cookie:charles gagnon@xiti.com/(&H100001) 106 bytes
Cookie:charles gagnon@www.ledevoir.com/(&H100001) 82 bytes
Cookie:charles gagnon@ca.yahoo.com/(&H100001) 235 bytes
Cookie:charles gagnon@google.ca/(&H100001) 130 bytes
Cookie:charles gagnon@www.portail.umontreal.ca/psp/PRTPRDS/UM_SITE_EMPLOYES/ENTP/h/(&H100001) 145 bytes
Cookie:charles gagnon@canadiantreeplanting.com/(&H100001) 403 bytes
Cookie:charles gagnon@yahoo.com/(&H100001) 367 bytes
Cookie:charles gagnon@ssl-hints.netflame.cc/(&H100001) 300 bytes
Cookie:charles gagnon@accesd.desjardins.com/(&H100001) 128 bytes
Cookie:charles gagnon@www.commentcamarche.net/(&H100001) 114 bytes
Cookie:charles gagnon@sp2.information.com/(&H100001) 444 bytes
Cookie:charles gagnon@google.com/support/(&H100001) 386 bytes
Cookie:charles gagnon@247realmedia.com/(&H100001) 92 bytes
Cookie:charles gagnon@microsoft.com/(&H100001) 126 bytes
Cookie:charles gagnon@aboutus.org/(&H100001) 286 bytes
Cookie:charles gagnon@translate.google.com/(&H100001) 393 bytes
Cookie:charles gagnon@bitdefender.com/(&H100001) 466 bytes
Cookie:charles gagnon@revenue.net/(&H100001) 179 bytes
Cookie:charles gagnon@ads.bleublancrouge.ca/(&H100001) 102 bytes
Cookie:charles gagnon@m.webtrends.com/(&H100001) 186 bytes
Marqué pour l'effacement: C:\Documents and Settings\Charles Gagnon\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: C:\Documents and Settings\Charles Gagnon\Cookies\index.dat
Poubelle vidée (5 fichiers) 15,8MB
C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\8A56EAB7.TMP 122 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 14,72KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 30,73KB
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 636 bytes
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 3,46KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,03KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\comsetup.log 36,13KB
C:\WINDOWS\FaxSetup.log 0,10MB
C:\WINDOWS\IDNMitigationAPIs.log 16,62KB
C:\WINDOWS\ie7.log 60,01KB
C:\WINDOWS\ie7_main.log 45,37KB
C:\WINDOWS\iis6.log 0,14MB
C:\WINDOWS\imsins.log 1,34KB
C:\WINDOWS\KB904942.log 13,81KB
C:\WINDOWS\KB914440.log 6,56KB
C:\WINDOWS\KB915865.log 12,91KB
C:\WINDOWS\KB918118.log 17,94KB
C:\WINDOWS\KB923723.log 14,83KB
C:\WINDOWS\KB924667.log 24,00KB
C:\WINDOWS\KB926436.log 17,73KB
C:\WINDOWS\KB927779.log 29,14KB
C:\WINDOWS\KB927802.log 19,70KB
C:\WINDOWS\KB928090-IE7.log 13,53KB
C:\WINDOWS\KB928255.log 28,76KB
C:\WINDOWS\KB928843.log 17,92KB
C:\WINDOWS\KB929969.log 3,08KB
C:\WINDOWS\KB931836.log 38,37KB
C:\WINDOWS\MedCtrOC.log 7,82KB
C:\WINDOWS\msgsocm.log 5,64KB
C:\WINDOWS\msmqinst.log 38,82KB
C:\WINDOWS\netfxocm.log 19,03KB
C:\WINDOWS\NLSDownlevelMapping.log 16,28KB
C:\WINDOWS\ntdtcsetup.log 22,87KB
C:\WINDOWS\ocgen.log 59,71KB
C:\WINDOWS\ocmsn.log 6,17KB
C:\WINDOWS\setupact.log 0 bytes
C:\WINDOWS\setupapi.log 71,39KB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\spupdsvc.log 6,13KB
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\tabletoc.log 5,16KB
C:\WINDOWS\tsoc.log 52,03KB
C:\WINDOWS\updspapi.log 33,87KB
C:\WINDOWS\wmsetup.log 404 bytes
C:\WINDOWS\imsins.BAK 1,34KB
C:\WINDOWS\Debug\mrt.log 2,16KB
C:\WINDOWS\Debug\UserMode\userenv.log 13,60KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\064EA81Cd01 17,04KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\0C5E5822d01 20,55KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\0C5E6822d01 22,10KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\231294FCd01 16,96KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\23624521d01 16,46KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\30729557d01 24,83KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\333573C3d01 36,38KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\3E170972d01 19,03KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\4FD537DAd01 16,50KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\55DC3AEAd01 41,13KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\55DC3F7Cd01 23,26KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\6A8D22D6d01 16,44KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\6A8D2740d01 30,52KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\6A9C134Dd01 28,68KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\6A9C16DBd01 18,01KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\7627BF11d01 0,15MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\862F729Bd01 16,02KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\8701B16Ed01 0,28MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\976689D2d01 16,28KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\BAA041B6d01 16,96KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\C1EA7145d01 18,04KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\D3EC2C8Bd01 24,81KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\DFDCA0D4d01 18,70KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\E5822D71d01 23,44KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\F96A2ED9d01 56,00KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\FEF5DE5Bd01 17,09KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\_CACHE_001_ 0,19MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\_CACHE_002_ 0,19MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\_CACHE_003_ 0,32MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\cache\_CACHE_MAP_ 0,13MB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\history.dat 10,60KB
C:\Documents and Settings\Charles Gagnon\Application Data\Mozilla\Firefox\profiles\x0r262m7.default\downloads.rdf 206 bytes
Cookie supprimé: xiti.com
Cookie supprimé: www.commentcamarche.net
Cookie supprimé: yahoo.com
Cookie supprimé: yahoo.com
Cookie supprimé: canadiantreeplanting.com
Cookie supprimé: canadiantreeplanting.com
Cookie supprimé: canadiantreeplanting.com
Cookie supprimé: dlink.ca
Cookie supprimé: dlink.ca
Cookie supprimé: dlink.ca
Cookie supprimé: google.ca
C:\Documents and Settings\Charles Gagnon\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\13\dd82bbeb-07fadf0a-7fe002b0-44733101.qtch 1,49KB
C:\Documents and Settings\Charles Gagnon\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070214-1134.log 241 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070214-1142.txt 1,31KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 1,43KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 0 bytes
C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 0,45MB
C:\Documents and Settings\Charles Gagnon\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-02-15 16-37-40.txt 27,03KB
C:\Documents and Settings\Charles Gagnon\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-02-15 16-40-32.txt 27,33KB
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 2,16KB
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:53:19 2007-02-17

