ADSPY/Gibmed.A.4 et Gibuptb - Page 2

Résolu
Précédent
  • 1
  • 2
Réponse 21 / 22
tidieu-59
 
Je n'ai plus de souci mais par sécurité jai lancé la recherche, qu'est-ce que cela donne?

List'em by g3n-h@ckm@n 1.6.0.4

User : Gilles (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 21:43:47 | 23/03/2010

Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 584,17 Go (425,61 Go free) [HDD] | NTFS
H:\ -> Disque CD-ROM | 7,03 Go (0 Mo free) [GTA IV Disc 1] | UDF

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\autoclk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
autoclk REG_SZ autoclk.exe
EPSON Stylus DX4200 Series REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S38CB.tmp" /EF "HKLM"
EPSON Stylus DX4200 Series (Copie 1) REG_SZ C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S9FCB.tmp" /EF "HKLM"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{04CB5B64-5915-4629-B869-8945CEBADD21}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{7517B462-F531-4B95-A517-C86FDBB3DAD3}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

===
DNS
===

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6A68A70-780F-488D-995C-27719A50EA9D}: NameServer=81.253.149.1 80.10.246.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{815648AF-5C77-45D6-897C-E5C2AA01165E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6A68A70-780F-488D-995C-27719A50EA9D}: NameServer=81.253.149.1 80.10.246.132

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: HDD

Taille du volume = 584 Go
Espace libre = 426 Go
tendue d'espace libre la plus grande = 214 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Users\Gilles\AppData\Local\chmzeti.bat
Present !! : C:\Users\Gilles\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\_is4069.exe
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dialogs.dll
Present !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dyndata_7380014.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 21:52:18
Windows 6.0.6002 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:57:24,11
0
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
 
bonjour, relance list&kill"em et fais l'option 2 , merci
0
Réponse 22 / 22
tidieu-59
 
Kill'em by g3n-h@ckm@n 1.6.0.4

User : Gilles (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 20:06:33 | 24/03/2010

Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 584,17 Go (423,89 Go free) [HDD] | NTFS
H:\ -> Disque CD-ROM | 7,03 Go (0 Mo free) [GTA IV Disc 1] | UDF

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\chmzeti.bat
Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\_is4069.exe
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dialogs.dll
Quarantined & Deleted !! : C:\Users\Gilles\LOCAL Settings\Temp\drm_dyndata_7380014.dll
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0G92AA.TXT
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0JH0AH.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I0LQKNZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I1XU3DK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I20D0YB.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I28KLQ2.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4795U4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4893XA.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4I8L6T.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I4WL8VU.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I5NUFYU.jpeg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6A83EG.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6A9CGP.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I6M1BES.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I88B94X.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I93E0WE
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I9RZNZB.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$I9UBKM0
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IAGW41Y.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IAX4RBR.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IB5T0D3.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBDI6F0.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBONUCO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IBQ88JN.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ICRBWUW.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDIKV5J.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDT1NNX.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IDTDQ6R.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEF3VMK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEFCSU8.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEJDW21.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IEMXKUB.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IF50XHC.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IF98Q5F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IFGL0BT.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IG1Q08S.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IGNGPG4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH7IHQS.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH8TRX7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IH8XH8B.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHGXSHK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHHQA0Q.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IHJXUTC.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIATO5G.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIF0A7Y.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IIRTTU9.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IJML6EW.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IJZM7PH.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKCJPUM.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKGH9PK.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKSDB7L.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IKVZ71A.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ILACM0H.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IM0V0O8.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IM5HE77.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IMFMRIG.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IMQGNTX.MOV
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INETK1C.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INK4OE7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$INQPEFZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IO0AY6D.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IOMSSTS.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IP8WC9J.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IPCHTQO
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IQGQP6L.csv
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IQLJL0V.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IR3E53Q.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IRG06GF.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IRLTOLM.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IS48937.mp2
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ISQV5EL.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IT10RZU.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IT45CHA.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$ITNQL4Z.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IV897DW.jpeg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IVCURZY.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IVSS3SG.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IWC7FCZ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IX2P7NF.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXHFT1F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXQA3ZH.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXR6UXG.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IXYCP80.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IY9N9V7.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IYCED7F.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZK8H0H.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZPL2YJ.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZRL28M.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$IZU6H1J.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RGNGPG4.JPG
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RH8XH8B.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RMFMRIG.doc
Deleted !! : C:\$Recycle.bin\S-1-5-21-2423996797-2922828430-3127576442-1000\$RYCED7F.JPG

==============
host file OK !
==============

========
Registry
========

Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Précédent
  • 1
  • 2

Discussions similaires

4GO équivaut à combien en GB ?
xolena -
Chris 94 -

4 réponses
Numéro incomplet et suspect selon moi (+33 1 06 4)
Llo222 -
baladur13 -

5 réponses
clips4sale securisee ou pas ???
julien -
Clipcrushsale -

7 réponses
Idée de déguisement pour 4 personnes
mbc29 -
TwaregSi -

18 réponses
4GB= MO et GO
zizix -
titinou6 -

5 réponses