Dju188

ok bah merci pour vos conseil, et sinon pour un budget de +/-700 euros tva comprise (21%) tu pourrais me faire un pti exemple si ce n'est pas trop te demander? Cordialement Dju

Voila , mon attention s'est porté sur un autre ordi, et je demande vos conseil pour choisir entre celui de packard bell et celui qui suit: Processeurs amd phenom X4 9500 quad-core 3go de ram ddr2 500go de memoire GEFROCE 9500 gt (256 mo dedié)

Bonjour a tous, Voila je vien vous demander votre avis, je recherche un ordi assez bon pour les jeux, ce matin j'ai recu une annonce me donnant un ordi dans les grandes lignes, Intel core 2 quad q6600 4 go de ram 640 gigas de memoirs nvidia Geforce 9500 gs (512 m memoire dédié) +connection hdmi mon probleme si situe surotut au niveau de la carte graphique, a savoir si elle est bien, tres bien , mauvaise,etc pour les jeux videos, et aussi quelle durée de vie aura mon ordi par rapport a l'avancé des jeux (technologiquement parlant) sinon l'ordinateur est de la marque Packard bell : j'ai jamais acheté de cette marque la aussi, j'aimerais savoir si elle est respectable ou nom, je precise que je ne possede pas 1000 euros pour m'acheter un ordi merci de vos conseil futur, PS: je rappelle mes 2 questions principales sont : 1) que pensez vous de la carte? 2) que pensez vous du quad core et de "packard bell" (zut sa fait 3 ^^)

NN enfait, c'est un copain que j'ai vu recement, 1/2 jours avant que ce "contact" msn me rajoute et que je vienne poster l'avertissement sur le forum, Il est vachement stressé par rapport a son ordinateur, des que son antivirus a detecté le "trojan", et qu'il a vu que son antivirus ne parvenait pas a le suprimmer, il a tt de suite appelé l'informaticien, donc son probleme est reglé ^^ Merci de ton interessement pour cette affaire Cordialement Julien, bonne soirée

J'avais parlé d'un trojan, car un copain a été infecté suit a ce bot, et il m'avais dit que son Antivirus, (dont je connais pas le nom) detecté toujourts un trojan, Fin bon, si ce n'est pas un malware, je m'en excuse, j'ai juste rapporté ce que je savais

