infections recalcitrantresFermé

Question

Bonjour,


voilà, j'ai un petit problème, j'ai réussi a nettoyé mon PC mais certaines infections sont toujours là!!!
Donc si quelqu'un peut m'aider a m'en débarrasser??? 

Please!

voilà différents rapports obtenus avec Hijack et winpatrol, si çà peut aider!!! merci d'avance.



Log created by WinPatrol version 12.2.2007.0:12.2.2007.0
Scan saved at  5:38:29 PM, on  8/27/2008
Platform: Windows XP SP2 Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\PC TOOLS FIREWALL PLUS\FWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\PC TOOLS ANTIVIRUS\PCTAVSvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\Program Files\Returnil\Rvsystem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
O2 - BHO: opnmNGXQ - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\opnmNGXQ.dll
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Rvsystem]C:\Program Files\Returnil\Rvsystem.exe
O11 - Options group: []  - 
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\CCS: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Apple Mobile Device -  - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Accès du périphérique d'interface utilisateur -  - C:\WINDOWS\System32\hidserv.dll
O23 - Service: Service de l'iPod - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Firewall Plus - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: TuneUp Drive Defrag Service - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp Extension de thème - TuneUp Software GmbH - C:\WINDOWS\system32\uxtuneup.dll
O24 -  Desktop Component 0: Ma page d'accueil - About:Home

---  Additional WinPatrol Info  ---
Default Browser: Firefox - Firefox version 3.0.1
MSIE: Internet Explorer (7.00.5730.13)
Firefox 3.0.1 installed in C:\Program Files\Mozilla Firefox.
0 IE Cookies in Folder: C:\Documents and Settings\david\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\david\Application Data\Mozilla\FireFox\Profiles\1audsj05.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\isRS-000.tmp
WP01 - HKLM\CS2: PendingFileRenameOperations = \??\C:\DOCUME~1\david\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [Maintenance en 1 clic.job]C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe 08/27/2008  5:17 PM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\Bootfont.bin
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:
tldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\DKTwvyxx.ini
WP32 - Hidden File: C:\WINDOWS\system32\DKTwvyxx.ini2
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32
cpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32
wc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\david\Local Settings\Temp\etilqs_WjQteyrDhUkzcCOd743k

WP33 - File Type .AVI: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .BAT: [Fichier de commande MS-DOS]%1 %*
WP33 - File Type .CAB: [Fichier CAB]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Catalogue de sécurité]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Fichier HTML compilé]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [Application MS-DOS]%1 %*
WP33 - File Type .CMD: [Script de commande Windows NT]%1 %*
WP33 - File Type .DOC: [Document Microsoft Office Word 97 - 2003]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Informations de configuration]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [Fichier script JScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Document texte]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Élément Outlook]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: [Son au format MP3]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Raccourci pour le programme MS-DOS]%1 %*
WP33 - File Type .RAM: [Media Player Classic]C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Écran de veille]%1 /S
WP33 - File Type .TXT: [Document texte]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Raccourci Internet]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [Fichier script VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [Fichier script crypté VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Fichier script Windows]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Fichier de configuration de l'environnement d'exécution de scripts Windows]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Feuille Microsoft Office Excel 97-2003]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 52%
Physical Memory Free: 246,944 KB
Paging File Free: 1,230,368 KB
Virtual Memory Free: 2,055,528 KB

totobetourne · Answer

bon jour .

bienvenue sur commentcamarche(ccm).
on peut vous demander de telecharger divers outils pour vous desinfecter mais parfois il ne reconnaisse pas toute l infection.
c est pour cela qu il faut mieux nous attendre pour vous dire si c est ok.

aussi une infection peut en cacher une autre.

apres il y aura le stade ou il faudra mieux se securiser et on creera moin d attente vu le nombre de possesseurs d ordinateur croissant.

totobetourne · Answer

Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm 
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

Infections recalcitrantres

2 réponses

Discussions similaires

Newsletters