Trouver mon contenu
Non spécifié
Bonjour,
J'ai un rootkit ou malware dans mon ordi. j'ai utilise plusieurs logiciels donc RkUnhooker pour deceler. je vais vous donnez ce que j'ai comme rapport de ce logiciel. ce que fait entre autre ce foutu logiels malveillant captent tous les touches sur le claviers pour les envoyer a qui mieux mieux. j'Ai beaux de reformater mon systeme passe a travers facilement. On me dit que les malfaisants utilise une cle usb pour se logger sur mon systeme.
voici ce que rkunhooker a trouver.:
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.341.552
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xACF22040
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateFile
Actual Address 0xACF1E930
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateKey
Actual Address 0xACF29A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreatePort
Actual Address 0xACF22510
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcess
Actual Address 0xACF28870
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcessEx
Actual Address 0xACF28AA0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateSection
Actual Address 0xACF2BFD0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateWaitablePort
Actual Address 0xACF22600
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteFile
Actual Address 0xACF1EF20
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteKey
Actual Address 0xACF2A6E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteValueKey
Actual Address 0xACF2A440
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDuplicateObject
Actual Address 0xACF28580
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtLoadKey
Actual Address 0xACF2A8B0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtMapViewOfSection
Actual Address 0xACF2C270
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenFile
Actual Address 0xACF1ED70
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenProcess
Actual Address 0xACF28350
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenThread
Actual Address 0xACF28150
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRenameKey
Actual Address 0xACF2B250
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtReplaceKey
Actual Address 0xACF2ACB0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRequestWaitReplyPort
Actual Address 0xACF21C00
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRestoreKey
Actual Address 0xACF2B080
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSecureConnectPort
Actual Address 0xACF22220
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetInformationFile
Actual Address 0xACF1F120
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetValueKey
Actual Address 0xACF2A140
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtTerminateProcess
Actual Address 0xAA1A3A70
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
NtTerminateThread
Actual Address 0xAA1A2E40
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
==============================================
>Shadow
NtUserCreateWindowEx
Actual Address 0xAA1A3E50
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
NtUserDestroyWindow
Actual Address 0xAA1A4030
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
NtUserMessageCall
Actual Address 0xAA1A4070
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
NtUserPostMessage
Actual Address 0xAA1A4300
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
NtUserPostThreadMessage
Actual Address 0xAA1A44E0
Hooked by: C:\WINDOWS\system32\DRIVERS\PavProc.sys
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x8A97E7F8
Process: C:\WINDOWS\system32\MsPMSPSv.exe
Process Id: 212
EPROCESS Address: 0x88C71678
Process: C:\WINDOWS\system32\alg.exe
Process Id: 488
EPROCESS Address: 0x88C698B0
Process: C:\WINDOWS\system32\smss.exe
Process Id: 496
EPROCESS Address: 0x8A37ABC0
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 544
EPROCESS Address: 0x8A825518
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 576
EPROCESS Address: 0x89D34728
Process: C:\WINDOWS\system32\services.exe
Process Id: 620
EPROCESS Address: 0x89D8B3B8
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 632
EPROCESS Address: 0x89D7B5B8
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 804
EPROCESS Address: 0x89D96348
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 820
EPROCESS Address: 0x88AB6CA8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 912
EPROCESS Address: 0x88AA7B10
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
Process Id: 960
EPROCESS Address: 0x89330DA0
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
Process Id: 972
EPROCESS Address: 0x8A76F330
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1164
EPROCESS Address: 0x8A75FBA8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1220
EPROCESS Address: 0x88AB5020
Process: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
Process Id: 1240
EPROCESS Address: 0x888753D0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1244
EPROCESS Address: 0x88ABD660
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1324
EPROCESS Address: 0x88CF1330
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1364
EPROCESS Address: 0x88CE12D0
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 1636
EPROCESS Address: 0x88A33980
Process: C:\WINDOWS\ATKKBService.exe
Process Id: 1732
EPROCESS Address: 0x88A2E720
Process: C:\WINDOWS\system32\CTSVCCDA.EXE
Process Id: 1744
EPROCESS Address: 0x88A2B020
Process: C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
Process Id: 1768
EPROCESS Address: 0x889F66F0
Process: C:\WINDOWS\system32\LxrSII1s.exe
Process Id: 1860
EPROCESS Address: 0x889F5400
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
Process Id: 1904
EPROCESS Address: 0x88CA6DA0
Process: C:\Program Files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
Process Id: 1940
EPROCESS Address: 0x889EB980
Process: C:\WINDOWS\system32\HPZipm12.exe
Process Id: 1960
EPROCESS Address: 0x889EB020
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
Process Id: 1980
EPROCESS Address: 0x889EA320
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2032
EPROCESS Address: 0x889E5DA0
Process: C:\Program Files\Windows Defender\MsMpEng.exe
Process Id: 2144
EPROCESS Address: 0x88BF1020
Process: C:\WINDOWS\explorer.exe
Process Id: 2468
EPROCESS Address: 0x889DE6B8
Process: C:\Program Files\Microsoft IntelliType Pro\type32.exe
Process Id: 2612
EPROCESS Address: 0x88A9EDA0
Process: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Process Id: 2636
EPROCESS Address: 0x889D4420
Process: C:\WINDOWS\CTHELPER.EXE
Process Id: 2664
EPROCESS Address: 0x88A1EDA0
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Process Id: 2816
EPROCESS Address: 0x88CF5A20
Process: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
Process Id: 2820
EPROCESS Address: 0x8A8086B8
Process: C:\WINDOWS\V0420Mon.exe
Process Id: 2852
EPROCESS Address: 0x88CD7398
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
Process Id: 2860
EPROCESS Address: 0x88CB9DA0
Process: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Process Id: 2920
EPROCESS Address: 0x88AC7DA0
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 2964
EPROCESS Address: 0x88CD2508
