Bonjour,
voilà, j'ai un petit problème, j'ai réussi a nettoyé mon PC mais certaines infections sont toujours là!!!
Donc si quelqu'un peut m'aider a m'en débarrasser???
Please!
voilà différents rapports obtenus avec Hijack et winpatrol, si çà peut aider!!! merci d'avance.
Log created by WinPatrol version 12.2.2007.0:12.2.2007.0
Scan saved at 5:38:29 PM, on 8/27/2008
Platform: Windows XP SP2 Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\PC TOOLS FIREWALL PLUS\FWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\PC TOOLS ANTIVIRUS\PCTAVSvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\Program Files\Returnil\Rvsystem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/
O2 - BHO: opnmNGXQ - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\opnmNGXQ.dll
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Rvsystem]C:\Program Files\Returnil\Rvsystem.exe
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\CCS: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Apple Mobile Device - - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Accès du périphérique d'interface utilisateur - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: Service de l'iPod - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Firewall Plus - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: TuneUp Drive Defrag Service - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp Extension de thème - TuneUp Software GmbH - C:\WINDOWS\system32\uxtuneup.dll
O24 - Desktop Component 0: Ma page d'accueil - About:Home
--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 3.0.1
MSIE: Internet Explorer (7.00.5730.13)
Firefox 3.0.1 installed in C:\Program Files\Mozilla Firefox.
0 IE Cookies in Folder: C:\Documents and Settings\david\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\david\Application Data\Mozilla\FireFox\Profiles\1audsj05.default
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\isRS-000.tmp
WP01 - HKLM\CS2: PendingFileRenameOperations = \??\C:\DOCUME~1\david\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe
WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default =
http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www =
http://
WP31 - Scheduled Tasks: [Maintenance en 1 clic.job]C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe 08/27/2008 5:17 PM
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\Bootfont.bin
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\DKTwvyxx.ini
WP32 - Hidden File: C:\WINDOWS\system32\DKTwvyxx.ini2
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\david\Local Settings\Temp\etilqs_WjQteyrDhUkzcCOd743k
WP33 - File Type .AVI: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .BAT: [Fichier de commande MS-DOS]%1 %*
WP33 - File Type .CAB: [Fichier CAB]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Catalogue de sécurité]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Fichier HTML compilé]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [Application MS-DOS]%1 %*
WP33 - File Type .CMD: [Script de commande Windows NT]%1 %*
WP33 - File Type .DOC: [Document Microsoft Office Word 97 - 2003]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Informations de configuration]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [Fichier script JScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Document texte]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Élément Outlook]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: [Winamp media file]C:\Program Files\Winamp\winamp.exe %1
WP33 - File Type .MP3: [Son au format MP3]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Raccourci pour le programme MS-DOS]%1 %*
WP33 - File Type .RAM: [Media Player Classic]C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Écran de veille]%1 /S
WP33 - File Type .TXT: [Document texte]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Raccourci Internet]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [Fichier script VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [Fichier script crypté VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Fichier script Windows]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Fichier de configuration de l'environnement d'exécution de scripts Windows]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Feuille Microsoft Office Excel 97-2003]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e
Memory currently in use: 52%
Physical Memory Free: 246,944 KB
Paging File Free: 1,230,368 KB
Virtual Memory Free: 2,055,528 KB
Afficher la suite