tortiere

OK, j'ai procédé au point de restauration et j'ai retrouvé l'état antérieur de mon menu démarrer. Pourtant, j'avais bien suivi le processus indiqué dans ton lien que je connaissais. Je pense qu'il faut éviter de déplacer des programmes d'un environnement à un autres, style d'un environnement de compte vers all users. Je vais être plus prudent pour recommencer ma manip. Merci

Bonjour, J'ai tenté de réorganiser sous Windows XP ma liste des programmes affichées dans mon menu Démarrer/Tous Les programmes (clic droit / Explorer puis création de dossier et déplacement de programmes). J'observe que certains programmes après déplacement ne sont plus affichés dans le menu alors qu'ils apparaissent bien dans Explorer au niveau des répertoires Menu Démarrer / Programmes... Pour info, ces programmes absents à l'affichage dans le menu apparaissent grisés sous Explorer. Comment récupérer leur affichage ? (mauvais déplacement all users, default user, ... ?) Merci pour votre aide.

Cà y est !!! J'ai réussi à mettre la main sur le problème svchost + wauclt.exe. A mon, c'est efectivement windows update qui s'emmêle les pinceaux... 1/ Dans panneau de config / Mise à jour auto, j'ai basculé sans vérification de mise à jour. 2/ Dans outils admnistration / services, j'ai arrêté mise à jour auto et je l'ai passé en mode manuel J'ai redémarré le pc => plus de svchost à 100%. J'ai remis ensuite 1/ en position m'avertir lors de mise à jour dispo sans télécharger. On voit bien wuauclt activé mais sans prendre de process. Maintenant, et pour l'instan, lorsque je reboote mon j'ai bien 2 wcauclt qui se lancent mais pas de 100% cpu pendant 1 minute ou plus. J'ai bien aussi le message qui m'indique que des mises à jour sont dispo. Dans le pire des cas, je désactiverai la mise à jour auto si le pb revient. Donc pour moi le pb est réglé. Sinon pour répondre à ta question j'arrive bien à faire Windows Update depuis IE. Il me reste plus qu'à te remercier de ton aide précieuse. Indique moi peut être pour finir comment fermer en mode épinglé mon post. Encore merci.

Je reprends contact ce matin avant d'aller au travail. Ouf, ce sont de fausses alertes rootkit de gmer. Tant mieux. Le problème est effectivement toujours présent. Après avoir démarré le PC et sans être connecté sur internet, j'ai au bout d'une 30aine de sec. svchost qui lance un 1ier wuauclt.exe puis un 2nd. A partir de ce moment là, je n'ai plus la main pendant 1 minute. svchost.exe 1224 99.00 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 3120 Mises à jour automatiques Microsoft Corporation wuauclt.exe 3244 Mises à jour automatiques Microsoft Corporation Après tout se clame, les svchost et les 2 wuauclt sont toujours présents mais je peux enfin bosser. Au bout de 5mn, un des 2 wuauclt disparait. Tout celà je le vois très bien en utilisant Process Explorer de chez wwww.sysinternals.com. Peut être pas un virus... Observes tu aussi ce comportement svchost + 2 x wuauclt au moment du démarrage XP ? Je reprendrai des nouvelles ce soir à mon retour. Bonne journée

Voilà, tu devrais recevoir le colis de la part d'hibou...

Poufff... Je viens d'envoyer 6 copiers / coller en prenant la précaution qu'io ne soient pas trop grands ... mais je m'apercois qu'ils sont systématiquement tronqués et pour l'instant seuls mes 2 premiers copiés sont bien dans le forum... N y a t il pas une autre solution ?

=== 2ième coupe INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 8052D18A INT 0xCA \WINDOWS\system32\ntoskrnl.exe 8052D194 INT 0xCB \WINDOWS\system32\ntoskrnl.exe 8052D19E INT 0xCC \WINDOWS\system32\ntoskrnl.exe 8052D1A8 INT 0xCD \WINDOWS\system32\ntoskrnl.exe 8052D1B2 INT 0xCE \WINDOWS\system32\ntoskrnl.exe 8052D1BC INT 0xCF \WINDOWS\system32\ntoskrnl.exe 8052D1C6 INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 8052D1D0 INT 0xD1 \WINDOWS\system32\ntoskrnl.exe 8052D1DA INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 8052D1E4 INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 8052D1EE INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 8052D1F8 INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 8052D202 INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 8052D20C INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 8052D216 INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 8052D220 INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 8052D22A INT 0xDA \WINDOWS\system32\ntoskrnl.exe 8052D234 INT 0xDB \WINDOWS\system32\ntoskrnl.exe 8052D23E INT 0xDC \WINDOWS\system32\ntoskrnl.exe 8052D248 INT 0xDD \WINDOWS\system32\ntoskrnl.exe 8052D252 INT 0xDE \WINDOWS\system32\ntoskrnl.exe 8052D25C INT 0xDF \WINDOWS\system32\ntoskrnl.exe 8052D266 INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 8052D270 INT 0xE1 \WINDOWS\system32\ntoskrnl.exe 8052D27A INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 8052D284 INT 0xE3 \WINDOWS\system32\ntoskrnl.exe 8052D28E INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 8052D298 INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 8052D2A2 INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 8052D2AC INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 8052D2B6 INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 8052D2C0 INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 8052D2CA INT 0xEA \WINDOWS\system32\ntoskrnl.exe 8052D2D4 INT 0xEB \WINDOWS\system32\ntoskrnl.exe 8052D2DE INT 0xEC \WINDOWS\system32\ntoskrnl.exe 8052D2E8 INT 0xED \WINDOWS\system32\ntoskrnl.exe 8052D2F2 INT 0xEE \WINDOWS\system32\ntoskrnl.exe 8052D2F9 INT 0xEF \WINDOWS\system32\ntoskrnl.exe 8052D300 INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 8052D307 INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 8052D30E INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 8052D315 INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 8052D31C INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 8052D323 INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 8052D32A INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 8052D331 INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 8052D338 INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 8052D33F INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 8052D346 INT 0xFA \WINDOWS\system32\ntoskrnl.exe 8052D34D INT 0xFB \WINDOWS\system32\ntoskrnl.exe 8052D354 INT 0xFC \WINDOWS\system32\ntoskrnl.exe 8052D35B INT 0xFD \WINDOWS\system32\ntoskrnl.exe 8052D362 INT 0xFE \WINDOWS\system32\ntoskrnl.exe 8052D369 INT 0xFF \WINDOWS\system32\ntoskrnl.exe 8052D370 SYSENTER \WINDOWS\system32\ntoskrnl.exe 8052D480 ---- Devices - GMER 1.0.11 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F8409390] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F84095B6] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F83EB094] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F83EA432] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F83EC40E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F841D8AE] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8413EFD] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F841297D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F83FB9F0] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8460D57] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8409A2B] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F842873F] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F8407A0B] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoRead [F840ABBC] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoWrite [F841D9CC] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F840FD5E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F840A79E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoLock [F841E738] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F841E66C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F8438CD6] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F8460AB2] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F840A771] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F840A758] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F8451C06] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F841963D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlRead [F8451D20] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlReadComplete [804E4312] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F845207E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [8054A51E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F840A5AA] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F840BC6E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F840BC8A] Ntfs.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F83A9E65] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_READ [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F83B60AD] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F83ACAF5] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F83B78C3] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F83BA64E] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F83BA722] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F83A98BC] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F83B732F] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F83A9EA6] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F83A5ED1] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [F83AF81A] Mup.sys Device \FileSystem\Mup \Dfs FastIoRead [F83AF85E] Mup.sys Device \FileSystem\Mup \Dfs FastIoWrite [F83B7478] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [F83AF513] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [F83AD1D6] Mup.sys Device \FileSystem\Mup \Dfs FastIoLock [F83AD202] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockSingle [F83AD22E] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockAll [F83B74BC] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [F83B74F4] Mup.sys Device \FileSystem\Mup \Dfs FastIoDetachDevice [F83B752F] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [F83AD25A] Mup.sys Device \FileSystem\Mup \Dfs MdlRead [F83B7532] Mup.sys Device \FileSystem\Mup \Dfs MdlReadComplete [F83B758C] Mup.sys Device \FileSystem\Mup \Dfs PrepareMdlWrite [F83B75CE] Mup.sys Device \FileSystem\Mup \Dfs MdlWriteComplete [F83B7628] Mup.sys Device \FileSystem\Mup \Dfs FastIoReadCompressed [F83B7670] Mup.sys Device \FileSystem\Mup \Dfs FastIoWriteCompressed [F83B76C3] Mup.sys Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [F83B7716] Mup.sys Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [F83B774B] Mup.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_READ [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F83C419C] NDIS.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_READ [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [804EEF8E] ntoskrnl.exe Device \Device\00000019 Device \Device\00000025 Device \Device\{8F0D5C78-E932-4011-B493-1996631A8728} Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_POWER [804F1AC2] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SYSTEM_CONTROL [80578686] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_PNP [80578EE2] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F8A4E46A] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CLOSE [F8A4E4B8] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [F8A4E400] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [F8A4E354] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_PNP [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE [EB996C24] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLOSE [EB997330] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CONTROL [EB9973BA] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97D3E6] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLEANUP [EB99706E] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_PNP [EB9901BC] netbt.sys Device \Device\00000026 Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_EA

