Assiste.Forums

Sécurité informatique et protection de la vie privée sur Internet

Vers le contenu

Rapport RkUnhooker

Modérateur: Modérateurs et Modératrices

Répondre

Rapport RkUnhooker

Messagede renegodiveau » 09 09 2007

Bonjour,
Suite du fil...
http://assiste.forum.free.fr/viewtopic.php?t=17583

nickW a écrit:Bonsoir,

Sans aucune espèce de garantie .....

TH42JV3 me fait penser à une exécution de RootkitRevealer.

Salut,



Mon scan RkUnhooker

Code: Tout sélectionner
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.506
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xB2F20E60
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateFile
Actual Address 0xB2F1D820
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateKey
Actual Address 0xB2F28690
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreatePort
Actual Address 0xB2F211F0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcess
Actual Address 0xB2F27480
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcessEx
Actual Address 0xB2F276B0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateSection
Actual Address 0xB2F2ACE0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateWaitablePort
Actual Address 0xB2F212D0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteFile
Actual Address 0xB2F1DEA0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteKey
Actual Address 0xB2F296A0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteValueKey
Actual Address 0xB2F292E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDuplicateObject
Actual Address 0xB2F271F0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtLoadKey
Actual Address 0xB2F299E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenFile
Actual Address 0xB2F1DCF0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenProcess
Actual Address 0xB2F26F40
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenThread
Actual Address 0xB2F26D60
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtReplaceKey
Actual Address 0xB2F29CD0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRequestWaitReplyPort
Actual Address 0xB2F20B00
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRestoreKey
Actual Address 0xB2F29F80
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSecureConnectPort
Actual Address 0xB2F21010
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetInformationFile
Actual Address 0xB2F1E010
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetValueKey
Actual Address 0xB2F28E67
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtTerminateProcess
Actual Address 0xB2F278E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
==============================================
>Shadow
NtUserMessageCall
Actual Address 0xB2F1F150
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserPostMessage
Actual Address 0xB2F1F1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserPostThreadMessage
Actual Address 0xB2F1F260
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserSendInput
Actual Address 0xB2F1F420
Hooked by: C:\WINDOWS\System32\vsdatant.sys
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x82FCA830

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 232
EPROCESS Address: 0x8258B558

Process: C:\Program Files\a-squared Free\a2service.exe
Process Id: 260
EPROCESS Address: 0x81D599A8

Process: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
Process Id: 288
EPROCESS Address: 0xFF601DA0

Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Process Id: 412
EPROCESS Address: 0xFF5FBDA0

Process: C:\WINDOWS\system32\smss.exe
Process Id: 496
EPROCESS Address: 0x8266DDA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 516
EPROCESS Address: 0xFF4C8DA0

Process: C:\WINDOWS\system32\csrss.exe
Process Id: 564
EPROCESS Address: 0x82674488

Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 592
EPROCESS Address: 0x82662DA0

Process: C:\WINDOWS\system32\services.exe
Process Id: 636
EPROCESS Address: 0x825486C0

Process: C:\WINDOWS\system32\lsass.exe
Process Id: 648
EPROCESS Address: 0x824D1798

Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 804
EPROCESS Address: 0x82557A50

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 832
EPROCESS Address: 0x82429500

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 892
EPROCESS Address: 0x8247A5C8

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 948
EPROCESS Address: 0x824B1500

Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Process Id: 1156
EPROCESS Address: 0x825D93C0

Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Process Id: 1372
EPROCESS Address: 0x81E579E0

Process: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Process Id: 1416
EPROCESS Address: 0x824E9438

Process: C:\Program Files\Alwil Software\Avast4\ashServ.exe
Process Id: 1540
EPROCESS Address: 0x82522BC0

Process: C:\WINDOWS\explorer.exe
Process Id: 1560
EPROCESS Address: 0x8254A520

Process: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Process Id: 1704
EPROCESS Address: 0x82533538

Process: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Process Id: 1740
EPROCESS Address: 0x82597BC0

Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 1776
EPROCESS Address: 0x824C7510

Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 1864
EPROCESS Address: 0x82534BC0

Process: C:\WINDOWS\system32\alg.exe
Process Id: 2400
EPROCESS Address: 0x81DDDBD0

Process: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Process Id: 996
EPROCESS Address: 0x824B8AE8

Process: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Process Id: 1716
EPROCESS Address: 0x82490448

Process: C:\RkUnhooker\bbwgkgNapUm6taf.exe
Process Id: 2360
EPROCESS Address: 0xF92760D8

==============================================
>Drivers
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA8C000
Size: 2637824 bytes

Driver: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000
Size: 2182400 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2182400 bytes

Driver: RAW
Address: 0x804D7000
Size: 2182400 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2182400 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1847296 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1847296 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Address: 0xF77EC000
Size: 1564672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xECE96000
Size: 1044480 bytes

Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFD10000
Size: 864256 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xECDF1000
Size: 675840 bytes

Driver: Ntfs.sys
Address: 0xF8562000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\v124nt.sys
Address: 0xB05ED000
Size: 495616 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB2E32000
Size: 454656 bytes

