Bonjour !
J'aimerais savoir si mon rapport Gmer est sain , merci ! =)
GMER 1.0.15.15077 [skydzvmf.exe] -
http://www.gmer.net
Rootkit scan 2009-08-31 16:19:59
Windows 6.1.7100
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A233F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A231DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A236F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A23F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A241A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A78549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A986B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A1C1DC9D 28 Bytes [0F, B5, AB, 5F, B5, 7F, 10, ...]
.text peauth.sys A1C1DCC1 28 Bytes [0F, B5, AB, 5F, B5, 7F, 10, ...]
PAGE peauth.sys A1C23B9B 72 Bytes [A7, 86, 57, F4, 1D, 0E, 44, ...]
PAGE peauth.sys A1C23BEC 111 Bytes [90, 52, EC, 28, 51, 2C, 5D, ...]
PAGE peauth.sys A1C23E20 101 Bytes [E4, A5, 35, 49, 32, 83, 2F, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
? S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1616] S:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1616] S:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1616] USER32.dll!SfmDxSetSwapChainStats + 41B 75F1D488 4 Bytes [70, 11, 32, 6D]
? S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[2288] S:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[2288] S:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text S:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[2288] USER32.dll!SfmDxSetSwapChainStats + 41B 75F1D488 4 Bytes [70, 11, 32, 6D]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 939D5C85346250E4EB2766E2D3457F68612058B5A1D12AD9FCA4B95061F74980543E9E75DB2C137CB949E88458F9476201B1257124E48E14D076EF972F996C8387876752B96B37A92A6A366B08A82AE469B4AA55B1388719B2D2DA397C0A3F24D4A15AD3C25AB223AE58832073BF0308763E4DD5160DEC7B07333036EB003B14C70C9DA4154341591B37071950BFEB18E2B5F457BEB95D069165A9FE44C621BA4F97DC66EF07E26E28FB7DC5F63DC41352560FB53CA9B8347F08857E703D6FAF3FE945AB371A5AB9F1F2A604E462B32DC9318BBD465A25B55E92848B00D770C1507D8A7EF205ADC3793AC52C3A6C9FCD31A8DE31B55E8BF09FCBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A9C6AECB7A5D140746350F77DFF10990B2F306BFB0EF08D612D5AFE41DCECD53C0BE747C78DC2E5F31E01D09224923F343BA60D6E90B1DB5A7E1F92E781668C9592357D453621A82A0EAD35D663919522F04FCC726612D1BBFA3F273BD8F22BF5248D2DA49A97812705F2BAAAC602C0981498E1FE71082C83623A8B28DF270FAFAE0E8A1BF2B88FAFEBE41B9B8148247CC78EB7872E6CC53ED59C77F502FA916A417C2525A9168793000D6E6135AA591A3748D07D06B9BA34B36A3812EE
---- EOF - GMER 1.0.15 ----
FrenchKilleR
newbie
newbie
Messages: 14
Inscrit le: 24 Aoû 2009 18:21
* Message privé
Afficher la suite