Je recommence... === 1ière coupe... === 1ière coupe... GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2006-09-17 21:13:28 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.11 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT 81507109 ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile <-- ROOTKIT !!! INT 0x00 \WINDOWS\system32\ntoskrnl.exe 8052E0B0 INT 0x01 \WINDOWS\system32\ntoskrnl.exe 8052E204 INT 0x03 \WINDOWS\system32\ntoskrnl.exe 8052E52C INT 0x04 \WINDOWS\system32\ntoskrnl.exe 8052E694 INT 0x05 \WINDOWS\system32\ntoskrnl.exe 8052E7DC INT 0x06 \WINDOWS\system32\ntoskrnl.exe 8052E93C INT 0x07 \WINDOWS\system32\ntoskrnl.exe 8052EF14 INT 0x09 \WINDOWS\system32\ntoskrnl.exe 8052F334 INT 0x0A \WINDOWS\system32\ntoskrnl.exe 8052F43C INT 0x0B \WINDOWS\system32\ntoskrnl.exe 8052F568 INT 0x0C \WINDOWS\system32\ntoskrnl.exe 8052F734 INT 0x0D \WINDOWS\system32\ntoskrnl.exe 8052F9FC INT 0x0E \WINDOWS\system32\ntoskrnl.exe 80530088 INT 0x0F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x10 \WINDOWS\system32\ntoskrnl.exe 8053053C INT 0x11 \WINDOWS\system32\ntoskrnl.exe 8053065C INT 0x12 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x13 \WINDOWS\system32\ntoskrnl.exe 805307AC INT 0x14 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x15 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x16 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x17 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x18 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x19 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1A \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1B \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1C \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1D \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1E \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x2A \WINDOWS\system32\ntoskrnl.exe 8052D93E INT 0x2B \WINDOWS\system32\ntoskrnl.exe 8052DA30 INT 0x2C \WINDOWS\system32\ntoskrnl.exe 8052DBC0 INT 0x2D \WINDOWS\system32\ntoskrnl.exe 8052E41C INT 0x2E \WINDOWS\system32\ntoskrnl.exe 8052D4AD INT 0x2F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x30 \WINDOWS\system32\hal.dll 806B2558 INT 0x32 \WINDOWS\system32\ntoskrnl.exe 8052CBA4 INT 0x36 \WINDOWS\system32\ntoskrnl.exe 8052CBCC INT 0x38 \WINDOWS\system32\hal.dll 806ACE80 INT 0x3A \WINDOWS\system32\ntoskrnl.exe 8052CBF4 INT 0x3D \WINDOWS\system32\ntoskrnl.exe 8052CC12 INT 0x40 \WINDOWS\system32\ntoskrnl.exe 8052CC30 INT 0x41 \WINDOWS\system32\ntoskrnl.exe 8052CC3A INT 0x42 \WINDOWS\system32\ntoskrnl.exe 8052CC44 INT 0x43 \WINDOWS\system32\ntoskrnl.exe 8052CC4E INT 0x44 \WINDOWS\system32\ntoskrnl.exe 8052CC58 INT 0x45 \WINDOWS\system32\ntoskrnl.exe 8052CC62 INT 0x46 \WINDOWS\system32\ntoskrnl.exe 8052CC6C INT 0x47 \WINDOWS\system32\ntoskrnl.exe 8052CC76 INT 0x48 \WINDOWS\system32\ntoskrnl.exe 8052CC80 INT 0x49 \WINDOWS\system32\ntoskrnl.exe 8052CC8A INT 0x4A \WINDOWS\system32\ntoskrnl.exe 8052CC94 INT 0x4B \WINDOWS\system32\ntoskrnl.exe 8052CC9E INT 0x4C \WINDOWS\system32\ntoskrnl.exe 8052CCA8 INT 0x4D \WINDOWS\system32\ntoskrnl.exe 8052CCB2 INT 0x4E \WINDOWS\system32\ntoskrnl.exe 8052CCBC INT 0x4F \WINDOWS\system32\ntoskrnl.exe 8052CCC6 INT 0x50 \WINDOWS\system32\ntoskrnl.exe 8052CCD0 INT 0x51 \WINDOWS\system32\ntoskrnl.exe 8052CCDA INT 0x52 \WINDOWS\system32\ntoskrnl.exe 8052CCE4 INT 0x53 \WINDOWS\system32\ntoskrnl.exe 8052CCEE INT 0x54 \WINDOWS\system32\ntoskrnl.exe 8052CCF8 INT 0x55 \WINDOWS\system32\ntoskrnl.exe 8052CD02 INT 0x56 \WINDOWS\system32\ntoskrnl.exe 8052CD0C INT 0x57 \WINDOWS\system32\ntoskrnl.exe 8052CD16 INT 0x58 \WINDOWS\system32\ntoskrnl.exe 8052CD20 INT 0x59 \WINDOWS\system32\ntoskrnl.exe 8052CD2A INT 0x5A \WINDOWS\system32\ntoskrnl.exe 8052CD34 INT 0x5B \WINDOWS\system32\ntoskrnl.exe 8052CD3E INT 0x5C \WINDOWS\system32\ntoskrnl.exe 8052CD48 INT 0x5D \WINDOWS\system32\ntoskrnl.exe 8052CD52 INT 0x5E \WINDOWS\system32\ntoskrnl.exe 8052CD5C INT 0x5F \WINDOWS\system32\ntoskrnl.exe 8052CD66 INT 0x60 \WINDOWS\system32\ntoskrnl.exe 8052CD70 INT 0x61 \WINDOWS\system32\ntoskrnl.exe 8052CD7A INT 0x62 \WINDOWS\system32\ntoskrnl.exe 8052CD84 INT 0x63 \WINDOWS\system32\ntoskrnl.exe 8052CD8E INT 0x64 \WINDOWS\system32\ntoskrnl.exe 8052CD98 INT 0x65 \WINDOWS\system32\ntoskrnl.exe 8052CDA2 INT 0x66 \WINDOWS\system32\ntoskrnl.exe 8052CDAC INT 0x67 \WINDOWS\system32\ntoskrnl.exe 8052CDB6 INT 0x68 \WINDOWS\system32\ntoskrnl.exe 8052CDC0 INT 0x69 \WINDOWS\system32\ntoskrnl.exe 8052CDCA INT 0x6A \WINDOWS\system32\ntoskrnl.exe 8052CDD4 INT 0x6B \WINDOWS\system32\ntoskrnl.exe 8052CDDE INT 0x6C \WINDOWS\system32\ntoskrnl.exe 8052CDE8 INT 0x6D \WINDOWS\system32\ntoskrnl.exe 8052CDF2 INT 0x6E \WINDOWS\system32\ntoskrnl.exe 8052CDFC INT 0x6F \WINDOWS\system32\ntoskrnl.exe 8052CE06 