Virus personal security

Le Tarnais -  
 Utilisateur anonyme -
Bonjour,
Mon ordinateur a attrapé le virus Personal Security , j'ai donc téléchargé et installé List&Kill'em puis j'ai exécuté le programme ... à la fin du scan j'ai obtenu le rapport qui est complet .Que dois-je faire ensuite ? AIDEZ-MOI SVP .Merci .
Configuration: Windows Vista / Firefox 3.5.8

1 réponse

  1. Utilisateur anonyme
     
    bonjour
    poste le rapport
    0
    1. Le Tarnais
       
      Voilà :


      List'em by g3n-h@ckm@n 1.2.5.3

      User : Laurent (Administrateurs)
      Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
      Start at: 13:53:55 | 20/02/2010
      Contact : https://forums.commentcamarche.net/forum/virus-securite-7

      Intel(R) Pentium(R) D CPU 2.80GHz
      Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18882
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local | 224,88 Go (48,74 Go free) | NTFS
      E:\ -> Disque amovible
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Windows\sYSteM32\SvchOst.eXE
      C:\Windows\system32\svchost.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\EoRezo\EoEngine.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Soft2PC\soft2pc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBGE.EXE
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\pp14.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\List_Kill'em\List_Kill'em.scr
      C:\Windows\system32\conime.exe
      C:\Windows\system32\cmd.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\WerFault.exe
      C:\Users\Laurent\AppData\Local\Temp\D1E5.tmp\pv.exe

      ======================
      Keys "Run"
      ======================
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      EPSON Stylus D78 Series REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S2DD4.tmp" /EF "HKCU"
      ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
      EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
      soft2PC REG_SZ "C:\Program Files\Soft2PC\soft2pc.exe"
      sysldtray REG_SZ C:\Windows\ld16.exe
      Captcha7 REG_SZ rundll "C:\Program Files\captcha.dll",captcha
      pp REG_SZ C:\Windows\pp14.exe

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      Helper REG_SZ C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe -runonce
      SoftwareHelper REG_SZ C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce

      =====================
      Other Keys
      =====================
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
      ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
      EnableInstallerDetection REG_DWORD 1 (0x1)
      EnableLUA REG_DWORD 1 (0x1)
      EnableSecureUIAPaths REG_DWORD 1 (0x1)
      EnableVirtualization REG_DWORD 1 (0x1)
      PromptOnSecureDesktop REG_DWORD 1 (0x1)
      ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
      dontdisplaylastusername REG_DWORD 0 (0x0)
      legalnoticecaption REG_SZ
      legalnoticetext REG_SZ
      scforceoption REG_DWORD 0 (0x0)
      shutdownwithoutlogon REG_DWORD 1 (0x1)
      undockwithoutlogon REG_DWORD 1 (0x1)
      FilterAdministratorToken REG_DWORD 0 (0x0)
      EnableUIADesktopToggle REG_DWORD 0 (0x0)

      ===============
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

      ===============
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

      ===============
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      AppInit_DLLS REG_SZ

      ===============
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      ReportBootOk REG_SZ 1
      Shell REG_SZ explorer.exe
      Userinit REG_SZ C:\Windows\system32\userinit.exe,
      VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
      AutoRestartShell REG_DWORD 1 (0x1)
      LegalNoticeCaption REG_SZ
      LegalNoticeText REG_SZ
      PowerdownAfterShutdown REG_SZ 0
      ShutdownWithoutLogon REG_SZ 0
      cachedlogonscount REG_SZ 10
      forceunlocklogon REG_DWORD 0 (0x0)
      passwordexpirywarning REG_DWORD 14 (0xe)
      Background REG_SZ 0 0 0
      DebugServerCommand REG_SZ no
      WinStationsDisabled REG_SZ 0
      DisableCAD REG_DWORD 1 (0x1)
      scremoveoption REG_SZ 0
      ShutdownFlags REG_DWORD 43 (0x2b)

      ===============

      ===============
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

      ===============
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      ===============
      ActivX controls
      ===============
      HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
      HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