Alors voila les deux rapports demandés Avira AntiVir Personal Report file date: mercredi 2 juillet 2008 16h12 Scanning for 1372783 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: CELERON Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 16:08:16 AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 16:08:16 LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 16:08:16 LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 16:08:17 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 12:58:34 ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 10:33:58 ANTIVIR3.VDF : 7.0.5.34 62976 Bytes 2/07/2008 10:47:25 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 16:08:17 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 21/06/2008 16:01:55 AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 16:01:53 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:37:28 AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 16:01:50 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 16:01:45 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 21/06/2008 16:01:43 AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 13:56:33 AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 16:01:37 AEEMU.DLL : 8.1.0.6 430451 Bytes 8/05/2008 15:27:47 AECORE.DLL : 8.1.0.31 168310 Bytes 6/06/2008 16:00:14 AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 16:08:16 AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 16:08:16 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 16:08:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 16:08:16 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 16:08:16 SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 16:08:17 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 16:08:17 NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 16:08:17 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 16:08:11 RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 16:08:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 2 juillet 2008 16h12 Starting search for hidden objects. '38216' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsDeviceConnect.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'imapi.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'PStrip.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! [WARNING] Paramètre incorrect. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '22' files ). Starting the file scan: Begin scan in 'C:\' <Maxtor160Gb> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <IBM20Gb> End of the scan: mercredi 2 juillet 2008 16h57 Used time: 44:45 min The scan has been done completely. 6204 Scanning directories 341267 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 341267 Files not concerned 3633 Archives were scanned 4 Warnings 0 Notes 38216 Objects were scanned with rootkit scan 0 Hidden objects were found et le rapport de gmer GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-07-03 10:48:02 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT spvt.sys ZwCreateKey [0xF74D90E0] SSDT B9F768F4 ZwCreateThread SSDT spvt.sys ZwEnumerateKey [0xF74F6CA2] SSDT spvt.sys ZwEnumerateValueKey [0xF74F7030] SSDT spvt.sys ZwOpenKey [0xF74D90C0] SSDT B9F768E0 ZwOpenProcess SSDT B9F768E5 ZwOpenThread SSDT spvt.sys ZwQueryKey [0xF74F7108] SSDT spvt.sys ZwQueryValueKey [0xF74F6F88] SSDT spvt.sys ZwSetValueKey [0xF74F719A] SSDT B9F768EF ZwTerminateProcess SSDT B9F768EA ZwWriteVirtualMemory INT 0x62 ? 898AABF8 INT 0x73 ? 89789BF8 INT 0x73 ? 89789BF8 INT 0x82 ? 898AABF8 INT 0x83 ? 898AABF8 INT 0x83 ? 898AABF8 INT 0x83 ? 89789BF8 INT 0x83 ? 898AABF8 INT 0xA4 ? 89789BF8 INT 0xB4 ? 89789BF8 ---- Kernel code sections - GMER 1.0.14 ---- ? spvt.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload BA31762C 5 Bytes JMP 897891D8 .text ah5039h9.SYS BA147384 1 Byte [ 20 ] .text ah5039h9.SYS BA147386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text ah5039h9.SYS BA1473AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text ah5039h9.SYS BA1473C4 3 Bytes [ 00, 00, 00 ] .text ah5039h9.SYS BA1473C9 1 Byte [ 00 ] .text ... ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[452] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 899182D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74FF6D0] spvt.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7503708] spvt.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DA046] spvt.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DA142] spvt.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DA0C4] spvt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DA7CE] spvt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DA6A4] spvt.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 897892D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E5D7A] spvt.sys IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlInitUnicodeString] DD000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!swprintf] 74000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeSetEvent] 1F000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 4B000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoGetConfigurationInformation] BD000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 8B000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8A000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 70000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 3E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmUnmapIoSpace] B5000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 66000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IofCompleteRequest] 48000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 03000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IofCallDriver] F6000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 61000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoConnectInterrupt] 35000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoDetachDevice] 57000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeWaitForSingleObject] B9000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInitializeEvent] 86000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C1000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlInitAnsiString] 1D000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 9E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoQueueWorkItem] E1000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmMapIoSpace] F8000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 98000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoReportDetectedDevice] 11000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoReportResourceForDetection] 69000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] D9000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!NlsMbCodePageTag] 8E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!PoRequestPowerIrp] 94000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 9B000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 1E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!sprintf] 87000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] E9000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ObfDereferenceObject] CE000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 55000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 28000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ZwClose] DF000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 8C000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] A1000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 89000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 0D000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!PoCallDriver] [bF000000] \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoCreateDevice] E6000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 42000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 68000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ZwOpenKey] 41000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 99000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoStartTimer] 2D000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInitializeTimer] 