Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Boo/sinowal.a : virus, trojan ?

Dju188

Par Dju188
dans Analyses et éradication malwares

 Partager

Messages recommandés

Dju188 Member

Dju188

Posté(e)
Posté(e)

Bonsoir, voila mtn 1 h, que mon uc rame des que j'ouvre le moindre programme, j'ai tt de suite lancé une analyse antivirus avec Avira Antivir Personal - Free antivirus qui m'a signalé un virus: BOO/Sinowal.A il me demande de le suprimer mais il n'y arrive pas, voila mon log hijackthis, je m'en remet a vous

 

Le log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:36:14, on 6/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\program files\powerstrip\pstrip.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Julien\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-746137067-1645522239-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'julien 1')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206557495462

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

 

--

End of file - 8903 bytes

 

 

 

-------------------------------------------------------------------------------------------------------------

Voila, aidez moi svp, sur ce bonne soirée et merci de bien vouloir me preter attention.

 

Cordialement Dju

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Est ce que tu as le rapport d'Antivir ? si oui poste le stp.

Sinon >>

 

Fais un clic droit sur l'icône d'Antivir (dans la barre des tâches) > clique sur Start Antivir > tu cliques ensuite sur l'onglet "Reports" > sous la colonne Action, sélectionne Scan (pas Update) et double clique dessus > une fenêtre s'ouvre > clique sur le bouton Report File > un fichier texte s'ouvre, poste le contenu dans ta prochaine réponse.

 

 

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

 

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

 

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Dju188 Member

Dju188

Posté(e)
  • Auteur
Posté(e)

Voila mon scan avec antivir:

 

 

 

Avira AntiVir Personal

Report file date: samedi 7 juin 2008 10:10

 

Scanning for 1313263 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CELERON

 

Version information:

BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 16:08:16

AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 16:08:16

LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 16:08:16

LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 16:08:17

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7/03/2008 21:19:13

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 1/06/2008 15:58:31

ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 6/06/2008 16:00:12

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 16:08:17

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/06/2008 16:00:29

AESCN.DLL : 8.1.0.21 119156 Bytes 6/06/2008 16:00:27

AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:37:28

AEPACK.DLL : 8.1.1.5 364918 Bytes 19/05/2008 17:32:17

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 16:08:17

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/06/2008 16:00:25

AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 13:56:33

AEGEN.DLL : 8.1.0.28 307572 Bytes 6/06/2008 16:00:16

AEEMU.DLL : 8.1.0.6 430451 Bytes 8/05/2008 15:27:47

AECORE.DLL : 8.1.0.31 168310 Bytes 6/06/2008 16:00:14

AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 16:08:16

AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 16:08:16

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 16:08:16

AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 16:08:16

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 16:08:16

SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 16:08:17

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 16:08:17

NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 16:08:17

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 16:08:11

RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 16:08:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 7 juin 2008 10:10

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'PStrip.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'SMax4.exe' - '1' Module(s) have been scanned

Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned

Scan process 'SMAgent.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'PhotoshopElementsDeviceConnect.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'imapi.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

41 processes with 41 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[DETECTION] Contains detection pattern of the boot sector virus BOO/Sinowal.A

[WARNING] The boot sector cannot be repaired! You can find more information in the help

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

 

The registry was scanned ( '28' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Maxtor160Gb>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <IBM20Gb>

 

 

End of the scan: samedi 7 juin 2008 10:47

Used time: 36:31 min

 

The scan has been done completely.

 

5930 Scanning directories

290773 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

290771 Files not concerned

2400 Archives were scanned

4 Warnings

0 Notes

 

 

 

et voila le rapport avec le prgramme que vous m'avez fait utilisé

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-06-07 11:00:42

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT sppe.sys ZwCreateKey [0xF74D90E0]

SSDT BA70F35C ZwCreateThread

SSDT sppe.sys ZwEnumerateKey [0xF74F6CA2]

SSDT sppe.sys ZwEnumerateValueKey [0xF74F7030]

SSDT sppe.sys ZwOpenKey [0xF74D90C0]

SSDT BA70F348 ZwOpenProcess

SSDT BA70F34D ZwOpenThread

SSDT sppe.sys ZwQueryKey [0xF74F7108]

SSDT sppe.sys ZwQueryValueKey [0xF74F6F88]

SSDT sppe.sys ZwSetValueKey [0xF74F719A]

SSDT BA70F357 ZwTerminateProcess

SSDT BA70F352 ZwWriteVirtualMemory

 

INT 0x62 ? 89917BF8

INT 0x73 ? 8965EBF8

INT 0x73 ? 8965EBF8

INT 0x82 ? 89917BF8

INT 0x83 ? 89917BF8

INT 0x83 ? 89917BF8

INT 0x83 ? 8965EBF8

INT 0x83 ? 89917BF8

INT 0xA4 ? 8965EBF8

INT 0xB4 ? 8965EBF8

 

---- Kernel code sections - GMER 1.0.14 ----

 

? sppe.sys Le fichier spécifié est introuvable. !

