Mon PC rame

[secrete71]

Bonjour

J'ai tenté de faire tout ce que vous avez écrit.

Pour jv16 :vous marquez de décocher pour supprimer mais ou ?

Optimiser les services: J'ai regardé le lien sous xp, mais j'avoue que je suis bête et j'ai pas compris ce qu'il fallait faire ! Du moins comment on le fait ! ?

Désactiver l'indexation des fichiers : J'ai rien fait car j'ai pas compris. Quand je fait 1 clic droit sur poste de travail, ou sont les partitions du disque dur ?

Un peu plus loin il est marqué de rechercher dans la colonne Nom "Recherche Windows" , j'ai pas trouvé !

............... bref, hier soir ça fonctionnait et ce matin en allumant mon pc, ça ramait , je n'ai plus le parapluie de mon antivirus dans la barre de tache, donc je ne sais pas si je suis protégée ou non !

Et à 13h sans que je fasse quoi que ce soit , ca rame plus !!!! ????? Mais toujours pas de parapluie antivir.

 

Vous m'avez demandé le rapport carchme, le voici :

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-02 17:07:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"hdf12"=hex:ca,c7,0d,da,8d,36,f4,9b,14,c5,76,51,bf,86,e8,2a,18,78,a9,11,76,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,ba,39,ec,ac,25,73,45,a8,06,bb,21,62,0a,c8,3f,04,fc,..

"hdf12"=hex:ab,d5,41,ca,6a,b4,e8,59,f2,2f,de,25,03,85,76,8a,79,63,77,6d,64,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:89,8d,23,a6,38,a7,85,b1,d9,37,ff,8a,e7,8b,4e,59,7a,e1,e8,51,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:0e,61,51,4b,f7,65,c3,74,e8,00,3e,81,ed,6b,a7,6f,81,ee,e2,8b,3d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]

"hdf12"=hex:e4,75,be,80,44,0b,b0,ec,9f,71,0b,b9,7e,31,a2,47,c3,c7,60,41,19,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]

"hdf12"=hex:81,ab,95,99,ca,e1,fe,f8,59,82,48,15,65,2b,91,77,04,5f,4c,36,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"hdf12"=hex:ca,c7,0d,da,8d,36,f4,9b,14,c5,76,51,bf,86,e8,2a,18,78,a9,11,76,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,ba,39,ec,ac,25,73,45,a8,06,bb,21,62,0a,c8,3f,04,fc,..

"hdf12"=hex:ab,d5,41,ca,6a,b4,e8,59,f2,2f,de,25,03,85,76,8a,79,63,77,6d,64,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:89,8d,23,a6,38,a7,85,b1,d9,37,ff,8a,e7,8b,4e,59,7a,e1,e8,51,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:0e,61,51,4b,f7,65,c3,74,e8,00,3e,81,ed,6b,a7,6f,81,ee,e2,8b,3d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]

"hdf12"=hex:e4,75,be,80,44,0b,b0,ec,9f,71,0b,b9,7e,31,a2,47,c3,c7,60,41,19,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]

"hdf12"=hex:81,ab,95,99,ca,e1,fe,f8,59,82,48,15,65,2b,91,77,04,5f,4c,36,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"hdf12"=hex:ca,c7,0d,da,8d,36,f4,9b,14,c5,76,51,bf,86,e8,2a,18,78,a9,11,76,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,ba,39,ec,ac,25,73,45,a8,06,bb,21,62,0a,c8,3f,04,fc,..

"hdf12"=hex:ab,d5,41,ca,6a,b4,e8,59,f2,2f,de,25,03,85,76,8a,79,63,77,6d,64,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:89,8d,23,a6,38,a7,85,b1,d9,37,ff,8a,e7,8b,4e,59,7a,e1,e8,51,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:0e,61,51,4b,f7,65,c3,74,e8,00,3e,81,ed,6b,a7,6f,81,ee,e2,8b,3d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]

"hdf12"=hex:e4,75,be,80,44,0b,b0,ec,9f,71,0b,b9,7e,31,a2,47,c3,c7,60,41,19,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]

"hdf12"=hex:81,ab,95,99,ca,e1,fe,f8,59,82,48,15,65,2b,91,77,04,5f,4c,36,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"hdf12"=hex:ca,c7,0d,da,8d,36,f4,9b,14,c5,76,51,bf,86,e8,2a,18,78,a9,11,76,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,ba,39,ec,ac,25,73,45,a8,06,bb,21,62,0a,c8,3f,04,fc,..

"hdf12"=hex:ab,d5,41,ca,6a,b4,e8,59,f2,2f,de,25,03,85,76,8a,79,63,77,6d,64,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:89,8d,23,a6,38,a7,85,b1,d9,37,ff,8a,e7,8b,4e,59,7a,e1,e8,51,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:0e,61,51,4b,f7,65,c3,74,e8,00,3e,81,ed,6b,a7,6f,81,ee,e2,8b,3d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]

"hdf12"=hex:e4,75,be,80,44,0b,b0,ec,9f,71,0b,b9,7e,31,a2,47,c3,c7,60,41,19,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]

"hdf12"=hex:81,ab,95,99,ca,e1,fe,f8,59,82,48,15,65,2b,91,77,04,5f,4c,36,36,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

IPC error: 2 Le fichier spécifié est introuvable.

