Virus "pornographique"
FloKonCamer
Messages postés
66
Statut
Membre
-
garytr51100 Messages postés 73 Statut Membre -
garytr51100 Messages postés 73 Statut Membre -
Bonjour,
En surfant sur internet je me suis pris un virus il y a trois icone pornographique sur mon bureau et plein d'image qui s'affiche pour me dire d'acheter un antivirus mais c'est en anglais je ne sais pas quoi faire.
Merci d'avance
En surfant sur internet je me suis pris un virus il y a trois icone pornographique sur mon bureau et plein d'image qui s'affiche pour me dire d'acheter un antivirus mais c'est en anglais je ne sais pas quoi faire.
Merci d'avance
A voir également:
- Virus "pornographique"
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
32 réponses
spyware doctor ne vaut rien tu t'es fait avoir
lance List_Kill'em comme ca , Avast ne t'embetera pas , il ne detecte rien non plus
lance List_Kill'em comme ca , Avast ne t'embetera pas , il ne detecte rien non plus
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
List'em by g3n-h@ckm@n 1.1.2.1
Thx to Chiquitine29.....
User : Florian (Administrateurs) # PAULINE
Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
Start at: 18:22:48 | 07/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N280 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 72,06 Go (57,1 Go free) | NTFS
D:\ -> Disque fixe local | 72,05 Go (71,96 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 440
C:\WINDOWS\system32\csrss.exe 492
C:\WINDOWS\system32\winlogon.exe 724
C:\WINDOWS\system32\services.exe 768
C:\WINDOWS\system32\lsass.exe 780
C:\WINDOWS\system32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\System32\svchost.exe 1048
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1180
C:\WINDOWS\system32\spoolsv.exe 1432
C:\WINDOWS\system32\svchost.exe 1524
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1556
C:\Program Files\Bonjour\mDNSResponder.exe 1568
C:\Program Files\Java\jre6\bin\jqs.exe 1624
C:\Program Files\Privoxy\privoxy.exe 1664
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1732
C:\WINDOWS\system32\svchost.exe 1876
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 184
C:\WINDOWS\system32\wuauclt.exe 232
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1440
C:\WINDOWS\Explorer.EXE 520
C:\WINDOWS\system32\igfxtray.exe 1700
C:\WINDOWS\system32\hkcmd.exe 1352
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1604
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 1220
C:\Program Files\EeePC\ACPI\AsEPCMon.exe 2056
C:\Program Files\EeePC\ACPI\AsTray.exe 2064
C:\Program Files\Parental Control\bin\pcontrol.exe 2080
C:\WINDOWS\system32\igfxsrvc.exe 2084
C:\Program Files\Java\jre6\bin\jusched.exe 2152
C:\WINDOWS\RTHDCPL.EXE 2184
C:\WINDOWS\system32\igfxext.exe 2232
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\system32\ctfmon.exe 2268
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe 2280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2288
C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe 2464
C:\Program Files\AntiMalware\antimalware.exe 2472
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe 2484
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2492
C:\Documents and Settings\Florian\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2564
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2600
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2656
C:\Program Files\iPod\bin\iPodService.exe 3040
C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe 3272
C:\Program Files\Internet Explorer\iexplore.exe 1256
C:\Program Files\Internet Explorer\iexplore.exe 2032
C:\Program Files\Internet Explorer\iexplore.exe 2992
C:\DOCUME~1\Florian\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe 172
C:\WINDOWS\system32\cmd.exe 164
C:\WINDOWS\system32\wbem\wmiprvse.exe 3096
C:\Documents and Settings\Florian\Local Settings\Temp\A.tmp\pv.exe 3192
======================
Keys "Run"
======================
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
Eee Docking REG_SZ C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
richtx64.exe REG_SZ C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe
AntiMalware REG_SZ "C:\Program Files\AntiMalware\antimalware.exe" -noscan
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SynAsusAcpi REG_SZ C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
AsusACPIServer REG_SZ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor REG_SZ C:\Program Files\EeePC\ACPI\AsEPCMon.exe
AsusTray REG_SZ C:\Program Files\EeePC\ACPI\AsTray.exe
Parental Control REG_SZ "C:\Program Files\Parental Control\bin\pcontrol.exe" --start
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
RTHDCPL REG_SZ RTHDCPL.EXE
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============
===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
@="Skype add-on (mastermind)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
@=""
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
@="Search Helper"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=========================
Environnement variables :
=========================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Florian\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PAULINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Florian
LOGONSERVER=\\PAULINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Parental Control\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 28 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Florian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Florian\LOCALS~1\Temp
USERDOMAIN=PAULINE
USERNAME=Florian
USERPROFILE=C:\Documents and Settings\Florian
windir=C:\WINDOWS
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
72,06 Go total, 57,10 Go libre (79%), 18% fragment‚ (fragmentation du fichier 36%)
Vous devriez d‚fragmenter ce volume.