      ===============
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
      HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

      ==============
      BHO :
      ======
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C73FD00D-A099-405C-92B4-8997710D187D}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

      ================
      Internet Explorer :
      ================
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ http://y.lo.st

      ========
      Services
      ========
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

      Ndisuio : 0x3 ( OK = 3 )
      EapHost : 0x3 ( OK = 2 )
      Wlansvc : 0x3 ( OK = 2 )
      SharedAccess : 0x4 ( OK = 2 )
      windefend : 0x2 ( OK = 2 )
      wuauserv : 0x2 ( OK = 2 )
      wscsvc : 0x4 ( OK = 2 )

      =========
      Atapi.sys
      =========

      %%%% HASHDEEP-1.0
      %%%% size,md5,sha256,filename
      ## Invoked from: C:\Users\Laurent\AppData\Local\Temp\D1E5.tmp
      ## C:\> hashdeep C:\Windows\System32\Drivers\atapi.sys
      ##
      19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\Drivers\atapi.sys


      Sources
      =======

      C:\Windows\System32\drivers\atapi.sys
      C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
      C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
      C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
      C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
      C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

      Référence :
      ==========

      Win XP_32b : a64013e98426e1877cb653685c5c0009
      Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
      Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
      Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
      Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
      Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
      Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
      Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
      Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

      =======
      Drive :
      =======

      D‚fragmenteur de disque Windows
      Copyright (c) 2006 Microsoft Corp.

      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Present !! : C:\Program Files\AskBarDis
      Present !! : C:\Program Files\EoRezo
      Present !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
      Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
      Present !! : C:\Windows\System32\win32extension.dll"
      Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266535907.exe
      Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266628575.exe
      Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266670058.exe
      Present !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266681087.exe

      ¤¤¤¤¤¤¤¤¤¤ Keys :

      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pp
      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysldtray
      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper
      Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
      Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
      Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
      Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
      Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
      Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
      Present !! : HKCR\EoRezoBHO.EoBho
      Present !! : HKCR\EoRezoBHO.EoBho.1
      Present !! : HKCU\Software\AppDataLow\AskBarDis
      Present !! : HKCU\SOFTWARE\EoRezo
      Present !! : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
      Present !! : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
      Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
      Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
      Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
      Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
      Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
      Present !! : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
      Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho
      Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1
      Present !! : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
      Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
      Present !! : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
      Present !! : HKLM\SOFTWARE\EoRezo
      Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
      Present !! : HKLM\System\CurrentControlSet\Servises

      ============


      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: error reading MBR
      called modules: ntkrnlpa.exe >>UNKNOWN [0x858C64FA]<<
      kernel: MBR read successfully

      ==========
      Programs
      ==========

      Adobe
      Apple Software Update
      AskBarDis
      Bonjour
      captcha.dll
      Common Files
      ConvertHelper
      desktop.ini
      EoRezo
      EPSON
      Fichiers communs
      Internet Explorer
      iPod
      Ipod Video Converter
      iTunes
      Java
      JRE
      LimeWire
      List_Kill'em
      Logitech
      ma-config.com
      Microsoft
      Microsoft CAPICOM 2.1.0.2
      Microsoft Games
      Microsoft Silverlight
      Microsoft SQL Server Compact Edition
      Microsoft Sync Framework
      Movie Maker
      Mozilla Firefox
      MSBuild
      OpenOffice.org 3
      PersSecurity
      PhotoFiltre
      Polar
      QuickTime
      Reference Assemblies
      Soft2PC
      Uninstall Information
      uTorrent
      VideoLAN
      Windows Calendar
      Windows Collaboration
      Windows Defender
      Windows Journal
      Windows Live
      Windows Live SkyDrive
      Windows Mail
      Windows Media Player
      Windows NT
      Windows Photo Gallery
      Windows Portable Devices
      Windows Sidebar