INT 0x70 \WINDOWS\system32\ntoskrnl.exe 8052CE10 INT 0x71 \WINDOWS\system32\ntoskrnl.exe 8052CE1A INT 0x72 \WINDOWS\system32\ntoskrnl.exe 8052CE24 INT 0x73 \WINDOWS\system32\ntoskrnl.exe 8052CE2E INT 0x74 \WINDOWS\system32\ntoskrnl.exe 8052CE38 INT 0x75 \WINDOWS\system32\ntoskrnl.exe 8052CE42 INT 0x76 \WINDOWS\system32\ntoskrnl.exe 8052CE4C INT 0x77 \WINDOWS\system32\ntoskrnl.exe 8052CE56 INT 0x78 \WINDOWS\system32\ntoskrnl.exe 8052CE60 INT 0x79 \WINDOWS\system32\ntoskrnl.exe 8052CE6A INT 0x7A \WINDOWS\system32\ntoskrnl.exe 8052CE74 INT 0x7B \WINDOWS\system32\ntoskrnl.exe 8052CE7E INT 0x7C \WINDOWS\system32\ntoskrnl.exe 8052CE88 INT 0x7D \WINDOWS\system32\ntoskrnl.exe 8052CE92 INT 0x7E \WINDOWS\system32\ntoskrnl.exe 8052CE9C INT 0x7F \WINDOWS\system32\ntoskrnl.exe 8052CEA6 INT 0x80 \WINDOWS\system32\ntoskrnl.exe 8052CEB0 INT 0x81 \WINDOWS\system32\ntoskrnl.exe 8052CEBA INT 0x82 \WINDOWS\system32\ntoskrnl.exe 8052CEC4 INT 0x83 \WINDOWS\system32\ntoskrnl.exe 8052CECE INT 0x84 \WINDOWS\system32\ntoskrnl.exe 8052CED8 INT 0x85 \WINDOWS\system32\ntoskrnl.exe 8052CEE2 INT 0x86 \WINDOWS\system32\ntoskrnl.exe 8052CEEC INT 0x87 \WINDOWS\system32\ntoskrnl.exe 8052CEF6 INT 0x88 \WINDOWS\system32\ntoskrnl.exe 8052CF00 INT 0x89 \WINDOWS\system32\ntoskrnl.exe 8052CF0A INT 0x8A \WINDOWS\system32\ntoskrnl.exe 8052CF14 INT 0x8B \WINDOWS\system32\ntoskrnl.exe 8052CF1E INT 0x8C \WINDOWS\system32\ntoskrnl.exe 8052CF28 INT 0x8D \WINDOWS\system32\ntoskrnl.exe 8052CF32 INT 0x8E \WINDOWS\system32\ntoskrnl.exe 8052CF3C INT 0x8F \WINDOWS\system32\ntoskrnl.exe 8052CF46 INT 0x90 \WINDOWS\system32\ntoskrnl.exe 8052CF50 INT 0x91 \WINDOWS\system32\ntoskrnl.exe 8052CF5A INT 0x92 \WINDOWS\system32\ntoskrnl.exe 8052CF64 INT 0x93 \WINDOWS\system32\ntoskrnl.exe 8052CF6E INT 0x94 \WINDOWS\system32\ntoskrnl.exe 8052CF78 INT 0x95 \WINDOWS\system32\ntoskrnl.exe 8052CF82 INT 0x96 \WINDOWS\system32\ntoskrnl.exe 8052CF8C INT 0x97 \WINDOWS\system32\ntoskrnl.exe 8052CF96 INT 0x98 \WINDOWS\system32\ntoskrnl.exe 8052CFA0 INT 0x99 \WINDOWS\system32\ntoskrnl.exe 8052CFAA INT 0x9A \WINDOWS\system32\ntoskrnl.exe 8052CFB4 INT 0x9B \WINDOWS\system32\ntoskrnl.exe 8052CFBE INT 0x9C \WINDOWS\system32\ntoskrnl.exe 8052CFC8 INT 0x9D \WINDOWS\system32\ntoskrnl.exe 8052CFD2 INT 0x9E \WINDOWS\system32\ntoskrnl.exe 8052CFDC INT 0x9F \WINDOWS\system32\ntoskrnl.exe 8052CFE6 INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 8052CFF0 INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 8052CFFA INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 8052D004 INT 0xA3 \WINDOWS\system32\ntoskrnl.exe 8052D00E INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 8052D018 INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 8052D022 INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 8052D02C INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 8052D036 INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 8052D040 INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 8052D04A INT 0xAA \WINDOWS\system32\ntoskrnl.exe 8052D054 INT 0xAB \WINDOWS\system32\ntoskrnl.exe 8052D05E INT 0xAC \WINDOWS\system32\ntoskrnl.exe 8052D068 INT 0xAD \WINDOWS\system32\ntoskrnl.exe 8052D072 INT 0xAE \WINDOWS\system32\ntoskrnl.exe 8052D07C INT 0xAF \WINDOWS\system32\ntoskrnl.exe 8052D086 INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 8052D090 INT 0xB1 \WINDOWS\system32\ntoskrnl.exe 8052D09A INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 8052D0A4 INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 8052D0AE INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 8052D0B8 INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 8052D0C2 INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 8052D0CC INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 8052D0D6 INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 8052D0E0 INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 8052D0EA INT 0xBA \WINDOWS\system32\ntoskrnl.exe 8052D0F4 INT 0xBB \WINDOWS\system32\ntoskrnl.exe 8052D0FE INT 0xBC \WINDOWS\system32\ntoskrnl.exe 8052D108 INT 0xBD \WINDOWS\system32\ntoskrnl.exe 8052D112 INT 0xBE \WINDOWS\system32\ntoskrnl.exe 8052D11C INT 0xBF \WINDOWS\system32\ntoskrnl.exe 8052D126 INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 8052D130 INT 0xC1 \WINDOWS\system32\ntoskrnl.exe 8052D13A INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 8052D144 INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 8052D14E INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 8052D158 INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 8052D162 INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 8052D16C INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 8052D176 INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 8052D180