==========
Programs
==========
Adobe
Aibelive
AntiMalware
Apple Software Update
ASUS
Atheros
Bonjour
ComPlus Applications
Conduit
EeePC
Fichiers communs
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
JRE
LimeWire
Messenger
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN Gaming Zone
Navilog1
NetMeeting
Norton Internet Security
OpenOffice.org 3
Outlook Express
Parental Control
PhotoFiltre
Privoxy
QuickTime
Realtek
Reference Assemblies
Safari
Services en ligne
Shareware.Pro-FR
Skype
Synaptics
Uninstall Information
USB2.0 UVC Camera Device
WIDCOMM
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\AntiMalware
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Toolbar.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\wscsvc32.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiMalware"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "richtx64.exe"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 18:30:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 586F-187E
R‚pertoire de C:\WINDOWS\Prefetch
07/12/2009 18:30 <REP> .
07/12/2009 18:30 <REP> ..
06/12/2009 20:42 43ÿ196 APPLESYNCNOTIFIER.EXE-38620255.pf
07/12/2009 18:20 18ÿ666 ASACPISVR.EXE-05D91BD9.pf
07/12/2009 18:20 7ÿ666 ASEPCMON.EXE-05077BF5.pf
06/12/2009 23:05 16ÿ236 ASTRAY.EXE-31C2AE31.pf
07/12/2009 18:30 38ÿ448 CATCHME.EXE-0561D897.pf
06/12/2009 18:19 61ÿ652 CATCHME.EXE-24C1ADF3.pf
13/05/2010 09:02 27ÿ296 CMD.EXE-087B4001.pf
06/12/2009 18:58 21ÿ752 CONTROL.EXE-013DBFB5.pf
07/12/2009 18:22 66ÿ860 CSCRIPT.EXE-1C26180C.pf
07/12/2009 18:23 58ÿ372 DEFRAG.EXE-273F131E.pf
07/12/2009 18:23 54ÿ608 DFRGNTFS.EXE-269967DF.pf
06/12/2009 17:51 33ÿ544 DUMPREP.EXE-1B46F901.pf
06/12/2009 17:51 26ÿ742 DWWIN.EXE-30875ADC.pf
05/12/2009 12:13 43ÿ128 EEEPC_~1.SCR-26B991EB.pf
07/12/2009 18:19 113ÿ408 EXPLORER.EXE-082F38A9.pf
07/12/2009 18:20 13ÿ910 HKCMD.EXE-1D05234B.pf
07/12/2009 19:01 115ÿ726 IEXPLORE.EXE-27122324.pf
07/12/2009 18:20 10ÿ670 IGFXEXT.EXE-20973E2B.pf
07/12/2009 18:20 11ÿ964 IGFXPERS.EXE-2C07C174.pf
07/12/2009 18:20 11ÿ606 IGFXSRVC.EXE-2FB63FE8.pf
07/12/2009 18:20 14ÿ136 IGFXTRAY.EXE-3391579A.pf
06/12/2009 18:27 25ÿ154 IPCONFIG.EXE-2395F30B.pf
07/12/2009 18:20 28ÿ248 IPODSERVICE.EXE-3192DE38.pf
06/12/2009 17:51 62ÿ042 ITUNES.EXE-1A268432.pf
06/12/2009 20:42 29ÿ626 ITUNESHELPER.EXE-15823303.pf
07/12/2009 18:24 7ÿ766 JAVA.EXE-0C263507.pf
06/12/2009 23:10 73ÿ600 JAVAW.EXE-2DC32ABC.pf
06/12/2009 23:10 12ÿ534 JAVAWS.EXE-021AC9A9.pf
07/12/2009 18:25 38ÿ966 JUCHECK.EXE-395165C8.pf
06/12/2009 20:39 11ÿ338 JUSCHED.EXE-25206883.pf
04/12/2009 18:22 5ÿ096 KILL_P.EXE-15C7A895.pf
06/12/2009 19:47 291ÿ936 Layout.ini