Process: C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
Process Id: 3024
EPROCESS Address: 0x88C56020
Process: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Process Id: 3224
EPROCESS Address: 0x88987860
Process: C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
Process Id: 3244
EPROCESS Address: 0x88D212C8
Process: C:\Program Files\Internet Explorer\iexplore.exe
Process Id: 3628
EPROCESS Address: 0x88A075D0
Process: C:\Program Files\Windows Defender\MSASCui.exe
Process Id: 3748
EPROCESS Address: 0x88886020
Process: C:\RkUnhooker\44xNmWaLa4sc80x.exe
Process Id: 3864
EPROCESS Address: 0x88606020
==============================================
>Drivers
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF183000
Size: 3092480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB9AE9000
Size: 2625536 bytes
Driver: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000
Size: 2260992 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2260992 bytes
Driver: RAW
Address: 0x804D7000
Size: 2260992 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2260992 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1847296 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF476000
Size: 1589248 bytes
Driver: C:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xAD12D000
Size: 1064960 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys
Address: 0xB9860000
Size: 1044480 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys
Address: 0xB97B8000
Size: 688128 bytes
Driver: C:\WINDOWS\System32\drivers\ctac32k.sys
Address: 0xAD03D000
Size: 638976 bytes
Driver: Ntfs.sys
Address: 0xF7B52000
Size: 577536 bytes
Driver: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB9A0F000
Size: 499712 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_V124.sys
Address: 0xAA009000
Size: 491520 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xACE0A000
Size: 458752 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF096000
Size: 450560 bytes
Driver: C:\WINDOWS\System32\drivers\ACEDRV08.sys
Address: 0xAA9CC000
Size: 401408 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys
Address: 0xAA281000
Size: 393216 bytes
Driver: C:\WINDOWS\System32\vsdatant.sys
Address: 0xACEEF000
Size: 393216 bytes
Driver: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB9375000
Size: 385024 bytes
Driver: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xACF9D000
Size: 364544 bytes
Driver: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xAA1F5000
Size: 335872 bytes
Driver: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF104000
Size: 331776 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys
Address: 0xAA367000
Size: 290816 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF051000
Size: 282624 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xAA2E1000
Size: 266240 bytes
Driver: C:\WINDOWS\System32\atkdisp.dll
Address: 0xBF012000
Size: 245760 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys
Address: 0xB995F000
Size: 221184 bytes
Driver: C:\WINDOWS\System32\drivers\ctoss2k.sys
Address: 0xB9995000
Size: 208896 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys
Address: 0xAA0D1000
Size: 200704 bytes
Driver: ACPI.sys
Address: 0xF75A7000
Size: 192512 bytes
Driver: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF155000
Size: 188416 bytes
Driver: C:\WINDOWS\System32\drivers\emupia2k.sys
Address: 0xAD100000
Size: 184320 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xAA49F000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xF7837000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA900B000
Size: 176128 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PavProc.sys
Address: 0xAA1A2000
Size: 176128 bytes
Driver: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xACE7A000
Size: 176128 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xAA44E000
Size: 167936 bytes
Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB9AAD000
Size: 163840 bytes
Driver: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xACF75000
Size: 163840 bytes
Driver: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Address: 0xAD0D9000
Size: 159744 bytes
Driver: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xA95D9000
Size: 155648 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xACF4F000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB99EB000
Size: 147456 bytes
Driver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9A89000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB99C8000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xACEA5000
Size: 139264 bytes
Driver: ACPI_HAL
Address: 0x806FF000
Size: 134400 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000
Size: 134400 bytes
Driver: fltmgr.sys
Address: 0xF7877000
Size: 131072 bytes
Driver: ftdisk.sys
Address: 0xF74D7000
Size: 126976 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys
Address: 0xAA34A000
Size: 118784 bytes
Driver: C:\WINDOWS\system32\drivers\AtiHdAud.sys
Address: 0xAD2F9000
Size: 106496 bytes
Driver: Mup.sys
Address: 0xF7A35000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xF74BF000
Size: 98304 bytes
Driver: KSecDD.sys
Address: 0xF7408000
Size: 94208 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB945C000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA9CFC000
Size: 86016 bytes
Driver: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB9793000
Size: 81920 bytes
Driver: srescan.sys
Address: 0xF7973000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9AD5000
Size: 81920 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xACFF6000
Size: 77824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
Address: 0xAAA56000
Size: 77824 bytes
Driver: WudfPf.sys
Address: 0xF7864000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes
Driver: C:\WINDOWS\system32\Drivers\LxrSII1d.sys
Address: 0xAA247000
Size: 73728 bytes
Driver: sfdrv01.sys
Address: 0xF7961000
Size: 73728 bytes
Driver: pci.sys
Address: 0xF7596000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB9423000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xB97A7000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF741F000
Size: 65536 bytes
Driver: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF76B7000
Size: 65536 bytes
Driver: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Address: 0xF76C7000
Size: 65536 bytes
Driver: ohci1394.sys
Address: 0xF7607000
Size: 65536 bytes
Driver: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Address: 0xF748F000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB9E14000
Size: 61440 bytes
Driver: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF76D7000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAA172000
Size: 61440 bytes
Driver: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF7516000
Size: 61440 bytes
Driver: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7617000
Size: 57344 bytes
Driver: VolSnap.sys
Address: 0xF7647000
Size: 57344 bytes
Driver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7667000
Size: 53248 bytes
Driver: C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys
Address: 0xAA42E000
Size: 53248 bytes
Driver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF76E7000