C'est ce que je tente de faire mais bien que mes copier / coller dans la fenêtre de saisie du post soient acceptés avec une vérification de longueur de message à l'appui, ceux -ci sont en final tronqués après avoir envoyé ma réponse. Je galère un peu mais bon je vais essayer de te présenter un rapport complet...

Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F83BA64E] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F83BA722] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F83A98BC] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F83B732F] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F83A9EA6] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F83A5ED1] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [F83AF81A] Mup.sys Device \FileSystem\Mup \Dfs FastIoRead [F83AF85E] Mup.sys Device \FileSystem\Mup \Dfs FastIoWrite [F83B7478] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [F83AF513] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [F83AD1D6] Mup.sys Device \FileSystem\Mup \Dfs FastIoLock [F83AD202] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockSingle [F83AD22E] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockAll [F83B74BC] Mup.sys Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [F83B74F4] Mup.sys Device \FileSystem\Mup \Dfs FastIoDetachDevice [F83B752F] Mup.sys Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [F83AD25A] Mup.sys Device \FileSystem\Mup \Dfs MdlRead [F83B7532] Mup.sys Device \FileSystem\Mup \Dfs MdlReadComplete [F83B758C] Mup.sys Device \FileSystem\Mup \Dfs PrepareMdlWrite [F83B75CE] Mup.sys Device \FileSystem\Mup \Dfs MdlWriteComplete [F83B7628] Mup.sys Device \FileSystem\Mup \Dfs FastIoReadCompressed [F83B7670] Mup.sys Device \FileSystem\Mup \Dfs FastIoWriteCompressed [F83B76C3] Mup.sys Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [F83B7716] Mup.sys Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [F83B774B] Mup.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_NAMED_PIPE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CLOSE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_READ [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_WRITE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_EA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_EA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_FLUSH_BUFFERS [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_VOLUME_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_VOLUME_INFORMATION [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DIRECTORY_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_FILE_SYSTEM_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SHUTDOWN [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_LOCK_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CLEANUP [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_CREATE_MAILSLOT [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_SECURITY [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_SECURITY [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_POWER [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SYSTEM_CONTROL [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_DEVICE_CHANGE [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_QUERY_QUOTA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_SET_QUOTA [F83C419C] NDIS.sys Device \Driver\NDIS \Device\Ndis IRP_MJ_PNP [F83C419C] NDIS.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_READ [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [F8478718] KSecDD.sys Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [804EEF8E] ntoskrnl.exe Device \Device\00000019 Device \Device\00000025 Device \Device\{8F0D5C78-E932-4011-B493-1996631A8728} Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_POWER [804F1AC2] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SYSTEM_CONTROL [80578686] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000032 IRP_MJ_PNP [80578EE2] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [F8A4E46A] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CLOSE [F8A4E4B8] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [F8A4E400] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [F8A4E354] Beep.SYS Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\Beep \Device\Beep IRP_MJ_PNP [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE [EB996C24] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLOSE [EB997330] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CONTROL [EB9973BA] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97D3E6] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CLEANUP [EB99706E] netbt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\NetBT \Device\NetBT_Tcpip_{15A65DBB-E571-46B4-A9B8-E291342AAAB7} IRP_MJ_PNP [EB9901BC] netbt.sys Device \Device\00000026 Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CLOSE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CLEANUP [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_POWER [804F1AC2] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SYSTEM_CONTROL [80578686] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \Driver\PnpManager \Device\00000033 IRP_MJ_PNP [80578EE2] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE [F85EC7EA] netbios.sys Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CLOSE [F85EC7EA] netbios.sys Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_READ [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_WRITE [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_INFORMATION [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_INFORMATION [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_EA [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_EA [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_FLUSH_BUFFERS [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_VOLUME_INFORMATION [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DIRECTORY_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_FILE_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DEVICE_CONTROL [F85EC7EA] netbios.sys Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SHUTDOWN [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_LOCK_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CLEANUP [F85EC7EA] netbios.sys Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_SECURITY [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_SECURITY [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_QUERY_QUOTA [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_SET_QUOTA [804EEF8E] ntoskrnl.exe Device \FileSystem\NetBIOS \Device\Netbios IRP_MJ_PNP [804EEF8E] ntoskrnl.exe Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EB9A46FF] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [EB9A7BBB] tcpip.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [EB9A7BBB] tcpip.sys Device \Device\00000027 Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE_NAMED_PIPE [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_CLOSE [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_READ [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_WRITE [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_INFORMATION [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_INFORMATION [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_EA [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_EA [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_FLUSH_BUFFERS [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_VOLUME_INFORMATION [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_VOLUME_INFORMATION [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_DIRECTORY_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_FILE_SYSTEM_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_DEVICE_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SHUTDOWN [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_LOCK_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_CLEANUP [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_CREATE_MAILSLOT [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_SECURITY [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_SECURITY [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_POWER [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SYSTEM_CONTROL [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_DEVICE_CHANGE [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_QUERY_QUOTA [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_SET_QUOTA [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 IRP_MJ_PNP [F84EF740] ACPI.sys Device \Driver\ACPI \Device\00000040 FastIoDetachDevice [F84EFAF4] ACPI.sys Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE [F8708B74] termdd.sys Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CREATE_NAMED_PIPE [F8708B74] termdd.sys Device \Driver\TermDD \Device\RDP_CONSOLE0 IRP_MJ_CLOSE [F8708B74] te