06/12/2009 18:24 67ÿ938 LIMEWIRE.EXE-1944953E.pf
07/12/2009 18:22 64ÿ986 LIST_KILL'EM.EXE-02C27B3D.pf
06/12/2009 19:42 6ÿ496 LOGON.SCR-151EFAEA.pf
06/12/2009 23:04 68ÿ102 LOGONUI.EXE-0AF22957.pf
07/12/2009 18:22 5ÿ974 MODE.COM-31685BAE.pf
07/12/2009 18:20 19ÿ926 MOFCOMP.EXE-01718E95.pf
06/12/2009 20:59 14ÿ724 MSFEEDSSYNC.EXE-25E13438.pf
13/05/2010 09:02 95ÿ030 MSIEXEC.EXE-2F8A8CAE.pf
06/12/2009 18:36 61ÿ220 MSIMN.EXE-38BA891D.pf
06/12/2009 20:42 73ÿ736 MSNMSGR.EXE-030AB647.pf
07/12/2009 18:20 30ÿ048 NET.EXE-01A53C2F.pf
07/12/2009 18:20 14ÿ368 NET1.EXE-029B9DB4.pf
13/05/2009 17:31 1ÿ296ÿ338 NTOSBOOT-B00DFAAD.pf
06/12/2009 20:39 30ÿ360 PCONTROL.EXE-21614661.pf
07/12/2009 18:22 31ÿ848 PV.EXE-0ACB933C.pf
06/12/2009 18:12 26ÿ728 PV.EXE-15A9B682.pf
06/12/2009 20:42 8ÿ414 QTTASK.EXE-342507FB.pf
06/12/2009 20:42 10ÿ250 QUICKSTART.EXE-24C38DA1.pf
06/12/2009 18:18 11ÿ732 REG.EXE-13E89F87.pf
07/12/2009 18:28 12ÿ944 REG.EXE-1D453D64.pf
13/05/2010 08:52 40ÿ966 REGSVR32.EXE-25EEFE2F.pf
06/12/2009 20:39 19ÿ868 RTHDCPL.EXE-06918CFA.pf
05/12/2009 23:02 20ÿ234 RUNDLL32.EXE-188DF14E.pf
06/12/2009 18:57 23ÿ706 RUNDLL32.EXE-36511071.pf
06/12/2009 21:49 29ÿ274 RUNDLL32.EXE-39430139.pf
06/12/2009 20:42 48ÿ816 RUNDLL32.EXE-3A5DC29B.pf
06/12/2009 20:47 12ÿ428 RUNDLL32.EXE-451FC2C0.pf
06/12/2009 19:32 17ÿ874 SAFE.EXE-077582D2.pf
06/12/2009 23:05 16ÿ182 SHAREWARE.PRO-FRTOOLBARHELPER-20B9C6BF.pf
06/12/2009 21:50 61ÿ676 SKYPE.EXE-30AE1A60.pf
06/12/2009 21:51 64ÿ328 SKYPEPM.EXE-2BC7DD5C.pf
06/12/2009 21:52 16ÿ524 SNDVOL32.EXE-383480B7.pf
06/12/2009 20:42 14ÿ326 SUPERHYBRIDENGINE.EXE-1BBA4EAB.pf
07/12/2009 18:19 10ÿ084 SYNASUSACPI.EXE-29F9DAAB.pf
07/12/2009 18:20 16ÿ278 SYNTPENH.EXE-315D3ABC.pf
12/05/2010 22:20 4ÿ706 TZCHANGE.EXE-0A986A7D.pf
12/05/2010 22:16 4ÿ476 TZCHANGE.EXE-0EAEB214.pf
12/05/2010 22:17 4ÿ694 TZCHANGE.EXE-38BF062A.pf
07/12/2009 18:19 32ÿ684 USERINIT.EXE-30B18140.pf
13/05/2010 09:05 21ÿ800 VERCLSID.EXE-3667BD89.pf
07/12/2009 18:19 49ÿ988 WGATRAY.EXE-0ED38BED.pf
05/12/2009 22:51 64ÿ322 WIAACMGR.EXE-212ED878.pf
06/12/2009 21:25 73ÿ024 WLCOMM.EXE-04AE9009.pf
06/12/2009 23:05 55ÿ912 WLTUSER.EXE-05A5B196.pf
06/12/2009 20:50 95ÿ214 WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf
07/12/2009 18:26 16ÿ160 WMIADAP.EXE-2DF425B2.pf
13/05/2010 09:08 29ÿ432 WMIPRVSE.EXE-28F301A9.pf
07/12/2009 18:20 60ÿ056 WSCSVC32.EXE-019274D9.pf
06/12/2009 21:12 18ÿ562 XPNETDIAG.EXE-1275668B.pf
06/12/2009 23:05 14ÿ246 YTBB.EXE-36089050.pf
82 fichier(s) 4ÿ304ÿ894 octets
2 R‚p(s) 61ÿ306ÿ716ÿ160 octets libres
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thx to Chiquitine29.....