Driver: C:\WINDOWS\system32\DRIVERS\k56nt.sys
Address: 0xB0739000
Size: 393216 bytes

Driver: C:\WINDOWS\System32\vsdatant.sys
Address: 0xB2EEE000
Size: 389120 bytes

Driver: C:\WINDOWS\system32\drivers\cmaudio.sys
Address: 0xED032000
Size: 380928 bytes

Driver: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xECD1A000
Size: 364544 bytes

Driver: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB2F75000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB068E000
Size: 335872 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fallback.sys
Address: 0xB07B5000
Size: 290816 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000
Size: 270336 bytes

Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA17000
Size: 258048 bytes

Driver: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA56000
Size: 221184 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xECF95000
Size: 208896 bytes

Driver: C:\WINDOWS\system32\DRIVERS\faxnt.sys
Address: 0xB06E0000
Size: 200704 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xECD73000
Size: 200704 bytes

Driver: ACPI.sys
Address: 0xF86E6000
Size: 192512 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB084C000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF8535000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xAF534000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB2EA1000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB2F4D000
Size: 163840 bytes

Driver: dmio.sys
Address: 0xF8690000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xED00E000
Size: 147456 bytes

Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB2DEE000
Size: 143360 bytes

Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xECFEB000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xECFC8000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB2ECC000
Size: 139264 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB2E11000
Size: 135168 bytes

Driver: ACPI_HAL
Address: 0x806EC000
Size: 131968 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806EC000
Size: 131968 bytes

Driver: fltmgr.sys
Address: 0xF8618000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF86B6000
Size: 126976 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fsksnt.sys
Address: 0xB0799000
Size: 114688 bytes

Driver: Mup.sys
Address: 0xF8506000
Size: 110592 bytes

Driver: atapi.sys
Address: 0xF8662000
Size: 98304 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF8638000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xF85EF000
Size: 94208 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xECDB5000
Size: 94208 bytes

Driver: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xB0D22000
Size: 90112 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys
Address: 0xB2DD8000
Size: 90112 bytes

Driver: IdeChnDr.sys
Address: 0xF867A000
Size: 90112 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB0A15000
Size: 86016 bytes

Driver: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xECDDD000
Size: 81920 bytes

Driver: srescan.sys
Address: 0xF8521000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xED08F000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB2FCD000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000
Size: 73728 bytes

Driver: fasttrak.sys
Address: 0xF8650000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF8606000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF86D5000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xECDA4000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xECDCC000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF14AF000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF2F38000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF2EE8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF8976000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xED48E000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF2F08000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tonesnt.sys
Address: 0xB0CA2000
Size: 57344 bytes

Driver: VolSnap.sys
Address: 0xF8756000
Size: 57344 bytes

Driver: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF2EF8000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF8776000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xF14BF000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF2EC8000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xED4BE000
Size: 49152 bytes

Driver: agp440.sys
Address: 0xF8786000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF2ED8000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF8746000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF2EB8000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF8896000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xED47E000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xED49E000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\asusehcd.sys
Address: 0xF2F28000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF151F000
Size: 36864 bytes

Driver: disk.sys
Address: 0xF8766000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF14EF000
Size: 36864 bytes

Driver: isapnp.sys
Address: 0xF8736000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xED4AE000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF150F000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF14DF000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8AB6000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF2FD3000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xED259000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF8ABE000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF8AD6000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF8AC6000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF89B6000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xED249000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\asususbd.sys
Address: 0xF2488000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xED239000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF8ACE000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xF8A36000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF2FE3000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF2FC3000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF2FF3000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF2FDB000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF89BE000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF8AEE000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF8AF6000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF8AE6000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF2490000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF8ADE000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF2448000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Aspi32.SYS
Address: 0xB0D1A000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB02A9000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
Address: 0xED65F000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xF8BF2000
Size: 16384 bytes

Driver: IdeBusDr.sys
Address: 0xF8B4A000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF69E5000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xED1A2000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xEE116000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xED65B000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF8BEE000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8B46000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys
Address: 0xB0BAE000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEF07F000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF6A01000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xED64F000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF84BE000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xED58D000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xF8C3C000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xED58F000
Size: 8192 bytes

Driver: intelide.sys
Address: 0xF8C3A000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8C36000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xED58B000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8C64000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xED589000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF8C84000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8C76000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF8C38000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xED5B0000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8E8B000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8E71000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files

Suspect File: C:\WINDOWS\Debug\UserMode\userenv.log Status: Hidden


Suspect File: C:\WINDOWS\system32\wbem\Logs\wbemess.log Status: Hidden

==============================================
>Hooks

tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xB2FB3F28 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xB2FB3F54 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xB2FB3F60 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xF14E4B4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xF14E4B1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xF14E4B3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xF14E4B28 hook handler located in [vsdatant.sys]


Que faudrait-il faire!
Merci d'avance,
@+
(Lap) MS Win7 - Mandriva 2010
(Stat T) Win7
Avatar de l’utilisateur
renegodiveau
 
Messages: 812
Inscription: 13 07 2004
Haut
Répondre

Retourner vers RootKit

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités

Développé par phpBB® Forum Software © phpBB Group
Traduction par phpBB-fr.com