Suite à ta remarque, j'ai relancé GMER mais en cochant la case "show all" désactivitée par défaut dans l'onglet rootkit. Cà change tout au niveau dsu rapport... Le scan se termine par le message suivant : Gmer has found system modification caused by rootkit activity Manquait plus que çà ! Le rapport GMER plutôt long (j'essaye de te le mettre en entier sur plusieurs post à suivre ...) Toutes les lignes sans de renseignement dans la colonne name sont en rouge dans le rapport à l'écran, ainsi que les 1ières lignes sur fwdrv.sys. Dans la copy, elles sont à priori toutes iscrites comme rootkit. Bizarre quand même que tout celà soit du rootkit, non ? D'autant plus que fwdrv.exe semble utilisé par Kerio. Bon, je vais bien voir ce que tu en penses et si vraiment celà est lié à mon activité à 100% svchost + wuauclt observée. A bientôt GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2006-09-17 21:13:28 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.11 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT 81507109 ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey <-- ROOTKIT !!! SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile <-- ROOTKIT !!! INT 0x00 \WINDOWS\system32\ntoskrnl.exe 8052E0B0 INT 0x01 \WINDOWS\system32\ntoskrnl.exe 8052E204 INT 0x03 \WINDOWS\system32\ntoskrnl.exe 8052E52C INT 0x04 \WINDOWS\system32\ntoskrnl.exe 8052E694 INT 0x05 \WINDOWS\system32\ntoskrnl.exe 8052E7DC INT 0x06 \WINDOWS\system32\ntoskrnl.exe 8052E93C INT 0x07 \WINDOWS\system32\ntoskrnl.exe 8052EF14 INT 0x09 \WINDOWS\system32\ntoskrnl.exe 8052F334 INT 0x0A \WINDOWS\system32\ntoskrnl.exe 8052F43C INT 0x0B \WINDOWS\system32\ntoskrnl.exe 8052F568 INT 0x0C \WINDOWS\system32\ntoskrnl.exe 8052F734 INT 0x0D \WINDOWS\system32\ntoskrnl.exe 8052F9FC INT 0x0E \WINDOWS\system32\ntoskrnl.exe 80530088 INT 0x0F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x10 \WINDOWS\system32\ntoskrnl.exe 8053053C INT 0x11 \WINDOWS\system32\ntoskrnl.exe 8053065C INT 0x12 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x13 \WINDOWS\system32\ntoskrnl.exe 805307AC INT 0x14 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x15 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x16 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x17 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x18 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x19 \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1A \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1B \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1C \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1D \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1E \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x1F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x2A \WINDOWS\system32\ntoskrnl.exe 8052D93E INT 0x2B \WINDOWS\system32\ntoskrnl.exe 8052DA30 INT 0x2C \WINDOWS\system32\ntoskrnl.exe 8052DBC0 INT 0x2D \WINDOWS\system32\ntoskrnl.exe 8052E41C INT 0x2E \WINDOWS\system32\ntoskrnl.exe 8052D4AD INT 0x2F \WINDOWS\system32\ntoskrnl.exe 80530434 INT 0x30 \WINDOWS\system32\hal.dll 806B2558 INT 0x32 \WINDOWS\system32\ntoskrnl.exe 8052CBA4 INT 0x36 \WINDOWS\system32\ntoskrnl.exe 8052CBCC INT 0x38 \WINDOWS\system32\hal.dll 806ACE80 INT 0x3A \WINDOWS\system32\ntoskrnl.exe 8052CBF4 INT 0x3D \WINDOWS\system32\ntoskrnl.exe 8052CC12 INT 0x40 \WINDOWS\system32\ntoskrnl.exe 8052CC30 INT 0x41 \WINDOWS\system32\ntoskrnl.exe 8052CC3A INT 0x42 \WINDOWS\system32\ntoskrnl.exe 8052CC44 INT 0x43 \WINDOWS\system32\ntoskrnl.exe 8052CC4E INT 0x44 \WINDOWS\system32\ntoskrnl.exe 8052CC58 INT 0x45 \WINDOWS\system32\ntoskrnl.exe 8052CC62 INT 0x46 \WINDOWS\system32\ntoskrnl.exe 8052CC6C INT 0x47 \WINDOWS\system32\ntoskrnl.exe 8052CC76 INT 0x48 \WINDOWS\system32\ntoskrnl.exe 8052CC80 INT 0x49 \WINDOWS\system32\ntoskrnl.exe 8052CC8A INT 0x4A \WINDOWS\system32\ntoskrnl.exe 8052CC94 INT 0x4B \WINDOWS\system32\ntoskrnl.exe 8052CC9E INT 0x4C \WINDOWS\system32\ntoskrnl.exe 8052CCA8 INT 0x4D \WINDOWS\system32\ntoskrnl.exe 8052CCB2 INT 0x4E \WINDOWS\system32\ntoskrnl.exe 8052CCBC INT 0x4F \WINDOWS\system32\ntoskrnl.exe 8052CCC6 INT 0x50 \WINDOWS\system32\ntoskrnl.exe 8052CCD0 INT 0x51 \WINDOWS\system32\ntoskrnl.exe 8052CCDA INT 0x52 \WINDOWS\system32\ntoskrnl.exe 8052CCE4 INT 0x53 \WINDOWS\system32\ntoskrnl.exe 8052CCEE INT 0x54 \WINDOWS\system32\ntoskrnl.exe 8052CCF8 INT 0x55 \WINDOWS\system32\ntoskrnl.exe 8052CD02 INT 0x56 \WINDOWS\system32\ntoskrnl.exe 8052CD0C INT 0x57 \WINDOWS\system32\ntoskrnl.exe 8052CD16 INT 0x58 \WINDOWS\system32\ntoskrnl.exe 8052CD20 INT 0x59 \WINDOWS\system32\ntoskrnl.exe 8052CD2A INT 0x5A \WINDOWS\system32\ntoskrnl.exe 8052CD34 INT 0x5B \WINDOWS\system32\ntoskrnl.exe 8052CD3E INT 0x5C \WINDOWS\system32\ntoskrnl.exe 8052CD48 INT 0x5D \WINDOWS\system32\ntoskrnl.exe 8052CD52 INT 0x5E \WINDOWS\system32\ntoskrnl.exe 8052CD5C INT 0x5F \WINDOWS\system32\ntoskrnl.exe 8052CD66 INT 0x60 \WINDOWS\system32\ntoskrnl.exe 8052CD70 INT 0x61 \WINDOWS\system32\ntoskrnl.exe 8052CD7A INT 0x62 \WINDOWS\system32\ntoskrnl.exe 8052CD84 INT 0x63 \WINDOWS\system32\ntoskrnl.exe 8052CD8E INT 0x64 \WINDOWS\system32\ntoskrnl.exe 8052CD98 INT 0x65 \WINDOWS\system32\ntoskrnl.exe 8052CDA2 INT 0x66 \WINDOWS\system32\ntoskrnl.exe 8052CDAC INT 0x67 \WINDOWS\system32\ntoskrnl.exe 8052CDB6 INT 0x68 \WINDOWS\system32\ntoskrnl.exe 8052CDC0 INT 0x69 \WINDOWS\system32\ntoskrnl.exe 8052CDCA INT 0x6A \WINDOWS\system32\ntoskrnl.exe 8052CDD4 INT 0x6B \WINDOWS\system32\ntoskrnl.exe 8052CDDE INT 0x6C \WINDOWS\system32\ntoskrnl.exe 8052CDE8 INT 0x6D \WINDOWS\system32\ntoskrnl.exe 8052CDF2 INT 0x6E \WINDOWS\system32\ntoskrnl.exe 8052CDFC INT 0x6F \WINDOWS\system32\ntoskrnl.exe 8052CE06 INT 0x70 \WINDOWS\system32\ntoskrnl.exe 8052CE10 INT 0x71 \WINDOWS\system32\ntoskrnl.exe 8052CE1A INT 0x72 \WINDOWS\system32\ntoskrnl.exe 8052CE24 INT 0x73 \WINDOWS\system32\ntoskrnl.exe 8052CE2E INT 0x74 \WINDOWS\system32\ntoskrnl.exe 8052CE38 INT 0x75 \WINDOWS\system32\ntoskrnl.exe 8052CE42 INT 0x76 \WINDOWS\system32\ntoskrnl.exe 8052CE4C INT 0x77 \WINDOWS\system32\ntoskrnl.exe 8052CE56 INT 0x78 \WINDOWS\system32\ntoskrnl.exe 8052CE60 INT 0x79 \WINDOWS\system32\ntoskrnl.exe 8052CE6A INT 0x7A \WINDOWS\system32\ntoskrnl.exe 8052CE74 INT 0x7B \WINDOWS\system32\ntoskrnl.exe 8052CE7E INT 0x7C \WINDOWS\system32\ntoskrnl.exe 8052CE88 INT 0x7D \WINDOWS\system32\ntoskrnl.exe 8052CE92 INT 0x7E \WINDOWS\system32\ntoskrnl.exe 8052CE9C INT 0x7F \WINDOWS\system32\ntoskrnl.exe 8052CEA6 INT 0x80 \WINDOWS\system32\ntoskrnl.exe 8052CEB0 INT 0x81 \WINDOWS\system32\ntoskrnl.exe 8052CEBA INT 0x82 \WINDOWS\system32\ntoskrnl.exe 8052CEC4 INT 0x83 \WINDOWS\system32\ntoskrnl.exe 8052CECE INT 0x84 \WINDOWS\system32\ntoskrnl.exe 8052CED8 INT 0x85 \WINDOWS\system32\ntoskrnl.exe 8052CEE2 INT 0x86 \WINDOWS\system32\ntoskrnl.exe 8052CEEC INT 0x87 \WINDOWS\system32\ntoskrnl.exe 8052CEF6 INT 0x88 \WINDOWS\system32\ntoskrnl.exe 8052CF00 INT 0x89 \WINDOWS\system32\ntoskrnl.exe 8052CF0A INT 0x8A \WINDOWS\system32\ntoskrnl.exe 8052CF14 INT 0x8B \WINDOWS\system32\ntoskrnl.exe 8052CF1E INT 0x8C \WINDOWS\system32\ntoskrnl.exe 8052CF28 INT 0x8D \WINDOWS\system32\ntoskrnl.exe 8052CF32 INT 0x8E \WINDOWS\system32\ntoskrnl.exe 8052CF3C INT 0x8F \WINDOWS\system32\ntoskrnl.exe 8052CF46 INT 0x90 \WINDOWS\system32\ntoskrnl.exe 8052CF50 INT 0x91 \WINDOWS\system32\ntoskrnl.exe 8052CF5A INT 0x92 \WINDOWS\system32\ntoskrnl.exe 8052CF64 INT 0x93 \WINDOWS\system32\ntoskrnl.exe 8052CF6E INT 0x94 \WINDOWS\system32\ntoskrnl.exe 8052CF78 INT 0x95 \WINDOWS\system32\ntoskrnl.exe 8052CF82 INT 0x96 \WINDOWS\system32\ntoskrnl.exe 8052CF8C INT 0x97 \WINDOWS\system32\ntoskrnl.exe 8052CF96 INT 0x98 \WINDOWS\system32\ntoskrnl.exe 8052CFA0 INT 0x99 \WINDOWS\system32\ntoskrnl.exe 8052CFAA INT 0x9A \WINDOWS\system32\ntoskrnl.exe 8052CFB4 INT 0x9B \WINDOWS\system32\ntoskrnl.exe 8052CFBE INT 0x9C \WINDOWS\system32\ntoskrnl.exe 8052CFC8 INT 0x9D \WINDOWS\system32\ntoskrnl.exe 8052CFD2 INT 0x9E \WINDOWS\system32\ntoskrnl.exe 8052CFDC INT 0x9F \WINDOWS\system32\ntoskrnl.exe 8052CFE6 INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 8052CFF0 INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 8052CFFA INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 