User : Florian (Administrateurs) # PAULINE
Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
Start at: 18:22:48 | 07/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N280 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 72,06 Go (57,1 Go free) | NTFS
D:\ -> Disque fixe local | 72,05 Go (71,96 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 440
C:\WINDOWS\system32\csrss.exe 492
C:\WINDOWS\system32\winlogon.exe 724
C:\WINDOWS\system32\services.exe 768
C:\WINDOWS\system32\lsass.exe 780
C:\WINDOWS\system32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\System32\svchost.exe 1048
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1180
C:\WINDOWS\system32\spoolsv.exe 1432
C:\WINDOWS\system32\svchost.exe 1524
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1556
C:\Program Files\Bonjour\mDNSResponder.exe 1568
C:\Program Files\Java\jre6\bin\jqs.exe 1624
C:\Program Files\Privoxy\privoxy.exe 1664
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1732
C:\WINDOWS\system32\svchost.exe 1876
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 184
C:\WINDOWS\system32\wuauclt.exe 232
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1440
C:\WINDOWS\Explorer.EXE 520
C:\WINDOWS\system32\igfxtray.exe 1700
C:\WINDOWS\system32\hkcmd.exe 1352
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1604
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 1220
C:\Program Files\EeePC\ACPI\AsEPCMon.exe 2056
C:\Program Files\EeePC\ACPI\AsTray.exe 2064
C:\Program Files\Parental Control\bin\pcontrol.exe 2080
C:\WINDOWS\system32\igfxsrvc.exe 2084
C:\Program Files\Java\jre6\bin\jusched.exe 2152
C:\WINDOWS\RTHDCPL.EXE 2184
C:\WINDOWS\system32\igfxext.exe 2232
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\system32\ctfmon.exe 2268
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe 2280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2288
C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe 2464
C:\Program Files\AntiMalware\antimalware.exe 2472
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe 2484
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2492
C:\Documents and Settings\Florian\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2564
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2600
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2656
C:\Program Files\iPod\bin\iPodService.exe 3040
C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe 3272
C:\Program Files\Internet Explorer\iexplore.exe 1256
C:\Program Files\Internet Explorer\iexplore.exe 2032
C:\Program Files\Internet Explorer\iexplore.exe 2992
C:\DOCUME~1\Florian\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe 172
C:\WINDOWS\system32\cmd.exe 164
C:\WINDOWS\system32\wbem\wmiprvse.exe 3096
C:\Documents and Settings\Florian\Local Settings\Temp\A.tmp\pv.exe 3192
======================
Keys "Run"
======================
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
Eee Docking REG_SZ C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
richtx64.exe REG_SZ C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe
AntiMalware REG_SZ "C:\Program Files\AntiMalware\antimalware.exe" -noscan
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SynAsusAcpi REG_SZ C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
AsusACPIServer REG_SZ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor REG_SZ C:\Program Files\EeePC\ACPI\AsEPCMon.exe
AsusTray REG_SZ C:\Program Files\EeePC\ACPI\AsTray.exe
Parental Control REG_SZ "C:\Program Files\Parental Control\bin\pcontrol.exe" --start
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
RTHDCPL REG_SZ RTHDCPL.EXE
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============
===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
@="Skype add-on (mastermind)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
@=""
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
@="Search Helper"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=========================
Environnement variables :
=========================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Florian\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PAULINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Florian
LOGONSERVER=\\PAULINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Parental Control\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 28 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Florian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Florian\LOCALS~1\Temp
USERDOMAIN=PAULINE
USERNAME=Florian
USERPROFILE=C:\Documents and Settings\Florian
windir=C:\WINDOWS
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
72,06 Go total, 57,10 Go libre (79%), 18% fragment‚ (fragmentation du fichier 36%)
Vous devriez d‚fragmenter ce volume.