0F000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoInitializeTimer] B0000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInitializeDpc] 54000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInitializeSpinLock] BB000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoInitializeIrp] 16000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ZwCreateKey] 00000052 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00000009 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 0000006A IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ZwSetValueKey] 000000D5 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00000030 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000036 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoStartPacket] 000000A5 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000038 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000BF IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoFreeMdl] 00000040 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmUnlockPages] 000000A3 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000009E IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 00000081 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000F3 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000D7 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000FB IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoStartNextPacket] 0000007C IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeBugCheckEx] 000000E3 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 00000039 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeSetTimer] 00000082 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeCancelTimer] 0000009B IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!_allmul] 0000002F IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmProbeAndLockPages] 000000FF IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!_except_handler3] 00000087 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!PoSetPowerState] 00000034 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 0000008E IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000043 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!_aulldiv] 00000044 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!strstr] 000000C4 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!_strupr] 000000DE IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000E9 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CB IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!KeTickCount] 00000054 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 0000007B IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoDeleteDevice] 00000094 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000032 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAllocateWorkItem] 000000A6 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAllocateIrp] 000000C2 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoAllocateMdl] 00000023 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0000003D IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000EE IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000004C IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00000095 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!ExFreePoolWithTag] 0000000B IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoFreeIrp] 00000042 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000FA IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!InitSafeBootMode] 000000C3 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlCompareMemory] 0000004E IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000008 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!memmove] 0000002E IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000A1 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KfAcquireSpinLock] 6C000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!READ_PORT_UCHAR] 56000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KeGetCurrentIrql] F4000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KfRaiseIrql] EA000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KfLowerIrql] 65000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!HalGetInterruptVector] 7A000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!HalTranslateBusAddress] AE000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KeStallExecutionProcessor] 08000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!KfReleaseSpinLock] [bA000000] \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!READ_PORT_USHORT] 25000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[WMILIB.SYS!WmiSystemControl] B4000000 IAT \SystemRoot\System32\Drivers\ah5039h9.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 898A91F8 Device \FileSystem\Fastfat \FatCdrom 894BC1F8 Device \FileSystem\Udfs \UdfsCdRom 892D21F8 Device \FileSystem\Udfs \UdfsDisk 892D21F8 Device \Driver\usbuhci \Device\USBPDO-0 897841F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 899161F8 Device \Driver\dmio \Device\DmControl\DmConfig 899161F8 Device \Driver\dmio \Device\DmControl\DmPnP 899161F8 Device \Driver\dmio \Device\DmControl\DmInfo 899161F8 Device \Driver\usbuhci \Device\USBPDO-1 897841F8 Device \Driver\usbuhci \Device\USBPDO-2 897841F8 Device \Driver\usbuhci \Device\USBPDO-3 897841F8 Device \Driver\PCI_PNP4386 \Device\00000047 spvt.sys Device \Driver\PCI_PNP4386 \Device\00000047 spvt.sys Device \Driver\usbehci \Device\USBPDO-4 8976D1F8 Device \Driver\USBSTOR \Device\00000070 894BA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 898AB1F8 Device \Driver\USBSTOR \Device\00000071 894BA1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 898AB1F8 Device \Driver\Cdrom \Device\CdRom0 897671F8 Device \Driver\Cdrom \Device\CdRom1 897671F8 Device \Driver\atapi \Device\Ide\IdePort0 898AA1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 898AA1F8 Device \Driver\atapi \Device\Ide\IdePort1 898AA1F8 Device \Driver\atapi \Device\Ide\IdePort2 898AA1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 898AA1F8 Device \Driver\atapi \Device\Ide\IdePort3 898AA1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 898AA1F8 Device \Driver\Cdrom \Device\CdRom2 897671F8 Device \Driver\Cdrom \Device\CdRom3 897671F8 Device \Driver\Cdrom \Device\CdRom4 897671F8 Device \Driver\Cdrom \Device\CdRom5 897671F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1D2BD588-ADBF-4987-87FE-D8C8995254CB} 892FE1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 892FE1F8 Device \Driver\Cdrom \Device\CdRom6 897671F8 Device \Driver\NetBT \Device\NetbiosSmb 892FE1F8 Device \Driver\sptd \Device\1122404386 spvt.sys Device \Driver\usbuhci \Device\USBFDO-0 897841F8 Device \Driver\usbuhci \Device\USBFDO-1 897841F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894B41F8 Device \Driver\usbuhci \Device\USBFDO-2 897841F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 894B41F8 Device \Driver\usbuhci \Device\USBFDO-3 897841F8 Device \Driver\usbehci \Device\USBFDO-4 8976D1F8 Device \Driver\Ftdisk \Device\FtControl 898AB1F8 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target4Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target3Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target1Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target5Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target2Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91Port4Path0Target0Lun0 896AC500 Device \Driver\ah5039h9 \Device\Scsi\ah5039h91 896AC500 Device \FileSystem\Fastfat \Fat 894BC1F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 892FC1F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x02 0x0B 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD1 0x68 0xFD 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xC9 0x19 0x27 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x02 0x0B 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD1 0x68 0xFD 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xC9 0x19 0x27 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1314ffd8 size 0x1e4 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ----