8052D004 INT 0xA3 \WINDOWS\system32\ntoskrnl.exe 8052D00E INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 8052D018 INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 8052D022 INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 8052D02C INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 8052D036 INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 8052D040 INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 8052D04A INT 0xAA \WINDOWS\system32\ntoskrnl.exe 8052D054 INT 0xAB \WINDOWS\system32\ntoskrnl.exe 8052D05E INT 0xAC \WINDOWS\system32\ntoskrnl.exe 8052D068 INT 0xAD \WINDOWS\system32\ntoskrnl.exe 8052D072 INT 0xAE \WINDOWS\system32\ntoskrnl.exe 8052D07C INT 0xAF \WINDOWS\system32\ntoskrnl.exe 8052D086 INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 8052D090 INT 0xB1 \WINDOWS\system32\ntoskrnl.exe 8052D09A INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 8052D0A4 INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 8052D0AE INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 8052D0B8 INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 8052D0C2 INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 8052D0CC INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 8052D0D6 INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 8052D0E0 INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 8052D0EA INT 0xBA \WINDOWS\system32\ntoskrnl.exe 8052D0F4 INT 0xBB \WINDOWS\system32\ntoskrnl.exe 8052D0FE INT 0xBC \WINDOWS\system32\ntoskrnl.exe 8052D108 INT 0xBD \WINDOWS\system32\ntoskrnl.exe 8052D112 INT 0xBE \WINDOWS\system32\ntoskrnl.exe 8052D11C INT 0xBF \WINDOWS\system32\ntoskrnl.exe 8052D126 INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 8052D130 INT 0xC1 \WINDOWS\system32\ntoskrnl.exe 8052D13A INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 8052D144 INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 8052D14E INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 8052D158 INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 8052D162 INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 8052D16C INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 8052D176 INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 8052D180 INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 8052D18A INT 0xCA \WINDOWS\system32\ntoskrnl.exe 8052D194 INT 0xCB \WINDOWS\system32\ntoskrnl.exe 8052D19E INT 0xCC \WINDOWS\system32\ntoskrnl.exe 8052D1A8 INT 0xCD \WINDOWS\system32\ntoskrnl.exe 8052D1B2 INT 0xCE \WINDOWS\system32\ntoskrnl.exe 8052D1BC INT 0xCF \WINDOWS\system32\ntoskrnl.exe 8052D1C6 INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 8052D1D0 INT 0xD1 \WINDOWS\system32\ntoskrnl.exe 8052D1DA INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 8052D1E4 INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 8052D1EE INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 8052D1F8 INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 8052D202 INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 8052D20C INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 8052D216 INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 8052D220 INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 8052D22A INT 0xDA \WINDOWS\system32\ntoskrnl.exe 8052D234 INT 0xDB \WINDOWS\system32\ntoskrnl.exe 8052D23E INT 0xDC \WINDOWS\system32\ntoskrnl.exe 8052D248 INT 0xDD \WINDOWS\system32\ntoskrnl.exe 8052D252 INT 0xDE \WINDOWS\system32\ntoskrnl.exe 8052D25C INT 0xDF \WINDOWS\system32\ntoskrnl.exe 8052D266 INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 8052D270 INT 0xE1 \WINDOWS\system32\ntoskrnl.exe 8052D27A INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 8052D284 INT 0xE3 \WINDOWS\system32\ntoskrnl.exe 8052D28E INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 8052D298 INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 8052D2A2 INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 8052D2AC INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 8052D2B6 INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 8052D2C0 INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 8052D2CA INT 0xEA \WINDOWS\system32\ntoskrnl.exe 8052D2D4 INT 0xEB \WINDOWS\system32\ntoskrnl.exe 8052D2DE INT 0xEC \WINDOWS\system32\ntoskrnl.exe 8052D2E8 INT 0xED \WINDOWS\system32\ntoskrnl.exe 8052D2F2 INT 0xEE \WINDOWS\system32\ntoskrnl.exe 8052D2F9 INT 0xEF \WINDOWS\system32\ntoskrnl.exe 8052D300 INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 8052D307 INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 8052D30E INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 8052D315 INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 8052D31C INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 8052D323 INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 8052D32A INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 8052D331 INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 8052D338 INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 8052D33F INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 8052D346 INT 0xFA \WINDOWS\system32\ntoskrnl.exe 8052D34D INT 0xFB \WINDOWS\system32\ntoskrnl.exe 8052D354 INT 0xFC \WINDOWS\system32\ntoskrnl.exe 8052D35B INT 0xFD \WINDOWS\system32\ntoskrnl.exe 8052D362 INT 0xFE \WINDOWS\system32\ntoskrnl.exe 8052D369 INT 0xFF \WINDOWS\system32\ntoskrnl.exe 8052D370 SYSENTER \WINDOWS\system32\ntoskrnl.exe 8052D480 ---- Devices - GMER 1.0.11 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F8409390] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F84095B6] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F83EB094] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F83EA432] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F83EC40E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F841D8AE] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8413EFD] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F841297D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F83FB9F0] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8460D57] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8409A2B] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8409F78] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [804EEF8E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8409F3A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F842873F] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F8407A0B] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoRead [F840ABBC] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoWrite [F841D9CC] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F840FD5E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F840A79E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoLock [F841E738] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F841E66C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F8438CD6] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F8460AB2] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F840A771] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F840A758] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F8451C06] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F841963D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlRead [F8451D20] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlReadComplete [804E4312] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F845207E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [8054A51E] ntoskrnl.exe Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F840A5AA] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F840BC6E] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F840BC8A] Ntfs.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F83A96D7] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F83A9E65] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_READ [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F83B60AD] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F83ACAF5] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F83B78C3] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F83A58D9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F83A58D9] Mup.sys Device \FileS