+ Résultat de l'analyse:



HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Nettoyé.


Fin du rapport

Rapport de BitDefender
BitDefender Online Scanner
Scan report generated at: Sat, Feb 17, 2007 - 20:49:10

Scan path: C:\;D:\;E:\;

Statistics
Time 01:48:12
Files 440368
Folders 6924
Boot Sectors 4
Archives 8817
Packed Files 67334

Results
Identified Viruses 0
Infected Files 0
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 0

Engines Info
Virus Definitions 388714
Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Scanned File Status
No virus found.




Logfile of HijackThis v1.99.1
Scan saved at 00:33:15, on 2007-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Druide\Antidote\Antidote\Antido32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\Documents and Settings\Charles Gagnon\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

Mon antivirus est VirusScan Enterprise 8.0, mon firewall est celui de Windows XP, et j'ai maintenant téléchargé depuis une semaine les logiciels suivants: Spybot-Search&Destroy, HijackThis, CCleaner, AVG Anti-Spyware, SpywareBlaster et Ad-Aware SE Personal.
Voilà, en espérant que toutes les informations que tu m'as demandé seront là... Merci encore de ta patience et de ton aide!
À bientôt!
Charles
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Charles,

Mets AVG Anti-Spyware à jour !

Puis redémarre en mode sans échec pour effectuer un scan complet et supprime toutes les infections.

Sauvegarde le rapport.

Redémarre ne mode normal et poste ce rapport stp.

Ensuite :

Télécharge SDFix sur ton bureau :

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 desque l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

a+
Bonjour Kristopher,
J'ai fait dans l'ordre les scans que tu m'as prescris, et voici les 3 rapports que tu m'as demandé!
Merci encore et à bientôt!
Charles

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14:57:27 2007-02-18

+ Résultat de l'analyse:



HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Nettoyé.
C:\Documents and Settings\Charles Gagnon\Cookies\charles_gagnon@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.


Fin du rapport


SDFix: Version 1.66

Run by Charles Gagnon - 2007-02-18 @ 15:38:10,72

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\\Documents and Settings\\Charles Gagnon\\Mes documents\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Charles Gagnon\\Mes documents\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:java"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Charles Gagnon\\Bureau\\eMule0.47c\\emule.exe"="C:\\Documents and Settings\\Charles Gagnon\\Bureau\\eMule0.47c\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\eMule0.47c\\emule.exe"="C:\\Program Files\\eMule\\eMule0.47c\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------



Checking For Files with Hidden Attributes :