==========
Programs
==========
Adobe
Aibelive
AntiMalware
Apple Software Update
ASUS
Atheros
Bonjour
ComPlus Applications
Conduit
EeePC
Fichiers communs
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
JRE
LimeWire
Messenger
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN Gaming Zone
Navilog1
NetMeeting
Norton Internet Security
OpenOffice.org 3
Outlook Express
Parental Control
PhotoFiltre
Privoxy
QuickTime
Realtek
Reference Assemblies
Safari
Services en ligne
Shareware.Pro-FR
Skype
Synaptics
Uninstall Information
USB2.0 UVC Camera Device
WIDCOMM
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\AntiMalware
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Toolbar.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\wscsvc32.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiMalware"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "richtx64.exe"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 18:30:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 586F-187E
R‚pertoire de C:\WINDOWS\Prefetch
07/12/2009 18:30 <REP> .
07/12/2009 18:30 <REP> ..
06/12/2009 20:42 43ÿ196 APPLESYNCNOTIFIER.EXE-38620255.pf
07/12/2009 18:20 18ÿ666 ASACPISVR.EXE-05D91BD9.pf
07/12/2009 18:20 7ÿ666 ASEPCMON.EXE-05077BF5.pf
06/12/2009 23:05 16ÿ236 ASTRAY.EXE-31C2AE31.pf
07/12/2009 18:30 38ÿ448 CATCHME.EXE-0561D897.pf
06/12/2009 18:19 61ÿ652 CATCHME.EXE-24C1ADF3.pf
13/05/2010 09:02 27ÿ296 CMD.EXE-087B4001.pf
06/12/2009 18:58 21ÿ752 CONTROL.EXE-013DBFB5.pf
07/12/2009 18:22 66ÿ860 CSCRIPT.EXE-1C26180C.pf
07/12/2009 18:23 58ÿ372 DEFRAG.EXE-273F131E.pf
07/12/2009 18:23 54ÿ608 DFRGNTFS.EXE-269967DF.pf
06/12/2009 17:51 33ÿ544 DUMPREP.EXE-1B46F901.pf
06/12/2009 17:51 26ÿ742 DWWIN.EXE-30875ADC.pf
05/12/2009 12:13 43ÿ128 EEEPC_~1.SCR-26B991EB.pf
07/12/2009 18:19 113ÿ408 EXPLORER.EXE-082F38A9.pf
07/12/2009 18:20 13ÿ910 HKCMD.EXE-1D05234B.pf
07/12/2009 19:01 115ÿ726 IEXPLORE.EXE-27122324.pf
07/12/2009 18:20 10ÿ670 IGFXEXT.EXE-20973E2B.pf
07/12/2009 18:20 11ÿ964 IGFXPERS.EXE-2C07C174.pf
07/12/2009 18:20 11ÿ606 IGFXSRVC.EXE-2FB63FE8.pf
07/12/2009 18:20 14ÿ136 IGFXTRAY.EXE-3391579A.pf
06/12/2009 18:27 25ÿ154 IPCONFIG.EXE-2395F30B.pf
07/12/2009 18:20 28ÿ248 IPODSERVICE.EXE-3192DE38.pf
06/12/2009 17:51 62ÿ042 ITUNES.EXE-1A268432.pf
06/12/2009 20:42 29ÿ626 ITUNESHELPER.EXE-15823303.pf
07/12/2009 18:24 7ÿ766 JAVA.EXE-0C263507.pf
06/12/2009 23:10 73ÿ600 JAVAW.EXE-2DC32ABC.pf
06/12/2009 23:10 12ÿ534 JAVAWS.EXE-021AC9A9.pf
07/12/2009 18:25 38ÿ966 JUCHECK.EXE-395165C8.pf
06/12/2009 20:39 11ÿ338 JUSCHED.EXE-25206883.pf
04/12/2009 18:22 5ÿ096 KILL_P.EXE-15C7A895.pf
06/12/2009 19:47 291ÿ936 Layout.ini
06/12/2009 18:24 67ÿ938 LIMEWIRE.EXE-1944953E.pf
07/12/2009 18:22 64ÿ986 LIST_KILL'EM.EXE-02C27B3D.pf
06/12/2009 19:42 6ÿ496 LOGON.SCR-151EFAEA.pf
06/12/2009 23:04 68ÿ102 LOGONUI.EXE-0AF22957.pf
07/12/2009 18:22 5ÿ974 MODE.COM-31685BAE.pf
07/12/2009 18:20 19ÿ926 MOFCOMP.EXE-01718E95.pf
06/12/2009 20:59 14ÿ724 MSFEEDSSYNC.EXE-25E13438.pf
13/05/2010 09:02 95ÿ030 MSIEXEC.EXE-2F8A8CAE.pf
06/12/2009 18:36 61ÿ220 MSIMN.EXE-38BA891D.pf
06/12/2009 20:42 73ÿ736 MSNMSGR.EXE-030AB647.pf
07/12/2009 18:20 30ÿ048 NET.EXE-01A53C2F.pf
07/12/2009 18:20 14ÿ368 NET1.EXE-029B9DB4.pf
13/05/2009 17:31 1ÿ296ÿ338 NTOSBOOT-B00DFAAD.pf
06/12/2009 20:39 30ÿ360 PCONTROL.EXE-21614661.pf
07/12/2009 18:22 31ÿ848 PV.EXE-0ACB933C.pf
06/12/2009 18:12 26ÿ728 PV.EXE-15A9B682.pf
06/12/2009 20:42 8ÿ414 QTTASK.EXE-342507FB.pf
06/12/2009 20:42 10ÿ250 QUICKSTART.EXE-24C38DA1.pf
06/12/2009 18:18 11ÿ732 REG.EXE-13E89F87.pf
07/12/2009 18:28 12ÿ944 REG.EXE-1D453D64.pf
13/05/2010 08:52 40ÿ966 REGSVR32.EXE-25EEFE2F.pf
06/12/2009 20:39 19ÿ868 RTHDCPL.EXE-06918CFA.pf
05/12/2009 23:02 20ÿ234 RUNDLL32.EXE-188DF14E.pf