Voici le rapport GMER... GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2006-09-17 12:18:12 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.11 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT 814AF109 ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile ---- Files - GMER 1.0.11 ---- ADS ... ---- EOF - GMER 1.0.11 ---- A priori, fwdrv.sys serait lié à Kerio d'après mes recherches sur le Net... en voivi les propriétés : C:\windows\system32\drivers\fwdrv.sys 278ko fichier système créé le 18/07/2006 C:\windows\system32\drivers\fwdrv.err 1ko fichier ERR créé le 13/09/2006 A bientôt

Les suppressions des dossiers mentionnés, de SNDMon, de spysweeper et d'ewido ont été réalisées. Le symptome svchost + 2 x wuauclt qui dure en fait près de 1 minute est toujours présent. Je t'ai sorti ci-après une extraction de l'arbre des process par l'outil "Process Explorer" au moment du pb : ===================== Process Explorer ===================== Process PID CPU Description Company Name System Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a 1.00 Deferred Procedure Calls System 4 smss.exe 840 Windows NT Session Manager Microsoft Corporation csrss.exe 912 Client Server Runtime Process Microsoft Corporation winlogon.exe 936 Application d'ouverture de session Windows NT Microsoft Corporation services.exe 980 Applications Services et Contrôleur Microsoft Corporation ati2evxx.exe 1144 svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation naPrdMgr.exe 1696 NAI Product Manager Network Associates, Inc. wmiprvse.exe 3172 WMI Microsoft Corporation svchost.exe 1224 99.00 Generic Host Process for Win32 Services Microsoft Corporation <=== les coupables !!! wuauclt.exe 3120 Mises à jour automatiques Microsoft Corporation <=== les coupables !!! wuauclt.exe 3244 Mises à jour automatiques Microsoft Corporation <=== les coupables !!! svchost.exe 1480 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1516 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1804 Spooler SubSystem App Microsoft Corporation alg.exe 1904 Application Layer Gateway Service Microsoft Corporation svchost.exe 180 Generic Host Process for Win32 Services Microsoft Corporation kpf4ss.exe 288 Sunbelt Kerio Firewall Service Sunbelt Software kpf4gui.exe 1372 Sunbelt Kerio Firewall GUI Sunbelt Software kpf4gui.exe 2876 Sunbelt Kerio Firewall GUI Sunbelt Software FrameworkService.exe 464 Framework Service Network Associates, Inc. Mcshield.exe 724 On-Access Scanner service Network Associates, Inc. VsTskMgr.exe 892 Task Manager : scheduling and OAS alerting service Network Associates, Inc. svchost.exe 1364 Generic Host Process for Win32 Services Microsoft Corporation CALMAIN.exe 1712 Canon Camera Access Library 8 Canon Inc. lsass.exe 992 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1972 explorer.exe 144 Explorateur Windows Microsoft Corporation Apoint.exe 496 Alps Pointing-device Driver Alps Electric Co., Ltd. atiptaxx.exe 520 ATI Desktop Control Panel ATI Technologies, Inc. Hcontrol.exe 528 HControl ATKOSD.exe 772 ATKOSD ezSP_Px.exe 544 ezSP_Px MFC Application Easy Systems Japan Ltd. ico.exe 552 Mouse Suite 98 Daemon Primax Electronics Ltd. rundll32.exe 568 Exécuter une DLL en tant qu'application Microsoft Corporation HKServ.exe 576 Sony Corporation HKWnd.exe 788 Sony Corporation SPMgr.exe 596 SPM Module Sony Corporation ISBMgr.exe 624 Sony Corporation Switcher.exe 632 Wireless Switch Setting Utility Sony Corporation DragDrop.exe 676 Drag'n Drop CD+DVD realsched.exe 808 RealNetworks Scheduler RealNetworks, Inc. VAIOUpdt.exe 820 Sony Corporation shstat.exe 884 On-access scanner statistics Network Associates, Inc. UpdaterUI.exe 108 Common User Interface Network Associates, Inc. TBMon.exe 956 TalkBack Monitor Network Associates, Inc. msmsgs.exe 1164 Messenger Microsoft Corporation mnyexpr.exe 1192 Microsoft Money Express Microsoft Corp. acrotray.exe 1304 AcroTray Adobe Systems Inc. procexp.exe 1408 Sysinternals Process Explorer Sysinternals BlueSpaceNE.exe 1600 BlueSpace NE Sony Corporation ApntEx.exe 748 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd. EM_EXEC.EXE 876 Logitech Events Handler Application Logitech Inc. ====================== Rapport HiJackThis ====================== Logfile of HijackThis v1.99.1 Scan saved at 19:40:18, on 16/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\ICO.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\Bureautique\Multimedia\MicroInformatique\Tools\ProcessExplorer\ProcessExplorerNt\procexp.exe C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE D:\Bureautique\Multimedia\MicroInformatique\Tools\HiJackThis\Sanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe" O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\sony\vaio power management\SPMgr.exe" O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" /StartUp O4 - HKLM\..\Run: [VPS] C:\Program Files\sony\ProductSurvey\VPS.exe /SCHEDULER O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe ======================= Les 2 process wuauclt correspondent à des programmes microsoft... bizarre et bien embêtant ces lenteurs. A priori, je ne suis pas le seul à rencontrer ce type de symtôme svhost d'après d'autres post sur zebulon.