[pear]

Bonjour,

 

Pour jv16 :vous marquez de décocher pour supprimer mais ou ?

 

Outils régistre->Liste de démarrage

 

Optimiser les services: J'ai regardé le lien sous xp, mais j'avoue que je suis bête et j'ai pas compris ce qu'il fallait faire ! Du moins comment on le fait ! ?

 

Les liens vous envoient vers un tutoriel pour vous aider à optimiser vos services.

Pour accéder aux services:

Démarrer->Exécuter->Services.msc

ou

allez dans le Panneau de configuration et cliquez sur Outils d'administration

Cliquez ensuite sur Services

 

Agrandissez la fenêtre qui s'ouvre,

élargissez à la souris la colonne de gauche

Double clic sur le service à modifier

Dans la petite fenêtre "Type de démarrage" utilisez l'ascenseur pour modifier

 

Désactiver l'indexation des fichiers

 

Poste de travail->clic droit sur chacune des partitions de disque dur.

Allez dans les propriétés et désactivez Autoriser l'indexation de ce disque

Cliquez sur Appliquer puis sur OK.

Une nouvelle fenêtre s’ouvrira et vous devrez sélectionner Appliquer à tous les sous-dossiers et fichiers.

 

Il faut aussi désactiver le service correspondant :

 

Allez au plus simple et supprimez le service, il est inutile et gourmand:

 

Copiez collez dans le bloc notes.

Enregistrez sous Serv.bat, sur le bureau.

Double clic pour lancer.

 

@echo Suppression du Service

sc stop cisvc

sc delete cisvc

cd C:\WINDOWS\System32\cisvc.exe

cd Program files

del /f /s /q

 

Antivir:

 

Copier/coller ce qui suiten vertdans le bloc notes,

sans ligne blanche au début.

Enregistrez sur le bureau sous regis.reg.

Cliquez droit sur le fichier ->fusionner

Acceptez la modification du Régistre:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

 

Modifié le 4 août 2009 par pear

[secrete71]

Merci pour tout mais j'ai encore un soucis, je ne peux plus imprimer de page internet.

[secrete71]

Bonjour,

Je n'ai pas eu de réponse à ma question hier, mais c'est pas grave, ce matin concernant l'imprimante, ca fonctionne à moitié. c'est à dire qu'il ne faut pas que je sélectionne de nombre de page donc je choisi "tout" puis ensuite j'annule l'impression quand j'ai ce que je veux. Il faut simplement que je ne sois pas pressée pour le début de l'impression qui commence 2 minutes après !

Mais quelqu'un pourrait il m'expliquer pourquoi hier soir quand j'ai arrété mon PC tout fonctionnait, (il ne ramait pas, internet ok ) et ce matin j'allume mon PC et dès que j'ouvre incrédimail j'ai un message qui me dit que j'ai pas flash de shockwave et de + mon PC rame aussi bien pour internet que pour ouvrir par exemple CCleaner (et pour le nettoyage je ne vous dis pas le temps que ça a duré !!!!!!)

N'y a t il qu'un formatage du disque pour tout arranger ?

Merci par avance d'une éventuelle réponse

[pear]

Bonjour,

 

Vous avez vérifié ceci ?

 

Vérifier l'UDMA

Il se pourrait que Windows reconnaisse l'IDE principal en mode PIO au lieu Ultra DMA suite à plusieurs erreurs disque.

 

Faites ceci:

Poste de travail->votre disque ->Propriétés->Outils ->Vérifier maintenant

ou , si vous préférez:

Démarrer->Exécuter->chkdsk /f/r

Ensuite,faites une sauvegarde par sécurité, puis:

 

Poste de Travail->Propriétés->Matériel->Gestionnaire de Périphériques->

Controleur ATAPI/IDE->Controleur Ide Principal->Propriétés->Paramètres avancés

Si le mode de transfert actif est Pio au lieu de Udma , clic sur onglet Pilotes->Désinstaller

Redémarrer ensuite votre machine.

[secrete71]

Pour "chkdsk /f/r " , je l'ai fait dimanche , faut il que je le refasse ?

 

pour le reste j'ai un doute, donc n'y connaissant pas grand chose et pour éviter des bétises,

pour ce qui est de Poste de Travail->Propriétés->Matériel->Gestionnaire de Périphériques->

Controleur ATAPI/IDE

j'ai "controleur ATA/ATAPI IDE" , c'est la même chose ?

pour "Controleur Ide Principal" , j'ai "canal Ide principal"

et au lieu de UDMA j'ai DMA.

Tout ces termes correspondent ?

[pear]

Non, ce n'est pas utile de refaire un chkdsk.

 

Oui, les termes correspondent.