.text USBPORT.SYS!DllUnload B9B4562C 5 Bytes JMP 8965E1D8

.text afx3spex.SYS B9935384 1 Byte [ 20 ]

.text afx3spex.SYS B9935386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]

.text afx3spex.SYS B99353AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]

.text afx3spex.SYS B99353C4 3 Bytes [ 00, 00, 00 ]

.text afx3spex.SYS B99353C9 1 Byte [ 00 ]

.text ...

 

---- Kernel IAT/EAT - GMER 1.0.14 ----

 

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898AC2D8

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74FF6D0] sppe.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7503708] sppe.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DA046] sppe.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DA142] sppe.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DA0C4] sppe.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DA7CE] sppe.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DA6A4] sppe.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8965E2D8

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E5D7A] sppe.sys

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlInitUnicodeString] DD000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!swprintf] 74000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSetEvent] 1F000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 4B000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetConfigurationInformation] BD000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 8B000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8A000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 70000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 3E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnmapIoSpace] B5000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 66000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IofCompleteRequest] 48000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 03000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IofCallDriver] F6000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 61000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoConnectInterrupt] 35000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDetachDevice] 57000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeWaitForSingleObject] B9000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeEvent] 86000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C1000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlInitAnsiString] 1D000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 9E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoQueueWorkItem] E1000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapIoSpace] F8000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 98000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoReportDetectedDevice] 11000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoReportResourceForDetection] 69000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] D9000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!NlsMbCodePageTag] 8E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoRequestPowerIrp] 94000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 9B000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 1E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!sprintf] 87000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] E9000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObfDereferenceObject] CE000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 55000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 28000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwClose] DF000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 8C000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] A1000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 89000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 0D000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoCallDriver] [bF000000] \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation)

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoCreateDevice] E6000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 42000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 68000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwOpenKey] 41000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 99000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartTimer] 2D000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeTimer] 0F000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInitializeTimer] B0000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeDpc] 54000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInitializeSpinLock] BB000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoInitializeIrp] 16000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwCreateKey] 00000052

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00000009

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 0000006A

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ZwSetValueKey] 000000D5

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00000030

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000036

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartPacket] 000000A5

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000038

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000BF

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeMdl] 00000040

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnlockPages] 000000A3

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000009E

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 00000081

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000F3

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000D7

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000FB

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoStartNextPacket] 0000007C

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeBugCheckEx] 000000E3

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 00000039

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeSetTimer] 00000082

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeCancelTimer] 0000009B

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_allmul] 0000002F

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmProbeAndLockPages] 000000FF

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_except_handler3] 00000087

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!PoSetPowerState] 00000034

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 0000008E

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000043

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_aulldiv] 00000044

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!strstr] 000000C4

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!_strupr] 000000DE

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000E9

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CB

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!KeTickCount] 00000054

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 0000007B

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoDeleteDevice] 00000094

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000032

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateWorkItem] 000000A6

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateIrp] 000000C2

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoAllocateMdl] 00000023

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0000003D

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000EE

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000004C

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00000095

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!ExFreePoolWithTag] 0000000B

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeIrp] 00000042

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000FA

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!InitSafeBootMode] 000000C3

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCompareMemory] 0000004E

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000008

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!memmove] 0000002E

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000A1

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfAcquireSpinLock] 6C000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_UCHAR] 56000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KeGetCurrentIrql] F4000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfRaiseIrql] EA000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfLowerIrql] 65000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!HalGetInterruptVector] 7A000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!HalTranslateBusAddress] AE000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KeStallExecutionProcessor] 08000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!KfReleaseSpinLock] BA000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!READ_PORT_USHORT] 25000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[WMILIB.SYS!WmiSystemControl] B4000000

IAT \SystemRoot\System32\Drivers\afx3spex.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 899161F8

Device \Driver\usbuhci \Device\USBPDO-0 89712500

Device \Driver\PCI_PNP3282 \Device\00000044 sppe.sys

Device \Driver\PCI_PNP3282 \Device\00000044 sppe.sys

Device \Driver\dmio \Device\DmControl\DmIoDaemon 898AA1F8

Device \Driver\dmio \Device\DmControl\DmConfig 898AA1F8

Device \Driver\dmio \Device\DmControl\DmPnP 898AA1F8

Device \Driver\dmio \Device\DmControl\DmInfo 898AA1F8

Device \Driver\usbuhci \Device\USBPDO-1 89712500

Device \Driver\usbuhci \Device\USBPDO-2 89712500

Device \Driver\usbuhci \Device\USBPDO-3 89712500

Device \Driver\usbehci \Device\USBPDO-4 896461F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 899181F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 899181F8

