Mon ordi va t il mourir???

[Powaaa]

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-07 22:58:54

Windows 6.0.6001 Service Pack 1

Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys

 

 

---- Processes - GMER 1.0.15 ----

 

Process (*** hidden *** ) -2112625576

Process (*** hidden *** ) -2079894008

Process (*** hidden *** ) -2079891288

Process (*** hidden *** ) -2079889912

Process (*** hidden *** ) -2079888552

Process (*** hidden *** ) -2074166216

Process (*** hidden *** ) -2074125872

Process (*** hidden *** ) -2072742408

Process (*** hidden *** ) -2072657736

Process (*** hidden *** ) -2072590968

Process (*** hidden *** ) -2072522568

Process (*** hidden *** ) -2072459312

Process (*** hidden *** ) -2072448840

Process (*** hidden *** ) -2072005472

Process (*** hidden *** ) -2071689760

Process (*** hidden *** ) -2071093760

Process (*** hidden *** ) -2071080776

Process (*** hidden *** ) -2071003648

Process (*** hidden *** ) -2071002952

Process (*** hidden *** ) -2070795536

Process (*** hidden *** ) -2070770176

Process (*** hidden *** ) -2070692352

Process (*** hidden *** ) -2070683464

Process (*** hidden *** ) -2070593352

Process (*** hidden *** ) -2070409728

Process (*** hidden *** ) -2070400840

Process (*** hidden *** ) -2070348288

Process (*** hidden *** ) -2070264112

Process (*** hidden *** ) -2070262272

Process (*** hidden *** ) -2070241792

Process (*** hidden *** ) -2070211152

Process (*** hidden *** ) -2070190640

Process (*** hidden *** ) -2070161880

Process (*** hidden *** ) -2070102528

Process (*** hidden *** ) -2070072576

Process (*** hidden *** ) -2070048584

Process (*** hidden *** ) -2070022624

Process (*** hidden *** ) -2069919048

Process (*** hidden *** ) -2067781264

Process (*** hidden *** ) -2067733760

Process (*** hidden *** ) -2067724784

Process (*** hidden *** ) -2067722752

Process (*** hidden *** ) -2067689984

Process (*** hidden *** ) -2067666240

Process (*** hidden *** ) -2067608224

Process (*** hidden *** ) -2067532296

Process (*** hidden *** ) -2067530240

Process (*** hidden *** ) -2067489592

Process (*** hidden *** ) -2067465488

Process (*** hidden *** ) -2067453928

Process (*** hidden *** ) -2067414080

Process (*** hidden *** ) -2067372504

Process (*** hidden *** ) -2067273976

Process (*** hidden *** ) -2067259208

Process (*** hidden *** ) -2067217664

Process (*** hidden *** ) -2067148080

Process (*** hidden *** ) -2035015064

Process (*** hidden *** ) -2029212840

Process (*** hidden *** ) -2028308200

Process (*** hidden *** ) -2028149376

Process (*** hidden *** ) -2028134912

Process (*** hidden *** ) -2028131472

Process (*** hidden *** ) -2028075288

Process (*** hidden *** ) -2026909512

Process (*** hidden *** ) -2026750464

Process (*** hidden *** ) -2026141032

Process (*** hidden *** ) -2025882808

Process (*** hidden *** ) -2025878712

Process (*** hidden *** ) -2025746248

Process (*** hidden *** ) -2025744664

Process (*** hidden *** ) -2025736048

Process (*** hidden *** ) -2025617112

Process (*** hidden *** ) -2025600560

Process (*** hidden *** ) -2025588536

Process (*** hidden *** ) -2025523760

Process (*** hidden *** ) -2025473944

Process (*** hidden *** ) -2025467720

Process (*** hidden *** ) -2025425136

Process (*** hidden *** ) -2025361224

Process (*** hidden *** ) -2025333576

Process (*** hidden *** ) -2025280696

Process (*** hidden *** ) -2025241384

Process (*** hidden *** ) -2025204120