Bon et bien voila les deux rapports demandés: le rapport de drweb: (jlai mis en *.txt) RegUBP2b-Julien.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.; ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Julien\Bureau\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\Julien\Bureau;L'archive contient des éléments infectés;Quarantaine.; Process.exe;C:\SDFix\apps;Tool.Prockill;Quarantaine.; A0072289.exe;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP191;Program.FPort.20;Quarantaine.; A0072299.exe;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP191;Program.PsList.126;Quarantaine.; A0076730.reg;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP220;Trojan.StartPage.1505;Supprimé.; A0082828.reg;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP229;Trojan.StartPage.1505;Supprimé.; A0084809.reg;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP236;Trojan.StartPage.1505;Supprimé.; A0086022.reg;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP239;Trojan.StartPage.1505;Supprimé.; A0088226.reg;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP240;Trojan.StartPage.1505;Supprimé.; A0088227.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP240\A0088227.exe;Program.PsExec.171;; A0088227.exe;C:\System Volume Information\_restore{49EAA784-2039-4FAC-8D75-C2F601053DE5}\RP240;L'archive contient des éléments infectés;Quarantaine.; et le mbr log ( dans c:\) Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! Voila, a aussi une chose a tt hasard j'ai lancé une analyse antivir, il n'a pas detecté le virus !!!!!! (fini, mon ordi est gueri?) Merci encor de ton aide, qui m'a ete fort precieuse... Cordialement Julien

et bien sa fait plaisir de voir que des gens ont été "avertis et sauvé" grace a moi ^^ Julien