Size: 53248 bytes
Driver: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7586000
Size: 49152 bytes
Driver: agp440.sys
Address: 0xF7687000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF745F000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xB9E04000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xF7627000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF76F7000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\drivers\WmXlCore.sys
Address: 0xF7556000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xB9E24000
Size: 40960 bytes
Driver: isapnp.sys
Address: 0xF75F7000
Size: 40960 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7526000
Size: 40960 bytes
Driver: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF7566000
Size: 40960 bytes
Driver: disk.sys
Address: 0xF7657000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF742F000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF7576000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF747F000
Size: 36864 bytes
Driver: PxHelp20.sys
Address: 0xF7677000
Size: 36864 bytes
Driver: sfsync02.sys
Address: 0xF7637000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF749F000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Address: 0xF7817000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF781F000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF779F000
Size: 32768 bytes
Driver: sfhlp02.sys
Address: 0xF771F000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys
Address: 0xF77A7000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xF77AF000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF780F000
Size: 32768 bytes
Driver: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7747000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7787000
Size: 28672 bytes
Driver: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7767000
Size: 28672 bytes
Driver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000
Size: 28672 bytes
Driver: C:\WINDOWS\System32\Drivers\sybex38.SYS
Address: 0xACD2A000
Size: 28672 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF776F000
Size: 24576 bytes
Driver: pavboot.sys
Address: 0xF7717000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7807000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF778F000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7777000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF77DF000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7797000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xF770F000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF774F000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF775F000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7757000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77B7000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\drivers\asusgsb.sys
Address: 0xBA7D4000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB9448000
Size: 16384 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBA7C4000
Size: 16384 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xAA7F8000
Size: 16384 bytes
Driver: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBA7E8000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\drivers\atkkbnt.sys
Address: 0xBA7DC000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\atkosdmini.dll
Address: 0xBF04E000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB9434000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\EIO.sys
Address: 0xF794B000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBA7EC000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9454000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Address: 0xAA4CC000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xB9450000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA7D0000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBA77E000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Video3D32.sys
Address: 0xBA7D8000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\drivers\WmBEnum.sys
Address: 0xBA7C0000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF7947000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79B5000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79B3000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79B7000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79CD000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\PfModNT.sys
Address: 0xF7A07000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79B9000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79AD000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79B1000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xB9DAB000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A75000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AB7000
Size: 4096 bytes
Driver: pciide.sys
Address: 0xF7A4F000
Size: 4096 bytes
==============================================
>Stealth
==============================================
>Files
==============================================
>Hooks
ntoskrnl.exe+0x00005B12, Type: Inline - RelativeJump 0x804DCB12 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA50, Type: Inline - RelativeJump 0x804E4A50 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA70, Type: Inline - RelativeJump 0x804E4A70 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DCA4, Type: Inline - RelativeJump 0x804E4CA4 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: Inline - RelativeCall 0x806B4DDE [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: Inline - RelativeCall 0x806B4DE3 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xACFDC428 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xACFDC454 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xACFDC460 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF74A4B4C [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF74A4B1C [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF74A4B3C [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF74A4B28 [vsdatant.sys]
[2468]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218 [shimeng.dll]
[2468]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4 [shimeng.dll]
[2468]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268 [shimeng.dll]
[2468]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9D15A4 [shimeng.dll]
[2468]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E39133C [shimeng.dll]
[2468]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x44081488 [shimeng.dll]
[2468]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719F109C [shimeng.dll]
[3628]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3D6D7D [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E3B2072 [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E3BB144 [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3A47AB [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3D085C [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3D0838 [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E3BA082 [ieframe.dll]
[3628]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3E64D5 [ieframe.dll]
hans
Inscrit(e) : 05 sept. 2008Hors-ligne Dernière activité : 20 sept. 2008 03:16