Process (*** hidden *** ) -2025128448

Process (*** hidden *** ) -2025123176

Process (*** hidden *** ) -2025048088

Process (*** hidden *** ) -2025042920

Process (*** hidden *** ) -2025041736

Process (*** hidden *** ) -2024990992

Process (*** hidden *** ) -2024745152

Process (*** hidden *** ) -2024684224

Process (*** hidden *** ) -2024463288

Process (*** hidden *** ) -2024311536

Process (*** hidden *** ) -2024248880

Process (*** hidden *** ) -2024093936

Process (*** hidden *** ) -2024048992

Process (*** hidden *** ) -2023999648

Process (*** hidden *** ) -2023821128

Process (*** hidden *** ) -2023758544

Process (*** hidden *** ) -2023673496

Process (*** hidden *** ) -2023664880

Process (*** hidden *** ) -2023588352

Process (*** hidden *** ) -2023383552

Process (*** hidden *** ) -2022957568

Process (*** hidden *** ) -2022780744

Process (*** hidden *** ) -2022729320

Process (*** hidden *** ) -2022672840

Process (*** hidden *** ) -2022641480

Process (*** hidden *** ) -2022543872

Process (*** hidden *** ) -2022458240

Process (*** hidden *** ) -2022456552

Process (*** hidden *** ) -2022410400

Process (*** hidden *** ) -2022256456

Process (*** hidden *** ) -2022108768

Process (*** hidden *** ) -2022044856

Process (*** hidden *** ) -2022037368

Process (*** hidden *** ) -2022017992

Process (*** hidden *** ) -2021945160

Process (*** hidden *** ) -2021943152

Process (*** hidden *** ) -2021941760

Process (*** hidden *** ) -2021941064

Process (*** hidden *** ) -2021939056

Process (*** hidden *** ) -2021938360

Process (*** hidden *** ) -2021937664

Process (*** hidden *** ) -2021924680

Process (*** hidden *** ) -2021847896

Process (*** hidden *** ) -2021841032

Process (*** hidden *** ) -2021840056

Process (*** hidden *** ) -2021826376

Process (*** hidden *** ) -2021605192

Process (*** hidden *** ) -2021597000

Process (*** hidden *** ) -2021519176

Process (*** hidden *** ) -2021464872

Process (*** hidden *** ) -2021459824

Process (*** hidden *** ) -2021458432

Process (*** hidden *** ) -2021313552

Process (*** hidden *** ) -2021252136

Process (*** hidden *** ) -2021248040

Process (*** hidden *** ) -2021211360

Process (*** hidden *** ) -2021154632

Process (*** hidden *** ) -2021046896

Process (*** hidden *** ) -2020966912

Process (*** hidden *** ) -2020848680

Process (*** hidden *** ) -2020594176

Process (*** hidden *** ) -2020571736

Process (*** hidden *** ) -2020552296

Process (*** hidden *** ) -2020536832

Process (*** hidden *** ) -2020532840

Process (*** hidden *** ) -2020507464

Process (*** hidden *** ) -2020498408

Process (*** hidden *** ) -2020465000

Process (*** hidden *** ) -2020085576

Process (*** hidden *** ) -2019032904

Process (*** hidden *** ) -2018867672

Process (*** hidden *** ) -2018845184

Process (*** hidden *** ) -2018630496

Process (*** hidden *** ) -2018583344

Process (*** hidden *** ) -2018519120

Process (*** hidden *** ) -2018316888

Process (*** hidden *** ) -2018250568

Process (*** hidden *** ) -2018246472

Process (*** hidden *** ) -2017933432

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ...

 

---- EOF - GMER 1.0.15 ----

[Falkra]

Hé bé il y a encore du boulot.

 

Télécharge RootRepeal via un clic droit sur l'un des liens ci-dessous:

 

http://ad13.geekstogo.com/RootRepeal.zip

http://rootrepeal.googlepages.com/RootRepeal.zip

http://rootrepeal.psikotick.com/RootRepeal.zip

• Enregistre le fichier sur ton Bureau.
  