Mais derien, j'ai fais mon devoir d'internet et membre du forum zebulon.fr ^^ Content que au moin qqun l'a vu et peut confirmer que c reel, content que tu as evité l'infection, bien joué Julien

j'ai oublié de preciser, que je ne suis pas infecté enfin bref, faites attention ^^ Julien

voila les deux rapport, Avira AntiVir Personal Report file date: dimanche 29 juin 2008 12:43 Scanning for 1355845 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Julien Computer name: CELERON Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 16:08:16 AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 16:08:16 LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 16:08:16 LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 16:08:17 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7/03/2008 21:19:13 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 08:00:51 ANTIVIR3.VDF : 7.0.4.241 331264 Bytes 23/06/2008 15:59:10 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 16:08:17 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 21/06/2008 16:01:55 AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 16:01:53 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:37:28 AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 16:01:50 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 16:01:45 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 21/06/2008 16:01:43 AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 13:56:33 AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 16:01:37 AEEMU.DLL : 8.1.0.6 430451 Bytes 8/05/2008 15:27:47 AECORE.DLL : 8.1.0.31 168310 Bytes 6/06/2008 16:00:14 AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 16:08:16 AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 16:08:16 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 16:08:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 16:08:16 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 16:08:16 SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 16:08:17 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 16:08:17 NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 16:08:17 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 16:08:11 RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 16:08:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, A:, E:, F:, G:, H:, I:, J:, V:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 29 juin 2008 12:43 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [DETECTION] Contains detection pattern of the boot sector virus BOO/Sinowal.A [WARNING] The boot sector cannot be repaired! You can find more information in the help Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'A:\' [iNFO] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' <Maxtor160Gb> C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <IBM20Gb> Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'V:\' <COD2DVD> End of the scan: dimanche 29 juin 2008 14:39 Used time: 1:56:15 min The scan has been done completely. 5897 Scanning directories 306503 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 306501 Files not concerned 2007 Archives were scanned 3 Warnings 0 Notes et le mbr (dans C:\) Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! voila Julien

Bonjour, Voila apres des recherches, j'ai n'ai pas vu de message traitant de ce trojan, En effet en me connectant sur msn ajd, un contact voulait me rajouter, (l'ayant suprimer dans la hate je n'ai point noté son adresse) neanmoins dans son message d'invitation apparraissait le site suivant "emmanuelledion.com", faites trees attention, il s'agit d'un trojan. Apparement "qqun" engagera une conversation, vous proposant de la voir NUE sur un site, (je sais que les mecs seront tenté^^) mais n'y croyez pas, vous croyez vraiment qu'un fille va vous inviter dans ses contact msn juste pour se montrer nue ?^^ Sur ce j'espere vous avoir mis en garde Cordialement Julien PS: je ne suis pas sur que c'est le bon endroit pour poster mon message, je m'en excuse donc

Re, (desolé pour l'attente) je suis de nouveau la! J'ai commencé ce que tu m'a dit, le scan mbr a ete fait , et jle posterais plus tard, j'ai redemarer en mode sans echec, j'ai lancé le scan de "local drivers", mis quand il detectent le fameux BOO/sinowal.a, il ( antivir) ne me propose que 2 choix, "DELETE" ou "IGNORE", et tu te doute bien que ce virus ne peut etre DELETE sinon je ne serais pas ici^^ enfin bref, voila j'ai comme meme lancé un scan on vera ce qu'il me dira dans le rapport qu'antivir va me fournir ^^ Sur ce je retourne a mon scan! Une derniere chose?, dis moi qu'il y a encor de l'espoire ^^ Cordialement Julien PS: j'espere pour toi Manos, que tu trouvera une solution a ton probleme, mais je crois qu'il voudrait mieu que tu crée un topic pour ton probleme, car j'ai appris que toutes les infections (mm si elles sont due au meme virus, sont diferentes les unes des autres, ) donc va crer un topic, les Zebuloniens seront ravis de t'aider (enfin j'espere pour toi)

Bonsoir, c'est juste pour prevenir que je serai pas la durant 2/3 jours, donc ne soit pas ettonné si tu ne reçois psa de reponses... Encor merci de t'occupé de moi et deolé de te prendre autant de temps

mmmh aussi j'ai une question, ce virus peut 'il affecter mon internet (au niveau de la vitesse de naviguation) ? PS: j'y pense, est ce que ce genre de virus ne se cache pas dans les fichiers de restauration systeme?

oui je suis sur d'avoir utilisé la commande fixmbr dans la console (d'ailleurs vous aviez oublié de preciser qu'on avait a peu pres 1 sec pour choisir de lancer la consol et nn windows ^^), mais je vois toujours pas de changement dans le mbr.log Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! PS: je peux toujours essayer de refaire la reparation ? (avec la console?)