Bonjour, Me revoici. Désolé pour le retard mais les semaines sont bien occupées ... J'ai effectué les nouvelles analyses Kapersky et Panda (j'ai ajouté au passage ewido) avec les résultats ci-dessous : ===================================== Rapport Ewido ===================================== --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:23:59 13/09/2006 + Scan result: C:\Documents and Settings\sony\Cookies\sony@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). C:\Documents and Settings\sony\Cookies\sony@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined). C:\Documents and Settings\sony\Cookies\sony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\sony\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\sony\Cookies\sony@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\sony\Cookies\sony@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). ::Report end ===================================== Rapport Panda ===================================== Incident Status Location Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\sony\Cookies\sony@247realmedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\sony\Cookies\sony@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sony\Cookies\sony@doubleclick[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\sony\Cookies\sony@weborama[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\sony\Cookies\sony@xiti[1].txt Dialer:Dialer.ABR Not disinfected C:\WINDOWS\Downloaded Program Files\startbf2.inf Potentially unwanted tool:Application/Pskill.K Not disinfected D:\Bureautique\Multimedia\MicroInformatique\Tools\Malekal_Clean\clean\pskill.exe Potentially unwanted tool:Application/Pskill.K Not disinfected D:\Bureautique\Multimedia\MicroInformatique\Tools\Malekal_Clean\clean.zip[clean/pskill.exe] ===================================== Rapport Kapersky ===================================== Saturday, September 16, 2006 12:38:54 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 16/09/2006 Kaspersky Anti-Virus database records: 223847 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 90342 Number of viruses found 22 Number of infected objects 49 / 0 Number of suspicious objects 0 Duration of the scan process 00:59:11 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060916_Time-085422741_EnterceptExceptions.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060916_Time-085422741_EnterceptRules.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_NOM-TR7DTXP8HXU.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_NOM-TR7DTXP8HXU.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\sony\Cookies\index.dat Object is locked skipped C:\Documents and Settings\sony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\sony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\sony\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\sony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\sony\NTUSER.DAT Object is locked skipped C:\Documents and Settings\sony\NTUSER.DAT.LOG Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP234\A0033789.exe Infected: Trojan.Win32.LipGame.f skipped C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033884.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033928.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP243\change.log Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\itircl.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\xpsp2res.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{45B637BC-0AF9-440D-B791-9DE20591E766}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Bureautique\Multimedia\MicroInformatique\Internet\WebShot\webbike.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped D:\Bureautique\Multimedia\MicroInformatique\Internet\WebShot\webbike.exe WiseSFX: infected - 1 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Malekal_Clean\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Malekal_Clean\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Malekal_Clean\clean.zip ZIP: infected - 1 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\AudioGalaxy\AGSetup0608.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\AudioGalaxy\AGSetup0608.exe ViseMan: infected - 1 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\AudioGalaxy\AGSetup0608.exe ViseMan: infected - 1 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\CuteFTP VF\cuteFR4032.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\CuteFTP VF\cuteFR4032.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\CuteFTP VF\cuteFR4032.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\CuteFTP VF\cuteFR4032.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\CuteFTP VF\cuteFR4032.exe WiseSFX: infected - 4 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0005 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0006/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0006/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0006 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0010/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0010 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0013 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0017 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0018/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0021/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0022/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0025/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0026/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0026 Infected: Trojan.Win32.Krepper.y skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0028/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0028/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe/data0028 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\Kazaa\kmd14_en.exe Inno: infected - 24 skipped D:\Bureautique\Multimedia\MicroInformatique\Tools\Tools_PC_W95\Utilitaires\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe/WISE0111.BIN Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped D:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP235\A0033929.exe WiseSFX: infected - 6 skipped Scan process completed. ===================================== Et enfin le rapport HiJackThis ===================================== Logfile of HijackThis v1.99.1 Scan saved at 12:58:00, on 16/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\ICO.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE D:\Bureautique\Multimedia\MicroInformatique\Tools\HiJackThis\Sanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe" O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\sony\vaio power management\SPMgr.exe" O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" /StartUp O4 - HKLM\..\Run: [VPS] C:\Program Files\sony\ProductSurvey\VPS.exe /SCHEDULER O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ===================================== En résumé ===================================== J'espère que le dernier HiJackThis ne présente plus d'objets anormaux. En tous les cas, je n'ai plus d'activation de pubs intempestives et j'espère que mon firewall que je viens de paramétrer va limiter les pbs. Un grand merci sur ce point là ! Par contre j'ai toujours le process svchost qui me fige le PC au démarrage. En voici la description et mes analyses. Le symtôme se présente environ après quelques sec. du démarrage de windows et de l'ensemble des services (sans être connecté à Internet). Pendant au moins 20 à 30 sec, mon cpu est utilisé à 100% par un process svchost et impossible de faire quiu que ce soit pendant ce temps. J'ai utilisé un outil Process Explorer (de chez sysinternals.com) pour afficher le détail des process. Les infos que j'ai réussi à obtenir au moment du symptôme : - svchost se lance avec une commande - puis déclenche un 1ier process fils "C:\WINDOWS\System32\wuauclt.exe" - puis déclenche un 2ième process fils "C:\WINDOWS\System32\wuauclt.exe" svchost occupe 100% et est associé à ntdll.dll (plus exactement, le thread associé est ntdll.dll!!RtlPcToFileHeader+0x352) Qu'en penses tu ? Faut il que je poste ce dernier sujet dans un autre forum Zebulon plus approprié ? A bientôt

Bonsoir, Simplement pour signaler que je suis bien toujours sur le coup de mon côté... mais celà prend du temps et j'ai priorisé sur la mise en place de Kerio avec paramétrage avant d'aller plus loin. Je te tiens au courant dès que j'ai l'ensemble des diagnostics demandés