Sujet Précédent Sujet Suivant

Sysprot me trouve une ligne rouge

Fermé
FRED - 24 oct. 2009 à 02:01
olivier114 Messages postés 1552 Date d'inscription mercredi 4 mars 2009 Statut Membre Dernière intervention 26 novembre 2013 - 24 oct. 2009 à 12:49
Bonjour,
voici un rapport sysprot il me trouve une ligne rouge dans kernel module [ Lbs.sys]SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Lbd.sys
Service Name: ---
Module Base: B8138000
Module End: B8147000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A7F575E0
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwAssignProcessToJobObject
Address: A7F572CE
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwConnectPort
Address: A7F57310
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateFile
Address: A7F573BE
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateKey
Address: B813887E
Driver Base: B8138000
Driver End: B8147000
Driver Name: Lbd.sys

Function Name: ZwCreateProcess
Address: A7F57C66
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcessEx
Address: A7F57CF2
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateThread
Address: A7F57D82
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDebugActiveProcess
Address: A7F5740E
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDuplicateObject
Address: A7F57450
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwLoadDriver
Address: A7F57494
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenKey
Address: A7F574D6
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenSection
Address: A7F57518
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenThread
Address: A7F5755A
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwProtectVirtualMemory
Address: A7F57628
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRequestWaitReplyPort
Address: A7F5759C
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRestoreKey
Address: A7F5766A
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwResumeThread
Address: A7F576B2
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSecureConnectPort
Address: A7F57742
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetValueKey
Address: A7F576F4
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSuspendProcess
Address: A7F577E6
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSystemDebugControl
Address: A7F57828
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateProcess
Address: A6A5F0B0
Driver Base: A6A56000
Driver End: A6A7B000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Function Name: ZwWriteVirtualMemory
Address: A7F578B8
Driver Base: A7F4C000
Driver End: A7F60000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: NOM-FB9B15D2723:3039
Remote Address: WW-IN-F139.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Opera\opera.exe
State: ESTABLISHED

Local Address: NOM-FB9B15D2723:3038
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3036
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3035
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3033
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3032
Remote Address: 193.159.160.138:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3031
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3029
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3027
Remote Address: 213-248-125-17.CUSTOMER.TELIACARRIER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3022
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3021
Remote Address: WW-IN-F139.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3020
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3019
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3017
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3016
Remote Address: 213-248-125-49.CUSTOMER.TELIACARRIER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3015
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3014
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3012
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3011
Remote Address: 213.200.111.215:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3009
Remote Address: WW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3008
Remote Address: 213-248-125-73.CUSTOMER.TELIACARRIER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3005
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:3004
Remote Address: 213-248-125-17.CUSTOMER.TELIACARRIER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2998
Remote Address: WW-IN-F165.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2997
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2996
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2995
Remote Address: EC4.EULERIAN.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2993
Remote Address: WY-IN-F156.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2992
Remote Address: WY-IN-F156.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2990
Remote Address: WW-IN-F165.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2989
Remote Address: 87.98.147.116:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2988
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2987
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2986
Remote Address: 91.103.140.2:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2984
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2982
Remote Address: 213-248-125-48.CUSTOMER.TELIACARRIER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2981
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2980
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2978
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2977
Remote Address: 81.52.160.160:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2976
Remote Address: SITECHECK2.OPERA.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2975
Remote Address: 81.52.160.185:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: NOM-FB9B15D2723:2627
Remote Address: 8.14.104.155:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: NOM-FB9B15D2723:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: NOM-FB9B15D2723:1033
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: NOM-FB9B15D2723:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: NOM-FB9B15D2723:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: NOM-FB9B15D2723:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:1038
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: NOM-FB9B15D2723:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: NOM-FB9B15D2723:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: NOM-FB9B15D2723:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found
A voir également:

1 réponse

Réponse 1 / 1
olivier114 Messages postés 1552 Date d'inscription mercredi 4 mars 2009 Statut Membre Dernière intervention 26 novembre 2013 104
24 oct. 2009 à 12:49
bonjour,
le mieux serait que vous faites ceci:
[list][*]Télécharge [url=http://images.malwareremoval.com/random/RSIT.exe]Random's System Information Tool (RSIT)[/url] de Random/Random, et enregistre le sur ton Bureau.
[*]Double clique sur RSIT.exe pour lancer l'outil.
[*]Clique sur "Continue" à l'écran Disclaimer.
[*]Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
[*]Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp/list

Tutoriel illustré pour t'aider : https://www.androidworld.fr/

[url=https://www.androidworld.fr/]Comment héberger les rapports trop longs de RSIT[/url]
0

Discussions similaires

Que veut dire "correspondant occupé" lors d'un appel ?
veroaaa -
Pat -

10 réponses
PIX
plart -
jordane45 -

1 réponse
Comment enlever le rouge sur la photo svp ?
lucas0909 -
bazfile -

11 réponses
Free : mon FreePlug classic est bloqué sur le voyant rouge
spark09 -
cc -

16 réponses
On me voit connecté sur facebook alors que je n'y suis pas
MrTheMolode -
lily -

5 réponses