zengrenouille
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par zengrenouille
-
Tootkit gaopdxserv.sys
zengrenouille a répondu à un(e) sujet de zengrenouille dans Analyses et éradication malwares
Bonjour, Je suis allé télécharger les fichier zip mais j'ai toujours de droles de symptomes ; Au demarrage l'ordinateur met jusqu'a 40 minutes pour demarrer internet, j'explique en détails ci-dessous les symptomes ; 1 - windows souhaite la bienvenue 2 - l'ecrant est bleu ( 15 minutes ) 3 - l'écrant passe au blanc et le sablier de la souris est en activité ( 10 minutes ). 4 - les icones apparaissent trés lentement un par un et pour la plupart par encore affichées ( 10 minutes ) 5 - la barre des taches n'affiche pas encore mon antirirus ( ainsi que mon antispyware et mon parre-feux ) 6 - ici j'attends encore 7 minutes et quand le bureau est affiché et que le sablier est remplacé par la fléche de la souris et la barre des taches semble étre au complet je clique sur internet ( ou Mozilla...) 7 - internet est trés lent à ce moment puis la navigation redevient à la " normale " ici je teste mon débit est il est " normal " 3,7 mégabit. 8 - je ne peux acceder à certains sites quand je clique sur un de mes favoris ( ou bookmarks ) ceux-ci dispparaissent immédiatement. A titre indicatif j'ai passé au crible tout les antispywares et antivirus possible mais rien il n'y a que GMER qui localise un fichier suspect : Voilà si ces symptomes peuvent étre rService system32\drivers\gaopdxtbwbkxwm.sys (*** hidden *** ) [sYSTEM] gaopdxserv.sys <-- ROOTKIT !!! je serai enchanté de suivre une démarche quelconque. Mérci de votre aide. Ben -
Tootkit gaopdxserv.sys
zengrenouille a répondu à un(e) sujet de zengrenouille dans Analyses et éradication malwares
Merci pour ta réponse, Le téléchargement de zozo.bat n'a pas marché, il est apparu comme un moteur de recherche j'ai donc fais dans ce moteur mis le rapport de GMER mais j'ai dues redemarrer manuellement mais rien ne ce passe. ( a titre indicatif ma session met environs 25 à 40 minutes à redemarrer ( ?) celà depuis une semaine environs avec au début l'apparition difficile des icones et au bout d'un temps tres long la connexion à internet ). Voici le nouveau rapport de GMER ; GMER 1.0.15.14939 - http://www.gmer.net Rootkit scan 2009-03-16 16:01:47 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT 83CC7BE8 ZwAllocateVirtualMemory SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x9903F7F8] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9903F458] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x9903C886] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x9904790A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9903FBAE] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x990456B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x990458D0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9904923A] SSDT 83CC7EB8 ZwCreateThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9903FC56] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x9903CD66] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x99048206] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x99047F82] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x990450B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadDriver [0x99039B38] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x99048734] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x990487AC] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x99048824] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x9904948A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x9903CBFE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenProcess [0x9C131BCE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenThread [0x9C131CBC] SSDT 83CC7C60 ZwQueueApcThread SSDT 83CC7AF8 ZwReadVirtualMemory SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x99048E66] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9904889C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9903F0E2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x99048CA6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x9903F5F8] SSDT 83CC7D50 ZwSetContextThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x9903CF54] SSDT 83CC7FA8 ZwSetInformationProcess SSDT 83CC7DC8 ZwSetInformationThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0x99039950] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x99047C88] SSDT 83CC7F30 ZwSuspendProcess SSDT 83CC7CD8 ZwSuspendThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x99046044] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwTerminateProcess [0x9C131B32] SSDT 83CC7E40 ZwTerminateThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0x99039D20] SSDT 83CC7B70 ZwWriteVirtualMemory SSDT 83CC7A08 ZwCreateThreadEx SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x99045AEE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 364 81906928 4 Bytes CALL D81435A8 .text ntkrnlpa.exe!KeSetTimerEx + 370 81906934 4 Bytes [F8, F7, 03, 99] .text ntkrnlpa.exe!KeSetTimerEx + 3F4 819069B8 4 Bytes [58, F4, 03, 99] .text ntkrnlpa.exe!KeSetTimerEx + 40C 819069D0 4 Bytes [86, C8, 03, 99] .text ntkrnlpa.exe!KeSetTimerEx + 41C 819069E0 4 Bytes [0A, 79, 04, 99] {OR BH, [ECX+0x4]; CDQ } .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] ntdll.dll!KiUserExceptionDispatcher + A 771C99F2 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] kernel32.dll!VirtualProtect 766F1DD1 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] kernel32.dll!LoadLibraryExW 767130C3 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] kernel32.dll!VirtualFree 76731866 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] kernel32.dll!VirtualAlloc 7673B86F 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2832] kernel32.dll!CreateFileA 7673CF71 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3840] kernel32.dll!CreateThread + 1A 767346E2 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C97BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CD98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C9D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C8F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C97599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C8E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CCB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C9D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C9012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C90095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D1D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CB75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C8DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C8668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C91E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3840] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) IAT C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3840] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys ---- Services - GMER 1.0.15 ---- Service system32\drivers\gaopdxtbwbkxwm.sys (*** hidden *** ) [sYSTEM] gaopdxserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxtbwbkxwm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxtbwbkxwm.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@DiskPrompt [1] Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@1 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@2 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@3 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@4 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@5 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@6 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@7 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@8 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@9 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@10 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@11 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@12 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@13 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@14 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@15 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@16 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@17 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@18 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@19 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@20 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@21 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@22 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@23 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@24 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@DiskPrompt [1] Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@1 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@2 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@3 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@4 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@5 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@6 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@7 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@8 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@9 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@10 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@11 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@12 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@13 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@14 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@15 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@16 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@17 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@18 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@19 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@20 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@21 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@22 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@23 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@24 DISK1;1 ---- EOF - GMER 1.0.15 ---- A bientot et encore mérci. -