 

Et l'important:

Si le mode de transfert actif est Pio au lieu de Udma , clic sur onglet Pilotes->Désinstaller

Redémarrer ensuite votre machine.

 

Si vous donc le mode de transfert n'est pas PIO, vous n'êtes pas concernée.

 

Et , concernant vos problèmes, j'ai du mal à me les expliquer: toutes les vérifications faites n'ont rien donné.

 

Je vous propose une dernière tentative:

 

Recherche de rootkit

Téléchargez RootRepeal

Vous devez avoir les droits Administrateur

Installez RootRepeal , cliquez sur *Settings->Options*

Onglet "Général Cochez->Only suspicious ..

. [Driver scan] ... [Files scan] ... [Processes scan] ... [sSDT scan] (v. 1.1.0)

aucune raison de changer les paramètres standards.

 

Dans le [ File Scan ] l'option [X] [ Check for file size differences ] est celle qui permet la détection des fichiers dont la taille a été modifiée comme le fait par exemple le rootkit "Rustock.C". Il est donc fortement conseillé de ne pas la désactiver.

 

Dans le [ SSDT scan ], l'option [X] [ Check for hooked SYSENTER/INT 2E ] permet le scan des appels au système par SYSENTER ou INT 2E.

 

Choix des scans (boutons de sélection en bas, à gauche).

 

Chaque option comporte deux boutons [ Scan ] pour lancer l'analyse et [ Save Report ]qui permet d'enregistrer le rapport au format « .txt » dans le répertoire choisi (éventuellement dans le répertoire de démarrage de RootRepeal).

 

[ Report ]permet d'enchaîner plusieurs ou toutes les fonctions précédentes.

Cliquez [select scan]

Dans la fenêtre qui s'ouvre, sélectionner les options à exécuter(Cochez tout).

Un choix des partitions du disque est possible dans la fenêtre [select drives].

Cliquez sur Save Report

Lancez le scan,

Si RootRepeal ne trouve rien , il affichera ceci:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/04 18:47

Program Version: Version 1.3.2.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEB27E000 Size: 49152 File Visible: No Signed: -

Status: -

==EOF==

 

Dans tous les cas

Postez le rapport

Modifié le 5 août 2009 par pear

[secrete71]

Bonjour,

Voilà pour le transfert actif, maintenant j'ai Ultra DMA Mode 5.

Pour rootkit, j'espère ne pas m'être trompé dans les manips, voici le rapport :

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/06 09:19

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF550F000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7AA6000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: PCI_PNP9952

Image Path: \Driver\PCI_PNP9952

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB9FA4000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: spqb.sys

Image Path: spqb.sys

Address: 0xF744C000 Size: 1052672 File Visible: No Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: c:\windows\temp\039797b8.dll

Status: Size mismatch (API: 1086322512, Raw: 1051476645)

 

Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

Status: Visible to the Windows API, but not on disk.

 

Path: c:\documents and settings\sylvie\local settings\application data\im\identities\{1e40835b-4a75-4f6a-a6d7-1e759cc0f333}\message store\inbox.imh

Status: Size mismatch (API: 63990, Raw: 63690)

 

Path: c:\documents and settings\sylvie\local settings\application data\im\identities\{1e40835b-4a75-4f6a-a6d7-1e759cc0f333}\message store\inbox.imm

Status: Size mismatch (API: 5004262, Raw: 4997612)

 

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf7bf3b26

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf7bf3b1c

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf7bf3b2b

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf7bf3b35

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "spqb.sys" at address 0xf746bca4

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "spqb.sys" at address 0xf746c032

 

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf7bf3b3a

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "spqb.sys" at address 0xf744d0c0

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf7bf3b08

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf7bf3b0d

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "spqb.sys" at address 0xf746c10a

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "spqb.sys" at address 0xf746bf8a

 

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf7bf3b44

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf7bf3b3f

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf7bf3b30

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0xf7bf3b17

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x837db1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x83612500 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_CREATE]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_CLOSE]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_POWER]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: ACPI#PNP, IRP_MJ_PNP]

Process: System Address: 0x835ec1f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]

Process: System Address: 0x836431f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x837711f8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x83420500 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x836421f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x8345f500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_CREATE]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_CLOSE]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_READ]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_SHUTDOWN]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_CLEANUP]

Process: System Address: 0x834a3500 Size: 121

 

Object: Hidden Code [Driver: Cdfsȅఅ瑎䱆턀쒸È, IRP_MJ_PNP]

Process: System Address: 0x834a3500 Size: 121

 

==EOF==

[pear]

Bonjour,

 

Pas de rootkit visible.

 

Le pc rame toujours ?

[secrete71]

Oh que oui !!!!! Même pire qu'avant car il ramait par exemple pour ouvrir ma boite mail mais ensuite ça allait mais maintenant même les messages mettent 2 mn pour s'ouvrir !!!

Pour ouvrir CCleaner idem, ca rame ! Etc ....

Ce qui est le plus étrange c'est qu'il faut que j'attende la fin de l'après midi pour que mon PC fonctionne correctement ! Comme les diesels, il y a un temps de chauffe !!