ordinateur infecté

[rrepie]

Salut

J'ai bien mis le fichier nommé "rootrepeal" dans c:/ , j'ai lancé le programme, mais au moment de commencer le scan il me dit : "could not read the boot sector. Try adjusting the disk acces level in the option dialog." et le message apparait plusieurs fois à la suite. Et à la fin il me met "could not read system registry! Please contact the author!"

Le scan en tout prend à peine 5 secondes...

 

Je te poste quand même le rapport obtenu :

 

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/03 22:41

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

 

Drivers

-------------------

Name: dump_diskdump.sys

Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys

Address: 0x8FD5F000 Size: 40960 File Visible: No Signed: -

Status: -

 

Name: dump_nvstor32.sys

Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys

Address: 0x8FD69000 Size: 147456 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xA0DC9000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: spkp.sys

Image Path: C:\Windows\System32\Drivers\spkp.sys

Address: 0x80604000 Size: 995328 File Visible: No Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: Volume C:\

Status: MBR Rootkit Detected!

 

Path: Volume C:\, Sector 1

Status: Sector mismatch

 

Path: Volume C:\, Sector 2

Status: Sector mismatch

 

Path: Volume C:\, Sector 3

Status: Sector mismatch

 

Path: Volume C:\, Sector 4

Status: Sector mismatch

 

Path: Volume C:\, Sector 5

Status: Sector mismatch

 

Path: Volume C:\, Sector 6

Status: Sector mismatch

 

Path: Volume C:\, Sector 7

Status: Sector mismatch

 

Path: Volume C:\, Sector 8

Status: Sector mismatch

 

Path: Volume C:\, Sector 9

Status: Sector mismatch

 

Path: Volume C:\, Sector 10

Status: Sector mismatch

 

Path: Volume C:\, Sector 11

Status: Sector mismatch

 

Path: Volume C:\, Sector 12

Status: Sector mismatch

 

Path: Volume C:\, Sector 13

Status: Sector mismatch

 

Path: Volume C:\, Sector 14

Status: Sector mismatch

 

Path: Volume C:\, Sector 15

Status: Sector mismatch

 

Path: Volume C:\, Sector 16

Status: Sector mismatch

 

Path: Volume C:\, Sector 17

Status: Sector mismatch

 

Path: Volume C:\, Sector 18

Status: Sector mismatch

 

Path: Volume C:\, Sector 19

Status: Sector mismatch

 

Path: Volume C:\, Sector 20

Status: Sector mismatch

 

Path: Volume C:\, Sector 21

Status: Sector mismatch

 

Path: Volume C:\, Sector 22

Status: Sector mismatch

 

Path: Volume C:\, Sector 23

Status: Sector mismatch

 

Path: Volume C:\, Sector 24

Status: Sector mismatch

 

Path: Volume C:\, Sector 25

Status: Sector mismatch

 

Path: Volume C:\, Sector 26

Status: Sector mismatch

 

Path: Volume C:\, Sector 27

Status: Sector mismatch

 

Path: Volume C:\, Sector 28

Status: Sector mismatch

 

Path: Volume C:\, Sector 29

Status: Sector mismatch

 

Path: Volume C:\, Sector 30

Status: Sector mismatch

 

Path: Volume C:\, Sector 31

Status: Sector mismatch

 

Path: Volume C:\, Sector 32

Status: Sector mismatch

 

Path: Volume C:\, Sector 33

Status: Sector mismatch

 

Path: Volume C:\, Sector 34

Status: Sector mismatch

 

Path: Volume C:\, Sector 35

Status: Sector mismatch

 

Path: Volume C:\, Sector 36

Status: Sector mismatch

 

Path: Volume C:\, Sector 37

Status: Sector mismatch

 

Path: Volume C:\, Sector 38

Status: Sector mismatch

 

Path: Volume C:\, Sector 39

Status: Sector mismatch

 

Path: Volume C:\, Sector 40

Status: Sector mismatch

 

Path: Volume C:\, Sector 41

Status: Sector mismatch

 

Path: Volume C:\, Sector 42

Status: Sector mismatch

 

Path: Volume C:\, Sector 43

Status: Sector mismatch

 

Path: Volume C:\, Sector 44

Status: Sector mismatch

 

Path: Volume C:\, Sector 45

Status: Sector mismatch

 

Path: Volume C:\, Sector 46

Status: Sector mismatch

 

Path: Volume C:\, Sector 47

Status: Sector mismatch

 

Path: Volume C:\, Sector 48

Status: Sector mismatch

 

Path: Volume C:\, Sector 49

Status: Sector mismatch

 

Path: Volume C:\, Sector 50

Status: Sector mismatch

 

Path: Volume C:\, Sector 51

Status: Sector mismatch

 

Path: Volume C:\, Sector 52

Status: Sector mismatch

 

