ADSPY/Gibmed.A.4 et Gibuptb

Résolu
tidieu-59 -  
 tidieu-59 -
Bonjour,

Je vous souhaite d'abord bonne année et j'aimerais que vous m'aidiez sur quelques soucis de virus !!!

1er point :

Depuis 6 mois sur mon pc qui n'a qu'un an j'ai des bugs ! des programme qui s'ouvrent et se ferment tout seul ! et quand je veux cliqué sur un onglet de ma barre des tâches, je n'y arrive pas !!! Quand je clique gauche sur l'onglet pour l'ouvrir, c'est les proriétés du fichier qui s'ouvre (par exemple pour eXplorer ) et la seule touche du clavier que je peux écrire c'est "€" quand j'appuie sur le "e" mais je ne peux faire d'autre action ( meme pas la touche "ENTREE"

2eme point :

Et j'ai lancé antivrus (Avira antiVir) il y a 2 minutes il m'a trouvé ADSPY/Gibmed.a.4 et ADSPY/Gibmed.a.6 et Gibupt.exe comme mauvais programme.

Quelle conséquence ont ces virus sur l'ordinateur ? comment faire pour les supprimer ? et ne pas les ravoir?

Un grand merci par avance pour vos réponses.

22 réponses

Précédent
  • 1
  • 2
Réponse 21 / 22
tidieu-59
 
Je n'ai plus de souci mais par sécurité jai lancé la recherche, qu'est-ce que cela donne?

List'em by g3n-h@ckm@n 1.6.0.4

User : Gilles (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 21:43:47 | 23/03/2010

Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 584,17 Go (425,61 Go free) [HDD] | NTFS
H:\ -> Disque CD-ROM | 7,03 Go (0 Mo free) [GTA IV Disc 1] | UDF

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\autoclk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
autoclk REG_SZ autoclk.exe
EPSON Stylus DX4200 Series REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S38CB.tmp" /EF "HKLM"
EPSON Stylus DX4200 Series (Copie 1) REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S9FCB.tmp" /EF "HKLM"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{04CB5B64-5915-4629-B869-8945CEBADD21}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{7517B462-F531-4B95-A517-C86FDBB3DAD3}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

===
DNS
===

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6A68A70-780F-488D-995C-27719A50EA9D}: NameServer=81.253.149.1 80.10.246.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{815648AF-5C77-45D6-897C-E5C2AA01165E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6A68A70-780F-488D-995C-27719A50EA9D}: NameServer=81.253.149.1 80.10.246.132

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: HDD

Taille du volume = 584 Go
Espace libre = 426 Go
tendue d'espace libre la plus grande = 214 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Users\Gilles\AppData\Local\chmzeti.bat
Present !! : C:\Users\Gilles\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\_is4069.exe
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dialogs.dll
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dyndata_7380014.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 21:52:18
Windows 6.0.6002 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:57:24,11
0
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 617
 
bonjour, relance list&kill"em et fais l'option 2 , merci
0
Réponse 22 / 22
tidieu-59
 
Kill'em by g3n-h@ckm@n 1.6.0.4

User : Gilles (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 20:06:33 | 24/03/2010

Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 584,17 Go (423,89 Go free) [HDD] | NTFS
H:\ -> Disque CD-ROM | 7,03 Go (0 Mo free) [GTA IV Disc 1] | UDF


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :


Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\chmzeti.bat
Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\_is4069.exe
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dialogs.dll
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dyndata_7380014.dll
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0G92AA.TXT
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0JH0AH.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0LQKNZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I1XU3DK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I20D0YB.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I28KLQ2.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4795U4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4893XA.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4I8L6T.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4WL8VU.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I5NUFYU.jpeg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6A83EG.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6A9CGP.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6M1BES.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I88B94X.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I93E0WE
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I9RZNZB.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I9UBKM0
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IAGW41Y.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IAX4RBR.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IB5T0D3.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBDI6F0.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBONUCO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBQ88JN.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ICRBWUW.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDIKV5J.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDT1NNX.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDTDQ6R.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEF3VMK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEFCSU8.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEJDW21.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEMXKUB.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IF50XHC.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IF98Q5F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IFGL0BT.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IG1Q08S.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IGNGPG4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH7IHQS.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH8TRX7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH8XH8B.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHGXSHK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHHQA0Q.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHJXUTC.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIATO5G.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIF0A7Y.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIRTTU9.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IJML6EW.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IJZM7PH.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKCJPUM.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKGH9PK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKSDB7L.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKVZ71A.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ILACM0H.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IM0V0O8.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IM5HE77.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IMFMRIG.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IMQGNTX.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INETK1C.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INK4OE7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INQPEFZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IO0AY6D.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IOMSSTS.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IP8WC9J.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IPCHTQO
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IQGQP6L.csv
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IQLJL0V.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IR3E53Q.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IRG06GF.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IRLTOLM.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IS48937.mp2
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ISQV5EL.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IT10RZU.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IT45CHA.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ITNQL4Z.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IV897DW.jpeg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IVCURZY.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IVSS3SG.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IWC7FCZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IX2P7NF.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXHFT1F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXQA3ZH.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXR6UXG.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXYCP80.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IY9N9V7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IYCED7F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZK8H0H.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZPL2YJ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZRL28M.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZU6H1J.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RGNGPG4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RH8XH8B.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RMFMRIG.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RYCED7F.JPG

==============
host file OK !
==============

========
Registry
========

Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
ntrece13 -

159 réponses
clips4sale securisee ou pas ???
julien -
Clipcrushsale -

7 réponses
4GO équivaut à combien en GB ?
xolena -
Chris 94 -

4 réponses
Samsung Z Flip 4 s'éteint lorsque je le plie.
BOBJENNY -
Tinoon -

4 réponses
Idée de déguisement pour 4 personnes
mbc29 -
TwaregSi -

18 réponses