      ============
      Drive C:
      ============

      $Recycle.Bin
      autoexec.bat
      Boot
      bootmgr
      BOOTSECT.BAK
      config.sys
      Documents and Settings
      Downloads
      fb_reg20100216.log
      hiberfil.sys
      IO.SYS
      Kill'em
      List'em.txt
      MSDOS.SYS
      pagefile.sys
      PerfLogs
      Program Files
      ProgramData
      Sauvegarde
      SCATLAWS
      System Volume Information
      Users
      Windows

      ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      End of scan : 14:14:02,55
      0
    2. Utilisateur anonyme > Le Tarnais
       
      ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
      mais cette fois-ci :

      ▶ choisis l'option 2 = Mode Suppression

      laisse travailler l'outil.

      en fin de scan un rapport s'ouvre
      0
    3. Le Tarnais > Utilisateur anonyme
       
      Kill'em by g3n-h@ckm@n 1.2.5.3

      User : Laurent (Administrateurs)
      Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
      Start at: 15:38:18 | 20/02/2010
      Contact : https://forums.commentcamarche.net/forum/virus-securite-7

      Intel(R) Pentium(R) D CPU 2.80GHz
      Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18882
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local | 224,88 Go (48,73 Go free) | NTFS
      E:\ -> Disque amovible
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible


      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Users\Laurent\AppData\Roaming\Soft2PC\Software\SoftwareHP.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Users\Laurent\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\EoRezo\EoEngine.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Soft2PC\soft2pc.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBGE.EXE
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\pp14.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\List_Kill'em\List_Kill'em.scr
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\wermgr.exe
      C:\Users\Laurent\AppData\Local\Temp\FDD9.tmp\ERUNT.EXE
      C:\Users\Laurent\AppData\Local\Temp\FDD9.tmp\pv.exe

      Detections :
      ==========


      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Quarantined & Deleted !! : C:\Program Files\AskBarDis
      Quarantined & Deleted !! : C:\Program Files\EoRezo
      Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
      Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

      Quarantined & Deleted !! : C:\Windows\system32\win32extension.dll
      Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266535907.exe
      Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266628575.exe
      Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266670058.exe
      Quarantined & Deleted !! : C:\Users\Laurent\LOCAL Settings\Temp\zpskon_1266681087.exe

      ==============
      host file OK !
      ==============

      ========
      Registry
      ========

      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pp
      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysldtray
      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper
      Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
      Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
      Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
      Deleted : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
      Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
      Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
      Deleted : HKCR\EoRezoBHO.EoBho
      Deleted : HKCR\EoRezoBHO.EoBho.1
      Deleted : HKCU\Software\AppDataLow\AskBarDis
      Deleted : HKCU\SOFTWARE\EoRezo
      Deleted : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
      Deleted : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
      Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
      Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
      Deleted : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
      Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
      Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
      Deleted : HKLM\SOFTWARE\EoRezo
      Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
      Deleted : HKLM\System\CurrentControlSet\Servises
      ========
      Services
      =========

      Ndisuio : Start = 3
      EapHost : Start = 2
      Wlansvc : Start = 2
      SharedAccess : Start = 2
      windefend : Start = 2
      wuauserv : Start = 2
      (!) wscsvc : Start = 4

      ============
      Disk Cleaned
      ============

      =================
      anti-ver blaster : OK !!
      =================

      ================
      Prefetch cleaned
      ================



      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      0
    4. Utilisateur anonyme > Le Tarnais
       
      Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

      - http://images.malwareremoval.com/random/RSIT.exe

      ! Déconnecte toi et ferme toutes tes applications en cours !

      * Double-clique sur RSIT.exe pour le lancer .
      * Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
      * Devant l'option List files/folders created ... , tu choisis 2 months
      * Clique ensuite sur Continue pour lancer l'analyse ...
      * Laisse faire le scan et ne touche pas au PC ...
      * Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
      * Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de info.txt ici.
      Clique sur parcourir
      Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
      Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
      qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt

      Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit
      0
    5. Le Tarnais > Utilisateur anonyme
       
      info : http://www.cijoint.fr/cjlink.php?file=cj201002/cijn6HHdyb.txt

      log: http://www.cijoint.fr/cjlink.php?file=cj201002/cijxhAMjkz.txt
      0