A voir également:
- Virus personal security
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Message virus iphone site adulte - Forum iPhone
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Operagxsetup virus ✓ - Forum Virus
20 févr. 2010 à 15:16
List'em by g3n-h@ckm@n 1.2.5.3
User : Laurent (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 13:53:55 | 20/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 224,88 Go (48,74 Go free) | NTFS
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\sYSteM32\SvchOst.eXE
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBGE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\pp14.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerFault.exe
C:\Users\Laurent\AppData\Local\Temp\D1E5.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
EPSON Stylus D78 Series REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S2DD4.tmp" /EF "HKCU"
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
soft2PC REG_SZ "C:\Program Files\Soft2PC\soft2pc.exe"
sysldtray REG_SZ C:\Windows\ld16.exe
Captcha7 REG_SZ rundll "C:\Program Files\captcha.dll",captcha
pp REG_SZ C:\Windows\pp14.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Helper REG_SZ C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe -runonce
SoftwareHelper REG_SZ C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C73FD00D-A099-405C-92B4-8997710D187D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://y.lo.st
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x4 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Laurent\AppData\Local\Temp\D1E5.tmp
## C:\> hashdeep C:\Windows\System32\Drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\Drivers\atapi.sys
Sources
=======
C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\AskBarDis
Present !! : C:\Program Files\EoRezo
Present !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\Windows\System32\win32extension.dll"
Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266535907.exe
Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266628575.exe
Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266670058.exe
Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266681087.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pp
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysldtray
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKCR\EoRezoBHO.EoBho
Present !! : HKCR\EoRezoBHO.EoBho.1
Present !! : HKCU\Software\AppDataLow\AskBarDis
Present !! : HKCU\SOFTWARE\EoRezo
Present !! : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
Present !! : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1
Present !! : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Present !! : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
Present !! : HKLM\SOFTWARE\EoRezo
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Present !! : HKLM\System\CurrentControlSet\Servises
============
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe >>UNKNOWN [0x858C64FA]<<
kernel: MBR read successfully
==========
Programs
==========
Adobe
Apple Software Update
AskBarDis
Bonjour
captcha.dll
Common Files
ConvertHelper
desktop.ini
EoRezo
EPSON
Fichiers communs
Internet Explorer
iPod
Ipod Video Converter
iTunes
Java
JRE
LimeWire
List_Kill'em
Logitech
ma-config.com
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Movie Maker
Mozilla Firefox
MSBuild
OpenOffice.org 3
PersSecurity
PhotoFiltre
Polar
QuickTime
Reference Assemblies
Soft2PC
Uninstall Information
uTorrent
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
============
Drive C:
============
$Recycle.Bin
autoexec.bat
Boot
bootmgr
BOOTSECT.BAK
config.sys
Documents and Settings
Downloads
fb_reg20100216.log
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
pagefile.sys
PerfLogs
Program Files
ProgramData
Sauvegarde
SCATLAWS
System Volume Information
Users
Windows
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 14:14:02,55
20 févr. 2010 à 15:30
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
20 févr. 2010 à 16:04
User : Laurent (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 15:38:18 | 20/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 224,88 Go (48,73 Go free) | NTFS
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBGE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\pp14.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wermgr.exe
C:\Users\Laurent\AppData\Local\Temp\FDD9.tmp\ERUNT.EXE
C:\Users\Laurent\AppData\Local\Temp\FDD9.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\AskBarDis
Quarantined & Deleted !! : C:\Program Files\EoRezo
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\Windows\system32\win32extension.dll
Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266535907.exe
Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266628575.exe
Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266670058.exe
Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266681087.exe
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pp
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysldtray
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Deleted : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCU\Software\AppDataLow\AskBarDis
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
Deleted : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
Deleted : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Deleted : HKLM\System\CurrentControlSet\Servises
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
(!) wscsvc : Start = 4
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
20 févr. 2010 à 16:33
- http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
* Double-clique sur RSIT.exe pour le lancer .
* Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
* Devant l'option List files/folders created ... , tu choisis 2 months
* Clique ensuite sur Continue pour lancer l'analyse ...
* Laisse faire le scan et ne touche pas au PC ...
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
* Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de info.txt ici.
Clique sur parcourir
Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt
Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit
20 févr. 2010 à 17:00
log: http://www.cijoint.fr/cjlink.php?file=cj201002/cijxhAMjkz.txt