• Crée un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)
  
• Décompresse l'archive téléchargée dans ce nouveau dossier RootRepeal (Fais un clic droit sur l'archive et choisis extraire vers C:\RootRepeal)
  
• Double-clique sur Rootrepeal(.exe) (Sous Vista, il faut faire un clic droit sur le fichier, et Exécuter en tant qu'administrateur).
  

/!\ Désactive tes applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils. /!\.(aide si besoin : http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm Merci Morgane )

• Clique sur l'onglet Report (en bas de la fenêtre) puis sur le bouton Scan.
  
• Dans la nouvelle fenêtre Select Scan, coche:
  

+ Drivers

+ Files

+ Processes

+ SSDT

+ Stealth Objects

+ Hidden Services

+ Shadow SSDT

• Clique sur le bouton OK
  
• Dans la nouvelle fenêtre Select Drives, coche le lecteur système (généralement C:\)
  
• Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.
  
• Lorsque l'analyse est terminée, un rapport va s'ouvrir, ferme le.
  
• Clique sur le bouton "Save report" et enregistre le fichier rapport dans le dossier RootRepeal sous le nom RootRepealn1.txt
  
• Ouvre le menu File (en haut à gauche), clique sur Exit pour fermer le programme.
  

/!\ Ré-active la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

 

--> Poste en réponse le rapport de RootRepeal (contenu du fichier RootRepealn1.txt)

Note: Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

[Powaaa]

Désolé du retard.

Donc j'ai fais ce que tu m'as dis, mais le scan n'a duré que quelques secondes. J'espère donc que j'ai bien suivi tes consignes.

Merci de ton aide, voilà!!!:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/17 22:27

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP1

==================================================

 

Drivers

-------------------

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x87F04000 Size: 815104 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0x8C800000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: sprn.sys

Image Path: C:\Windows\System32\Drivers\sprn.sys

Address: 0x80691000 Size: 1052672 File Visible: No Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Processes

-------------------

Path: SYSTEM

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1256 Status: Locked to the Windows API!

 

SSDT

-------------------

#: 078 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x9a10d46c

 

#: 194 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0x9a10d458

 

#: 201 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0x9a10d45d

 

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0x9a10d467

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x84e0c1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CREATE]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CLOSE]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_POWER]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_PNP]

Process: System Address: 0x868ba1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System Address: 0x84e0b1f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_CREATE]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_CLOSE]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_READ]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_WRITE]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_SHUTDOWN]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_POWER]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: cdromp, IRP_MJ_PNP]

Process: System Address: 0x868b51f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x867e91f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]

Process: System Address: 0x86e011f8 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]

Process: System Address: 0x86e0c500 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CREATE]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CLOSE]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_POWER]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_PNP]

Process: System Address: 0x869321f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]

Process: System Address: 0x8447c1f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x867e41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]

Process: System Address: 0x867b41f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CREATE]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLOSE]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_READ]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_WRITE]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SHUTDOWN]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLEANUP]

Process: System Address: 0x878b91f8 Size: 121

 

Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_PNP]

Process: System Address: 0x878b91f8 Size: 121

 

==EOF==

[Falkra]

Télécharge une copie fraîche de combofix ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Remplace celle qui se trouve sur ton bureau, et refais une passe avec combofix stp.

[Powaaa]

Helloooooo!!!!!!!!!

 

Je reposte ici pour rien mais bon. Juste pour te dire merci de tes efforts Falkra. Mais mon ordi de l'époque a arrêté de fonctionné (d'où ma longue absence). Au final j'ai préféré en changé car ma carte graphique ne marchait plus. Ça règle un peu les problèmes de virus du coup.

 

Bon là j'ai un léger problème avec mon nouvel ordinateur et internet explorer. Je ne sais pas si je dois créé un nouveau sujet étant donné que la machine est différente. Je verrai. Sinon, encore merci .

 

A +.