Bonjour à tous, Aprés avoir réaliser les recommandations de désinfection du furum je n'arrive toujours pas à éradiquer un rootkit qui figure dans un rapport du logiciel ( anti-rootkit GMER ) ; c'est pourquoi je vous demande ici votre aide. A titre indicatif ; 1 - j'ai passé AntiVir en mode sans échec mais il n'a rien trouvé. 2 - j'ai aussi passé au crible Bitdefender, l'Anti espion de Zonlabs, Spyboot , Rogueremover, Spysweeper, Malwaremegabyt, et d'autres mais ils n'ont rien détectés. 3- Je suis allé dans la base de registre ( regedit ) pour vérifier et des clés portent le nom de " gaopdxserv " par ailleurs insupprimables. Ci-dessous le rapport de GMER ; GMER 1.0.15.14939 - http://www.gmer.net Rootkit scan 2009-03-16 12:01:59 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT 83CDB020 ZwAllocateVirtualMemory SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x992367F8] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x99236458] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x99233886] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x9923E90A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x99236BAE] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x9923C6B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x9923C8D0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9924023A] SSDT 83CBF428 ZwCreateThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x99236C56] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x99233D66] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x9923F206] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x9923EF82] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9923C0B6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadDriver [0x99230B38] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x9923F734] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9923F7AC] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x9923F824] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x9924048A] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x99233BFE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenProcess [0x9C933BCE] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenThread [0x9C933CBC] SSDT 83CBF1D0 ZwQueueApcThread SSDT 83CDBF30 ZwReadVirtualMemory SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x9923FE66] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9923F89C] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x992360E2] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x9923FCA6] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x992365F8] SSDT 83CBF2C0 ZwSetContextThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x99233F54] SSDT 83CBF518 ZwSetInformationProcess SSDT 83CBF338 ZwSetInformationThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0x99230950] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x9923EC88] SSDT 83CBF4A0 ZwSuspendProcess SSDT 83CBF248 ZwSuspendThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9923D044] SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys ZwTerminateProcess [0x9C933B32] SSDT 83CBF3B0 ZwTerminateThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0x99230D20] SSDT 83CDBFA8 ZwWriteVirtualMemory SSDT 83CDBE40 ZwCreateThreadEx SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x9923CAEE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 364 818B8928 4 Bytes [20, B0, CD, 83] .text ntkrnlpa.exe!KeSetTimerEx + 370 818B8934 4 Bytes [F8, 67, 23, 99] .text ntkrnlpa.exe!KeSetTimerEx + 3F4 818B89B8 4 Bytes [58, 64, 23, 99] .text ntkrnlpa.exe!KeSetTimerEx + 40C 818B89D0 4 Bytes [86, 38, 23, 99] .text ntkrnlpa.exe!KeSetTimerEx + 41C 818B89E0 4 Bytes JMP 498B2308 .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] ntdll.dll!KiUserExceptionDispatcher + A 772099F2 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] kernel32.dll!VirtualProtect 76AD1DD1 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] kernel32.dll!LoadLibraryExW 76AF30C3 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] kernel32.dll!VirtualFree 76B11866 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] kernel32.dll!VirtualAlloc 76B1B86F 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2964] kernel32.dll!CreateFileA 76B1CF71 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com)) .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3696] kernel32.dll!CreateThread + 1A 76B146E2 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CE7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D298C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CED3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CDF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CE7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CDE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D1B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CED68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CE012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CE0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D6D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D075E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CDDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CD668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CD66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CE1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) IAT C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3696] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys ---- Services - GMER 1.0.15 ---- Service system32\drivers\gaopdxtbwbkxwm.sys (*** hidden *** ) [sYSTEM] gaopdxserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxtbwbkxwm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxtbwbkxwm.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@DiskPrompt [1] Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@1 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@2 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@3 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@4 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@5 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@6 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@7 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@8 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@9 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@10 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@11 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@12 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@13 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@14 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@15 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@16 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@17 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@18 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@19 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@20 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@21 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@22 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@23 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\06AF0DABFC901144EAA62C48C48821AF\SourceList\Media@24 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@DiskPrompt [1] Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@1 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@2 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@3 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@4 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@5 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@6 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@7 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@8 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@9 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@10 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@11 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@12 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@13 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@14 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@15 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@16 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@17 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@18 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@19 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@20 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@21 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@22 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@23 DISK1;1 Reg HKLM\SOFTWARE\Classes\Installer\Products\990BFB432B7059E46A3737266D80662A\SourceList\Media@24 DISK1;1 ---- EOF - GMER 1.0.15 ---- Dans l'espoir de trouver une aide , mérci. Zengrenouille.
-
Demarrage de session extréme lenteur
zengrenouille a posté un sujet dans Optimisation, Trucs & Astuces
Bonjour à tous, Depuis la semaine dernière j'ai changé de box et actuellement le démarrage des sessions varies entre 25 et 45 minutes environs ; Au démarrage un écrant bleu apparait avec le sablier figé puis les icones arrivent ( à moitiés visibles ) et ce n'est qu'au bout d'environs 50 minutes que le bureau est opperationnel, internet étc... J'aimerai connaitre une astuce pour me sortir de cette horrible lenteur et vous remercies si vous avez une idée. A titre indicatif je n'ai pas de virus ou autre et suis avec windowsVista. Mérci.. Ben.