Path: Volume C:\, Sector 53

Status: Sector mismatch

 

Path: Volume C:\, Sector 54

Status: Sector mismatch

 

Path: Volume C:\, Sector 55

Status: Sector mismatch

 

Path: Volume C:\, Sector 56

Status: Sector mismatch

 

Path: Volume C:\, Sector 57

Status: Sector mismatch

 

Path: Volume C:\, Sector 58

Status: Sector mismatch

 

Path: Volume C:\, Sector 59

Status: Sector mismatch

 

Path: Volume C:\, Sector 60

Status: Sector mismatch

 

Path: Volume C:\, Sector 61

Status: Sector mismatch

 

Path: Volume C:\, Sector 62

Status: Sector mismatch

 

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1204 Status: Locked to the Windows API!

 

SSDT

-------------------

#: 078 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x9bf37fbc

 

#: 194 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0x9bf37fa8

 

#: 201 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0x9bf37fad

 

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0x9bf37fb7

 

Stealth Objects

-------------------

Object: Hidden Module [Name: wlmbrand.dll]

Process: msnmsgr.exe (PID: 6096) Address: 0x033d0000 Size: 20480

 

Object: Hidden Module [Name: msgsres.dll]

Process: msnmsgr.exe (PID: 6096) Address: 0x63e20000 Size: 11403264

 

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]

Process: msnmsgr.exe (PID: 6096) Address: 0x656d0000 Size: 364544

 

Object: Hidden Module [Name: msgrvsta.thm]

Process: msnmsgr.exe (PID: 6096) Address: 0x6ae30000 Size: 20480

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x85b941f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System Address: 0x85b921f8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]

Process: System Address: 0x87a21500 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]

Process: System Address: 0x873a81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_CREATE]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_CLOSE]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_POWER]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_PNP]

Process: System Address: 0x874b81f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]

Process: System Address: 0x877c61f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CREATE]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CLOSE]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CLEANUP]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_PNP]

Process: System Address: 0x877d11f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_CREATE]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_CLOSE]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_POWER]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_PNP]

Process: System Address: 0x874501f8 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]

Process: System Address: 0x8730b500 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]

Process: System Address: 0x85b901f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_CREATE]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_CLOSE]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_POWER]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: nvstor32, IRP_MJ_PNP]

Process: System Address: 0x85b931f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x873a71f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]

Process: System Address: 0x87b211f8 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CREATE]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CLOSE]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_READ]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_WRITE]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CLEANUP]

Process: System Address: 0x8548a500 Size: 121

 

Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_PNP]

Process: System Address: 0x8548a500 Size: 121

 

==EOF==

[Thanos]

ah! rrepie: est ce que tu as bien fait un clic droit sur RootRepeal.exe puis choisis "Exécuter en tant qu'Administrateur" pour lancer l'outil ?

 

Si ce n'est pas le cas, retente stp en oulbiant pas de faire cette manip

[rrepie]

salut

oui oui je l'ai bien exécuté en tant qu'administrateur. L'erreur vient peut-être du niveau de sécurité du disque dur...

mais le problème est toujours là...peut être que c'est le virus qui bloque le logiciel...

Modifié le 4 mars 2010 par rrepie

[Thanos]

salut

 

On va faire un vérification rrepie car le scan ROOTREPEAL mentionne la présence du rootkit mbr : des infos ici à son propos => http://cert.lexsi.com/weblog/index.php/200...-la-case-depart

 

Pour vérifier et confirmer, on va utiliser ce programme =>

 

Télécharge mbr.exe de Gmer sur le Bureau depuis ce lien

Désactive tes protections et coupe la connexion le temps du scan.

Fais un clic-droit sur mbr.exe et choisis "Exécuter en temps qu'administrateur"

Un rapport nommé mbr.log sera généré: poste son contenu stp.

[rrepie]

Salut

Désolé pour le retard

Voici le rapport de mbr.exe

J'espère que c'est ce à quoi tu t'attendais

 

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: error reading MBR

kernel: error reading MBR

 

 

Merci de ton aide

[Thanos]

salut rrepie

Est ce que tu as fait un clic droit sur le fichier mbr.exe puis choisis Exécuter en tant qu'administrateur avant de faire le scan ?

Recommence stp, mais désactive l'UAC avant. Une fois la désinfection terminée, tu pourras le remettre en route. Pour désactiver l'UAC, suis les indications données dans ce sujet >>

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

[rrepie]

salut

désolé du retard de la réponse, j'imagine bien que tu t'attendais une réponse mais j'avais totalement oublié avec le week end alors désolé.

Je te réponds maintenant : mon ordinateur exécute automatiquement toutes les applications.

Merci de ton aide en tout cas si cependant tu continue à le faire =) sans te remettre en cause bien entendue ^^