06/12/2009 18:57 23ÿ706 RUNDLL32.EXE-36511071.pf
06/12/2009 21:49 29ÿ274 RUNDLL32.EXE-39430139.pf
06/12/2009 20:42 48ÿ816 RUNDLL32.EXE-3A5DC29B.pf
06/12/2009 20:47 12ÿ428 RUNDLL32.EXE-451FC2C0.pf
06/12/2009 19:32 17ÿ874 SAFE.EXE-077582D2.pf
06/12/2009 23:05 16ÿ182 SHAREWARE.PRO-FRTOOLBARHELPER-20B9C6BF.pf
06/12/2009 21:50 61ÿ676 SKYPE.EXE-30AE1A60.pf
06/12/2009 21:51 64ÿ328 SKYPEPM.EXE-2BC7DD5C.pf
06/12/2009 21:52 16ÿ524 SNDVOL32.EXE-383480B7.pf
06/12/2009 20:42 14ÿ326 SUPERHYBRIDENGINE.EXE-1BBA4EAB.pf
07/12/2009 18:19 10ÿ084 SYNASUSACPI.EXE-29F9DAAB.pf
07/12/2009 18:20 16ÿ278 SYNTPENH.EXE-315D3ABC.pf
12/05/2010 22:20 4ÿ706 TZCHANGE.EXE-0A986A7D.pf
12/05/2010 22:16 4ÿ476 TZCHANGE.EXE-0EAEB214.pf
12/05/2010 22:17 4ÿ694 TZCHANGE.EXE-38BF062A.pf
07/12/2009 18:19 32ÿ684 USERINIT.EXE-30B18140.pf
13/05/2010 09:05 21ÿ800 VERCLSID.EXE-3667BD89.pf
07/12/2009 18:19 49ÿ988 WGATRAY.EXE-0ED38BED.pf
05/12/2009 22:51 64ÿ322 WIAACMGR.EXE-212ED878.pf
06/12/2009 21:25 73ÿ024 WLCOMM.EXE-04AE9009.pf
06/12/2009 23:05 55ÿ912 WLTUSER.EXE-05A5B196.pf
06/12/2009 20:50 95ÿ214 WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf
07/12/2009 18:26 16ÿ160 WMIADAP.EXE-2DF425B2.pf
13/05/2010 09:08 29ÿ432 WMIPRVSE.EXE-28F301A9.pf
07/12/2009 18:20 60ÿ056 WSCSVC32.EXE-019274D9.pf
06/12/2009 21:12 18ÿ562 XPNETDIAG.EXE-1275668B.pf
06/12/2009 23:05 14ÿ246 YTBB.EXE-36089050.pf
82 fichier(s) 4ÿ304ÿ894 octets
2 R‚p(s) 61ÿ306ÿ716ÿ160 octets libres
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.1.2.1
User : Florian (Administrateurs) # PAULINE
Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
Start at: 19:23:59 | 07/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N280 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 72,06 Go (57,09 Go free) | NTFS
D:\ -> Disque fixe local | 72,05 Go (71,96 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 440
C:\WINDOWS\system32\csrss.exe 492
C:\WINDOWS\system32\winlogon.exe 724
C:\WINDOWS\system32\services.exe 768
C:\WINDOWS\system32\lsass.exe 780
C:\WINDOWS\system32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\System32\svchost.exe 1048
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1180
C:\WINDOWS\system32\spoolsv.exe 1432
C:\WINDOWS\system32\svchost.exe 1524
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1556
C:\Program Files\Bonjour\mDNSResponder.exe 1568
C:\Program Files\Java\jre6\bin\jqs.exe 1624
C:\Program Files\Privoxy\privoxy.exe 1664
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1732
C:\WINDOWS\system32\svchost.exe 1876
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 184
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1440
C:\WINDOWS\Explorer.EXE 520
C:\WINDOWS\system32\igfxtray.exe 1700
C:\WINDOWS\system32\hkcmd.exe 1352
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1604
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 1220
C:\Program Files\EeePC\ACPI\AsEPCMon.exe 2056
C:\Program Files\EeePC\ACPI\AsTray.exe 2064
C:\Program Files\Parental Control\bin\pcontrol.exe 2080
C:\WINDOWS\system32\igfxsrvc.exe 2084
C:\Program Files\Java\jre6\bin\jusched.exe 2152
C:\WINDOWS\RTHDCPL.EXE 2184
C:\WINDOWS\system32\igfxext.exe 2232
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\system32\ctfmon.exe 2268
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe 2280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2288
C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe 2464
C:\Program Files\AntiMalware\antimalware.exe 2472
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe 2484
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2492
C:\Documents and Settings\Florian\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2564
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2600
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2656