Device \Driver\Cdrom \Device\CdRom0 896D9500

Device \Driver\Cdrom \Device\CdRom1 896D9500

Device \Driver\atapi \Device\Ide\IdePort0 899171F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 899171F8

Device \Driver\atapi \Device\Ide\IdePort1 899171F8

Device \Driver\atapi \Device\Ide\IdePort2 899171F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 899171F8

Device \Driver\atapi \Device\Ide\IdePort3 899171F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 899171F8

Device \Driver\Cdrom \Device\CdRom2 896D9500

Device \Driver\Cdrom \Device\CdRom3 896D9500

Device \Driver\Cdrom \Device\CdRom4 896D9500

Device \Driver\Cdrom \Device\CdRom5 896D9500

Device \Driver\NetBT \Device\NetBt_Wins_Export 897461F8

Device \Driver\Cdrom \Device\CdRom6 896D9500

Device \Driver\NetBT \Device\NetbiosSmb 897461F8

Device \Driver\usbuhci \Device\USBFDO-0 89712500

Device \Driver\usbuhci \Device\USBFDO-1 89712500

Device \Driver\sptd \Device\2601493282 sppe.sys

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FC31F8

Device \Driver\usbuhci \Device\USBFDO-2 89712500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FC31F8

Device \Driver\usbuhci \Device\USBFDO-3 89712500

Device \Driver\usbehci \Device\USBFDO-4 896461F8

Device \Driver\Ftdisk \Device\FtControl 899181F8

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target0Lun0 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target4Lun0 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target2Lun0 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target1Lun0 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target5Lun0 895DA500

Device \Driver\afx3spex \Device\Scsi\afx3spex1Port4Path0Target3Lun0 895DA500

Device \FileSystem\Cdfs \Cdfs 89563300

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA8 0xA6 0xE1 0x2A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2D 0x96 0x61 0xC1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x86 0xE4 0xAD 0x3A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA8 0xA6 0xE1 0x2A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0xA1 0x5C 0x7A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD1 0x68 0xFD 0xA6 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x86 0xE4 0xAD 0x3A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xF2 0x0C 0x43 0xC9 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xAB 0xC6 0x4F 0x85 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x54 0x51 0xDA 0xC7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x54 0x51 0xDA 0xC7 ...

 

---- Disk sectors - GMER 1.0.14 ----

 

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1314ffd8 size 0x1e4

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

 

---- EOF - GMER 1.0.14 ----

 

 

 

Desolé pour l'attente, fin bon je ne suis pas sur mais j'ai l'impression que mon ordi va mieu ^^

 

Cordialement Dju

TomFarI Junior Member

TomFarI

Posté(e)
Posté(e)

Yep salu, j ai le meme probleme et j arrive pas a l effacer, j sais qu on peut réparer le boot sector avec l cd windows mais si le virus a encrypté le machin ca peut avoir des consequences lourde.donc si quelqu un a une solution.

Au fait c es pas parce que ton pc rame plus trop qu il faut laissé l virus tranquil au chaud :P

Merci.

TomFarI Junior Member

TomFarI

Posté(e)
Posté(e)

grrrr c est comme si ca n arrivai qu a nous. J n ai trouvé aucune réponse a part le cd ultimate boot cd qui propose deux antivirus qui scan ton sector boot avnt l demarrage de window mais il sont vieu et leur base de virus ne reconnai pas du tout le mieu. Qui sait peut etre pour toi...

Somme nous les seul a avoir un p.... d virus dans l sector boot merci !! :P

Dju188 Member

Dju188

Posté(e)
  • Auteur
Posté(e)

je sais pas, enfin moi j'ai essayé de restaurer, (sans succes) fin bon j'ai telecharger spybot: search and destroy, activé la fonction tea timer, et la le virus a l'aire de me laisser en paix, j'arrive pas a graver Ultimate boot, sa bug otujours a la fin, enfin bref, puisse ce virus me laissez en paix le plus longtemps possible

 

Sur ce,

 

cordialement Julien

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut :P

 

Désolé pour l'attente!!!

 

Le pc est infecté par un virus de boot. Nous allons procéder ainsi >>

 

Télécharge MBR par GMER sur ton Bureau.

  • Désactive tous les programmes de protection (antivirus, antispyware etc.)
  • Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
  • Poste le rapport mbr.log qui apparait.

 

TomFarI, crée un topic pour toi et poste y ton rapport MBR par GMER qu'on y jette un oeil :P

Dju188 Member

Dju188

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour, desolé pour l'attente aussi mais je croyais que j'avais été abandonné a mon sort, merci d'etre revenu m'aider,

 

Sur ce voila le rapport de Mbr.exe

 

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

malicious code @ sector 0x1314ffd8 size 0x1e4 !

copy of MBR has been found in sector 62 !

 

 

 

Sur ce bonne aprem

 

cordialement Julien

 

PS: rassurez, svp dites moi quand vous connaissez la solution a ce genre de probleme.

Modifié par Dju188

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...