Bonjour, tt c'est deroulé comme prevu, par contre j'ai un probleme, ce matin je lance mon ordi, (la manipulation a été fait cette nuit etle scan en ligne aussi) et Antivir commence a faire un scan a l'improviste comme sa lui arrive parfois, la il me detecte de nouveau le virus BOO/sinowal.a dans le sector boot alors que lors de l'analyse en ligne, le scan n'a detecté aucun malware, enfin bref voici les differents rapport que vous m'aviez demandé LE SCAN CR_RC.txt WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons LE SCAN DE MBR.exe Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! ENFIN LE SCAN EN LIGNE -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, June 23, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 22, 2008 22:13:46 Records in database: 880302 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ V:\ Scan statistics: Files scanned: 47006 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:12:42 No malware has been detected. The scan area is clean. The selected area was scanned. je te glisse aussi un log hijackthis, au cas ou tu en aurais besoin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:49, on 23/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Julien\Bureau\Julien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206557495462 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 8709 bytes Voila, merci pour ton aide, suis-je toujours infecté? J'attends vos reponse Cordialement Julien

désolé mais je n'ai pas le cd de windows, j'ai acheter cet ordi a un pote y'a mtn 4 ans, et il ne m'a jamais donné de cd de windows . C'est grave? Julien EDIT 1: mais un cd de windows, c'est un cd par ordinateur?, par ce que mes parents ont une société a la maison, ils ont chacun un ordi, aussi ils ont surement un cd de windows, je pourrais l'utiliser?

mon fichier mbr.log est bien sur mon bureau: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 !