C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Benoit\~WRL0018.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Benoit\~WRL1775.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Benoit\~WRL1805.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Benoit\~WRL2347.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Benoit\~WRL3586.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Projet de maŒtrise\~WRL0978.tmp
C:\Documents and Settings\Charles Gagnon\Bureau\Projet de maŒtrise\~WRL2213.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\benoit\~WRL0001.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\benoit\~WRL1118.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\benoit\~WRL2303.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\benoit\~WRL3764.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0001.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0003.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0004.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0033.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0448.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL0823.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL1000.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL1015.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL1413.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL1416.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL2176.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL2337.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\~WRL2541.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\Plan\~WRL1981.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\Plan\~WRL3407.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Septem\Plan\~WRL3468.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Po‚sie\Textes ‚pars et po‚sie 3\~WRL1516.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL0005.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL0323.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL0400.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL0508.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL0986.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL1026.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL2433.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL2620.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL3492.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL3675.tmp
C:\Documents and Settings\Charles Gagnon\Mes documents\Universit‚\Automne 04\~WRL4058.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Add/Remove Programs List:

Commande ECHO d‚sactiv‚e.
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Antidote
AVG Anti-Spyware 7.5
CCleaner (remove only)
SoftV92 Data Fax Modem with SmartCP
Conexant AC-Link Audio
eMule
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885443
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB893086
Lexmark 1200 Series
LiveUpdate 1.90 (Symantec Corporation)
McAfee Anti-Spyware Enterprise Module
Microsoft .NET Framework 1.1
Mozilla Firefox (1.0.7)
Microsoft Compression Client Pack 1.0 for Windows XP
Barre d'outils MSN
Microsoft National Language Support Downlevel APIs
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synaptics Pointing Device Driver
VideoLAN VLC media player 0.8.4a
Lecteur Windows Mediaÿ11
Archiveur WinRAR
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
Yahoo! Toolbar
Yahoo! Install Manager
Sonic Update Manager
Sonic DLA
HP Software Update
iTunes
Photosmart 140,240,7200,7600,7700,7900 Series
McAfee VirusScan Enterprise
QuickTime
LaCie Backup Software v1.5.2215
Java 2 Runtime Environment, SE v1.4.2_03
PSShortcutsP
Intel(R) Extreme Graphics 2 Driver
Microsoft Office Standard Edition 2003
RecordNow!
InterVideo WinDVD
Microsoft .NET Framework 1.1 French Language Pack
Apple Software Update
Adobe Reader 8 - Fran‡ais
Microsoft .NET Framework 1.1
Quick Launch Buttons 5.00 B3
HpSdpAppCoreApp
HP Deskjet Preloaded Printer Drivers

Finished

Logfile of HijackThis v1.99.1
Scan saved at 15:46:41, on 2007-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Charles Gagnon\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Charles,

As-tu lancé AVG Anti-Spyware en mode sans échec ?
Salut Kristopher,
Effectivement, je n'avais pas lancé antivirus avg en mode sans échec, mais bien en mode normal... Je viens de le refaire et voici le rapport:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:20:08 2007-02-19

+ Résultat de l'analyse:



HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Erreur lors du nettoyage.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Nettoyé.
C:\quarantaine\charles_gagnon@247realmedia[1].txt.Vir -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Charles Gagnon\Cookies\charles_gagnon@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyé.
C:\Documents and Settings\Charles Gagnon\Cookies\charles_gagnon@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\quarantaine\charles_gagnon@searchportal.information[1].txt.Vir -> TrackingCookie.Information : Nettoyé.
C:\quarantaine\charles_gagnon@revenue[1].txt.Vir -> TrackingCookie.Revenue : Nettoyé.


Fin du rapport

Je t'envoie les rapports de SDFix et HijackThis dès qu'ils auront été faits!
à plus tard!
Charles
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
Charles,

Si tu comptes lancer SDFix et HijackThis ce n'est pas une bonne idée !

Cette anticipation n'était pas bonne, mais j'approuve quand même ton essaie :)

Maintenant fais ceci :

1/ - Télécharge le logiciel SmitfraudFix crée par S!Ri :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le.

- Ouvre le dossier "SmitfraudFix" qui sera apparu, double clic sur "Smitfraudfix.cmd", choisis l’option 1, un log va être généré…

Copie et colle le rapport sur le forum.

Ensuite

Fais cette manipulation :

- Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode "sans échec".

- Tu relances SmitfraudFix cette fois-ci en choisissant l'option 2 et tu réponds oui à tout.

Colle le nouveau rapport après.

2/ Scanne ton PC avec cet antispyware en ligne :
https://www.trendmicro.com/en_us/forHome/products/housecall.html
Clique sur "I Accept" et patiente un peu…
Ensuite, clique sur "Start Scan"
À la fin du scan "Scan Results" -> "Clean Threats Now"

Dis moi ce qu'il t'as trouvé ;)

a+