C:\Program Files\iPod\bin\iPodService.exe 3040
C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe 3272
C:\Program Files\Internet Explorer\iexplore.exe 1256
C:\Program Files\Internet Explorer\iexplore.exe 2032
C:\Program Files\Java\jre6\bin\jucheck.exe 472
C:\Program Files\Internet Explorer\iexplore.exe 2912
C:\DOCUME~1\Florian\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem[1].zip\List_Kill'em.exe 3544
C:\WINDOWS\system32\cmd.exe 2100
C:\WINDOWS\system32\wbem\wmiprvse.exe 3608
C:\Documents and Settings\Florian\Local Settings\Temp\D.tmp\pv.exe 2832
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\AntiMalware"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Toolbar.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\wscsvc32.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AntiMalware.Kill'em
hosts.msn.Kill'em
Installer.exe.Kill'em
richtx64.exe.Kill'em
Toolbar.exe.Kill'em
wscsvc32.exe.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiMalware
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
============
Disk Cleaned
============
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch
Layout.ini
NTOSBOOT-B00DFAAD.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Florian (Administrateurs) # PAULINE
Update on 07/12/2009 by g3n-h@ckm@n ::::: 11:00
Start at: 19:23:59 | 07/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N280 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 72,06 Go (57,09 Go free) | NTFS
D:\ -> Disque fixe local | 72,05 Go (71,96 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 440
C:\WINDOWS\system32\csrss.exe 492
C:\WINDOWS\system32\winlogon.exe 724
C:\WINDOWS\system32\services.exe 768
C:\WINDOWS\system32\lsass.exe 780
C:\WINDOWS\system32\svchost.exe 944
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\System32\svchost.exe 1048
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\svchost.exe 1180
C:\WINDOWS\system32\spoolsv.exe 1432
C:\WINDOWS\system32\svchost.exe 1524
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1556
C:\Program Files\Bonjour\mDNSResponder.exe 1568
C:\Program Files\Java\jre6\bin\jqs.exe 1624
C:\Program Files\Privoxy\privoxy.exe 1664
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1732
C:\WINDOWS\system32\svchost.exe 1876
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 184
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1440
C:\WINDOWS\Explorer.EXE 520
C:\WINDOWS\system32\igfxtray.exe 1700
C:\WINDOWS\system32\hkcmd.exe 1352
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1604
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 1220
C:\Program Files\EeePC\ACPI\AsEPCMon.exe 2056
C:\Program Files\EeePC\ACPI\AsTray.exe 2064
C:\Program Files\Parental Control\bin\pcontrol.exe 2080
C:\WINDOWS\system32\igfxsrvc.exe 2084
C:\Program Files\Java\jre6\bin\jusched.exe 2152
C:\WINDOWS\RTHDCPL.EXE 2184
C:\WINDOWS\system32\igfxext.exe 2232
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\system32\ctfmon.exe 2268
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe 2280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2288
C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe 2464
C:\Program Files\AntiMalware\antimalware.exe 2472
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe 2484
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2492
C:\Documents and Settings\Florian\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2564
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2600
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2656
C:\Program Files\iPod\bin\iPodService.exe 3040
C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe 3272
C:\Program Files\Internet Explorer\iexplore.exe 1256