argh, sa devait arriver, premier problem quand je fais la manip avec la commmande pour ajouter la ligne dans le mbr.log, ca ne marche pas, aucune ligne ne s'ajoute. jte remt un nouveau rapport de mbr Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! -------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- jte poste le rapport de dds: Deckard's System Scanner v20071014.68 Run by Julien on 2008-06-22 16:59:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 63: 2008-06-22 14:59:28 UTC - RP236 - Deckard's System Scanner Restore Point 62: 2008-06-22 09:40:11 UTC - RP235 - Installed Mega Manager 61: 2008-06-21 19:42:25 UTC - RP234 - Point de vérification système 60: 2008-06-20 17:40:47 UTC - RP233 - Point de vérification système 59: 2008-06-18 17:58:21 UTC - RP232 - Point de vérification système -- First Restore Point -- 1: 2008-04-03 11:26:25 UTC - RP174 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Julien.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00:25, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Julien\Bureau\dss.exe C:\DOCUME~1\Julien\Bureau\Julien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206557495462 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 8660 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver> R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver> R3 mbr - c:\docume~1\julien\locals~1\temp\mbr.sys (file missing) R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver> S3 catchme - c:\docume~1\julien\locals~1\temp\catchme.sys (file missing) S3 lac97inf - c:\docume~1\julien\locals~1\temp\lac97inf.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Files created between 2008-05-22 and 2008-06-22 ----------------------------- 2008-06-22 11:40:47 0 d-------- C:\Documents and Settings\Julien\Application Data\Megaupload 2008-06-22 11:40:12 0 d-------- C:\Program Files\Megaupload 2008-06-15 12:03:21 0 d-------- C:\Documents and Settings\julien 1\Application Data\teamspeak2 2008-06-15 11:08:23 0 d-------- C:\Documents and Settings\julien 1\Application Data\WinRAR 2008-06-15 11:08:16 0 d-------- C:\Documents and Settings\julien 1\Application Data\Identities 2008-06-15 11:08:15 0 d--h----- C:\Documents and Settings\julien 1\Voisinage d'impression 2008-06-15 11:08:15 0 dr-h----- C:\Documents and Settings\julien 1\SendTo 2008-06-15 11:08:15 0 dr-h----- C:\Documents and Settings\julien 1\Recent 2008-06-15 11:08:15 0 dr------- C:\Documents and Settings\julien 1\Menu Démarrer 2008-06-15 11:08:13 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-15 11:08:12 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-15 11:08:12 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2008-06-15 11:08:12 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2008-06-15 11:08:12 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-06-15 09:50:26 0 d-------- C:\Program Files\Fichiers communs\Autodesk Shared 2008-06-12 22:05:30 5541888 --a------ C:\Documents and Settings\Julien\ntuser.dat 2008-06-06 22:21:55 0 d---s---- C:\Documents and Settings\julien 1\UserData 2008-06-06 21:58:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-06 21:58:14 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-06 21:57:40 0 d-------- C:\Documents and Settings\julien 1\Application Data\Macromedia 2008-06-06 21:57:40 0 d-------- C:\Documents and Settings\julien 1\Application Data\Adobe 2008-06-06 21:56:53 0 d-------- C:\Documents and Settings\julien 1\Application Data\MEGAUPLOADTOOLBAR 2008-06-06 21:54:03 0 d-------- C:\Documents and Settings\julien 1\Application Data\Mozilla 2008-06-06 21:52:28 0 d--h----- C:\Documents and Settings\julien 1\Modèles 2008-06-06 21:52:28 0 d--h----- C:\Documents and Settings\julien 1\Local Settings 2008-06-06 21:52:28 0 d-------- C:\Documents and Settings\julien 1\Favoris 2008-06-06 21:52:28 0 d---s---- C:\Documents and Settings\julien 1\Cookies 2008-06-06 21:52:28 0 d-------- C:\Documents and Settings\julien 1\Bureau 2008-06-06 21:52:28 0 dr-h----- C:\Documents and Settings\julien 1\Application Data 2008-06-06 21:52:28 0 d---s---- C:\Documents and Settings\julien 1\Application Data\Microsoft 2008-06-06 21:52:27 2097152 --ah----- C:\Documents and Settings\julien 1\ntuser.dat 2008-06-06 21:30:11 1835008 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat 2008-06-06 21:30:11 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-06-06 21:30:11 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2008-06-06 21:30:11 0 d-------- C:\Documents and Settings\Administrateur\Cookies 2008-06-06 21:30:11 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2008-06-06 21:30:11 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2008-06-05 16:44:01 0 d-------- C:\Documents and Settings\Julien\Application Data\Hamachi 2008-06-05 16:43:33 0 d-------- C:\Program Files\Hamachi 2008-06-04 15:02:58 0 d--h----- C:\Program Files\InstallJammer Registry 2008-06-03 18:50:16 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll -- Find3M Report --------------------------------------------------------------- 2008-06-22 16:58:58 0 d-------- C:\Documents and Settings\Julien\Application Data\Azureus 2008-06-22 16:58:54 0 d-------- C:\Documents and Settings\Julien\Application Data\Xfire 2008-06-22 16:54:09 0 d-------- C:\Program Files\Xfire 2008-06-22 11:40:30 0 d-------- C:\Program Files\MegauploadToolbar 2008-06-22 11:40:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-21 01:48:35 0 d-------- C:\Documents and Settings\Julien\Application Data\teamspeak2 2008-06-15 11:09:30 0 d-------- C:\Program Files\World of Warcraft 2008-06-15 11:06:18 0 d-------- C:\Program Files\Registry Easy 2008-06-15 11:06:13 0 d-------- C:\Program Files\Square Soft, Inc 2008-06-06 21:20:44 0 d-------- C:\Documents and Settings\Julien\Application Data\MegauploadToolbar 2008-05-31 17:43:04 0 d-------- C:\Program Files\Fichiers communs 2008-05-28 19:50:28 0 d-------- C:\Program Files\Game Cam V2 2008-05-03 22:03:00 0 d-------- C:\Program Files\Sports Interactive 2008-05-03 20:50:25 0 d--h----- C:\Program Files\Zero G Registry 2008-04-26 17:28:10 0 d-------- C:\Program Files\Creative Labs 2008-04-05 00:53:18 81984 --a------ C:\WINDOWS\system32\bdod.bin 2008-04-03 10:47:05 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-04-03 10:47:05 71749 --a------ C:\WINDOWS\hcextoutput.dll 2008-04-03 10:47:04 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI> 2008-04-03 10:45:34 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-04-03 10:45:33 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-04-03 10:45:33 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-03-31 01:41:33 458560 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-31 01:41:33 71452 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-26 18:59:21 1287 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [27/07/2004 13:48] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 08:27] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 11:56] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] "nwiz"="nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [20/04/2008 18:08] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [03/02/2008 01:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [22/12/2007 09:09] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{652f1ef8-d432-11dc-b00f-00111110690d}] AutoRun\command- E:\autoplay.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8751 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-22 17:01:03 ------------ Merci de ton aide futur, Cordialement Julien

Bonjour, desolé pour l'attente aussi mais je croyais que j'avais été abandonné a mon sort, merci d'etre revenu m'aider, Sur ce voila le rapport de Mbr.exe Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1314ffd8 size 0x1e4 ! copy of MBR has been found in sector 62 ! Sur ce bonne aprem cordialement Julien PS: rassurez, svp dites moi quand vous connaissez la solution a ce genre de probleme.