C:\Program Files\Internet Explorer\iexplore.exe 2032
C:\Program Files\Java\jre6\bin\jucheck.exe 472
C:\Program Files\Internet Explorer\iexplore.exe 2912
C:\DOCUME~1\Florian\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem[1].zip\List_Kill'em.exe 3544
C:\WINDOWS\system32\cmd.exe 2100
C:\WINDOWS\system32\wbem\wmiprvse.exe 3608
C:\Documents and Settings\Florian\Local Settings\Temp\D.tmp\pv.exe 2832
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\AntiMalware"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Installer.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\richtx64.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\Toolbar.exe
C:\Documents and Settings\Florian\LOCAL Settings\Temp\wscsvc32.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AntiMalware.Kill'em
hosts.msn.Kill'em
Installer.exe.Kill'em
richtx64.exe.Kill'em
Toolbar.exe.Kill'em
wscsvc32.exe.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiMalware
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
============
Disk Cleaned
============
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch
Layout.ini
NTOSBOOT-B00DFAAD.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
bien....refais OTL comme precedement demandé ici stp :
https://forums.commentcamarche.net/forum/affich-15469780-virus-pornographique?entiere#1
https://forums.commentcamarche.net/forum/affich-15469780-virus-pornographique?entiere#1
http://www.cijoint.fr/cjlink.php?file=cj200912/cijh0RHsEp.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijh0RHsEp.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijh0RHsEp.txt
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
PRC - File not found -- C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\AntiMalware\antimalware.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Shareware.Pro-FR Toolbar) - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Shareware.Pro-FR Toolbar) - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2074249512-3950026099-39945173-1006\..\Toolbar\WebBrowser: (Shareware.Pro-FR Toolbar) - {280B5D37-4A76-467A-B3D6-942FCA90ACDE} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"QuickTime Task"=-
"RTHDCPL"=-
:files
C:\Kill'em
C:\Documents and Settings\Florian\Bureau\List_Killem.zip
C:\Documents and Settings\All Users\Bureau\AntiMalware Support.lnk
C:\Documents and Settings\All Users\Bureau\AntiMalware.lnk
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
PRC - File not found -- C:\DOCUME~1\Florian\LOCALS~1\Temp\wscsvc32.exe
PRC - File not found -- C:\DOCUME~1\Florian\LOCALS~1\Temp\richtx64.exe
PRC - File not found -- C:\Program Files\AntiMalware\antimalware.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Shareware.Pro-FR Toolbar) - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Shareware.Pro-FR Toolbar) - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2074249512-3950026099-39945173-1006\..\Toolbar\WebBrowser: (Shareware.Pro-FR Toolbar) - {280B5D37-4A76-467A-B3D6-942FCA90ACDE} - C:\Program Files\Shareware.Pro-FR\tbSha0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"QuickTime Task"=-
"RTHDCPL"=-
:files
C:\Kill'em
C:\Documents and Settings\Florian\Bureau\List_Killem.zip
C:\Documents and Settings\All Users\Bureau\AntiMalware Support.lnk
C:\Documents and Settings\All Users\Bureau\AntiMalware.lnk
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
je pense que c est le meme virus que moi et j ai eu la meme chose
d ailleur merci gen-hackman d etre passé sur mon post
lien du post: https://forums.commentcamarche.net/forum/affich-15504603-infecte-virus-trojan-que-faire-svp
d ailleur merci gen-hackman d etre passé sur mon post
lien du post: https://forums.commentcamarche.net/forum/affich-15504603-infecte-virus-trojan-que-faire-svp