je sais pas, enfin moi j'ai essayé de restaurer, (sans succes) fin bon j'ai telecharger spybot: search and destroy, activé la fonction tea timer, et la le virus a l'aire de me laisser en paix, j'arrive pas a graver Ultimate boot, sa bug otujours a la fin, enfin bref, puisse ce virus me laissez en paix le plus longtemps possible Sur ce, cordialement Julien

up ^^ j'attends des reponses svp Dju

je m'en doute mais bon on verra bien,^^ Dju

Voila mon scan avec antivir: Avira AntiVir Personal Report file date: samedi 7 juin 2008 10:10 Scanning for 1313263 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: CELERON Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 16:08:16 AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 16:08:16 LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 16:08:16 LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 16:08:17 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7/03/2008 21:19:13 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 1/06/2008 15:58:31 ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 6/06/2008 16:00:12 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 16:08:17 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/06/2008 16:00:29 AESCN.DLL : 8.1.0.21 119156 Bytes 6/06/2008 16:00:27 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:37:28 AEPACK.DLL : 8.1.1.5 364918 Bytes 19/05/2008 17:32:17 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 16:08:17 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/06/2008 16:00:25 AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 13:56:33 AEGEN.DLL : 8.1.0.28 307572 Bytes 6/06/2008 16:00:16 AEEMU.DLL : 8.1.0.6 430451 Bytes 8/05/2008 15:27:47 AECORE.DLL : 8.1.0.31 168310 Bytes 6/06/2008 16:00:14 AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 16:08:16 AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 16:08:16 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 16:08:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 16:08:16 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 16:08:16 SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 16:08:17 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 16:08:17 NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 16:08:17 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 16:08:11 RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 16:08:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 7 juin 2008 10:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'PStrip.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsDeviceConnect.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'imapi.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [DETECTION] Contains detection pattern of the boot sector virus BOO/Sinowal.A [WARNING] The boot sector cannot be repaired! You can find more information in the help Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' <Maxtor160Gb> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <IBM20Gb> End of the scan: samedi 7 juin 2008 10:47 Used time: 36:31 min The scan has been done completely. 5930 Scanning directories 290773 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 290771 Files not concerned 2400 Archives were scanned 4 Warnings 0 Notes et voila le rapport avec le prgramme que vous m'avez fait utilisé GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-06-07 11:00:42 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sppe.sys ZwCreateKey [0xF74D90E0] SSDT BA70F35C ZwCreateThread SSDT sppe.sys ZwEnumerateKey [0xF74F6CA2] SSDT sppe.sys ZwEnumerateValueKey [0xF74F7030] SSDT sppe.sys ZwOpenKey [0xF74D90C0] SSDT BA70F348 ZwOpenProcess SSDT BA70F34D ZwOpenThread SSDT sppe.sys ZwQueryKey [0xF74F7108] SSDT sppe.sys ZwQueryValueKey [0xF74F6F88] SSDT sppe.sys ZwSetValueKey [0xF74F719A] SSDT BA70F357 ZwTerminateProcess SSDT BA70F352 ZwWriteVirtualMemory INT 0x62 ? 89917BF8 INT 0x73 ? 8965EBF8 INT 0x73 ? 8965EBF8 INT 0x82 ? 89917BF8 INT 0x83 ? 89917BF8 INT 0x83 ? 89917BF8 INT 0x83 ? 8965EBF8 INT 0x83 ? 89917BF8 INT 0xA4 ? 8965EBF8 INT 0xB4 ? 8965EBF8 ---- Kernel code sections - GMER 1.0.14 ---- ? sppe.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload B9B4562C 5 Bytes JMP 8965E1D8 .text afx3spex.SYS B9935384 1 Byte [ 20 ] .text afx3spex.SYS B9935386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text afx3spex.SYS B99353AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text afx3spex.SYS B99353C4 3 Bytes [ 00, 00, 00 ] .text afx3spex.SYS B99353C9 1 Byte [ 00 ] .text ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898AC2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74FF6D0] sppe.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7503708] sppe.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DA046] sppe.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DA142] sppe.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DA0C4] sppe.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DA7CE] sppe.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DA6A4] sppe.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8965E2D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E5D7A] sppe.sys IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlInitUnicodeString] DD000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!swprintf] 74000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSetEvent] 1F000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 4B000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetConfigurationInformation] BD000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 8B000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8A000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 70000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 3E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnmapIoSpace] B5000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 66000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IofCompleteRequest] 48000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 03000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IofCallDriver] F6000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 61000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoConnectInterrupt] 35000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDetachDevice] 57000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeWaitForSingleObject] B9000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeEvent] 86000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C1000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlInitAnsiString] 1D000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 9E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoQueueWorkItem] E1000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapIoSpace] F8000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 98000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoReportDetectedDevice] 11000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoReportResourceForDetection] 69000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] D9000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!NlsMbCodePageTag] 8E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoRequestPowerIrp] 94000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 9B000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 1E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!sprintf] 87000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] E9000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObfDereferenceObject] CE000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 55000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 28000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwClose] DF000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 8C000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] A1000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 89000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 0D000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoCallDriver] [bF000000] \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoCreateDevice] E6000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 42000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 68000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwOpenKey] 41000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 99000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartTimer] 2D000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeTimer] 0F000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInitializeTimer] B0000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeDpc] 54000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeSpinLock] BB000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInitializeIrp] 16000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwCreateKey] 00000052 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00000009 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 0000006A IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwSetValueKey] 000000D5 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00000030 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000036 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartPacket] 000000A5 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000038 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000BF IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeMdl] 00000040 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnlockPages] 000000A3 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000009E IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 00000081 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000F3 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000D7 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000FB IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartNextPacket] 0000007C IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeBugCheckEx] 000000E3 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 00000039 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSetTimer] 00000082 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeCancelTimer] 0000009B IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_allmul] 0000002F IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmProbeAndLockPages] 000000FF IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_except_handler3] 00000087 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoSetPowerState] 00000034 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 0000008E IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000043 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_aulldiv] 00000044 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!strstr] 000000C4 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_strupr] 000000DE IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000E9 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CB IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeTickCount] 00000054 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 0000007B IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDeleteDevice] 00000094 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000032 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateWorkItem] 000000A6 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateIrp] 000000C2 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateMdl] 00000023 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0000003D IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000EE IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000004C IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00000095 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ExFreePoolWithTag] 0000000B IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeIrp] 00000042 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000FA IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!InitSafeBootMode] 000000C3 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCompareMemory] 0000004E IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000008 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!memmove] 0000002E IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000A1 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfAcquireSpinLock] 6C000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_UCHAR] 56000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KeGetCurrentIrql] F4000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfRaiseIrql] EA000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfLowerIrql] 65000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!HalGetInterruptVector] 7A000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!HalTranslateBusAddress] AE000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KeStallExecutionProcessor] 08000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfReleaseSpinLock] BA000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_USHORT] 25000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[WMILIB.SYS!WmiSystemControl] B4000000 IAT \SystemRoot\System32\Drivers\afx3spex.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 899161F8 Device \Driver\usbuhci \Device\USBPDO-0 89712500 Device \Driver\PCI_PNP3282 \Device\00000044 sppe.sys Device \Driver\PCI_PNP3282 \Device\00000044 sppe.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 898AA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 898AA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 898AA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 898AA1F8 Device \Driver\usbuhci \Device\USBPDO-1 89712500 Device \Driver\usbuhci \Device\USBPDO-2 89712500 Device \Driver\usbuhci \Device\USBPDO-3 89712500 Device \Driver\usbehci \Device\USBPDO-4 896461F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 899181F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 899181F8 Device \Driver\Cdrom \Device\CdRom0 896D9500 Device \Driver\Cdrom \Device\CdRom1 896D9500 Device \Driver\atapi \Device\Ide\IdePort0 899171F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 899171F8 Device \Driver\atapi \Device\Ide\IdePort1 899171F8 Device \Driver\atapi \Device\Ide\IdePort2 899171F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 899171F8 Device \Driver\atapi \Device\Ide\IdePort3 899171F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 899171F8 Device \Driver\Cdrom \Device\CdRom2 896D9500 Device \Driver\Cdrom \Device\CdRom3 896D9500 Device \Driver\Cdrom \Device\CdRom4 896D9500 Device \Driver\Cdrom \Device\CdRom5 896D9500 Device \Driver\NetBT \Device\NetBt_Wins_Export 897461F8 Device \Driver\Cdrom \Device\CdRom6 896D9500 Device \Driver\NetBT \Device\NetbiosSmb 897461F8 Device \Driver\usbuhci \Device\USBFDO-0 89712500 Device \Driver\usbuhci \Device\USBFDO-1 89712500 Device \Driver\sptd \Device\2601493282 sppe.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FC31F8 Device \Driver\usbuhci \Device\USBFDO-2 89712500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FC31F8 Device \Driver\usbuhci \Device\USBFDO-3 89712500 Device \Driver\usbehci \Device\USBFDO-4 896461F8 Device \Driver\Ftdisk \Device\FtControl 899181F8 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target0Lun0 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target4Lun0 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target2Lun0 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target1Lun0 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target5Lun0 895DA500 Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target3Lun0 895DA500 Device \FileSystem\Cdfs \Cdfs 89563300 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA8 0xA6 0xE1 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2D 0x96 0x61 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x86 0xE4 0xAD 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA8 0xA6 0xE1 0x2A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD1 0x68 0xFD 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x86 0xE4 0xAD 0x3A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1314ffd8 size 0x1e4 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ---- Desolé pour l'attente, fin bon je ne suis pas sur mais j'ai l'impression que mon ordi va mieu ^^ Cordialement Dju