Virus Ohrda1.Dll Impossible de s'en debarasse - Page 5
Résolu
Précédent
- 1
- 2
- 3
- 4
- 5
re,
j'attends la réponse de Malekal mais pour moi, gromozon n'est plus présent!
à toi de me dire Malekak!
a+
j'attends la réponse de Malekal mais pour moi, gromozon n'est plus présent!
à toi de me dire Malekak!
a+
Rapport Gmer :
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 19:15:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23A4 805010A8 8 Bytes [ 6F, 78, 31, F7, D0, 28, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 78, 31, F7, 83, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ D0, A0, 77, EE, BF, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 8 Bytes [ 60, 2C, 77, EE, E0, 8E, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23ED 805010F1 3 Bytes [ 91, 77, EE ]
.text ...
.text USBPORT.SYS!DllUnload F700B62C 5 Bytes JMP 864415B0
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 270018E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003510 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004BC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 27004760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 270048E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!send 719F428A 5 Bytes JMP 27009360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!recv 719F615A 5 Bytes JMP 27008FC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 270096F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetCloseHandle 771BE85D 5 Bytes JMP 27008230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 27007F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 270080B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 867CF1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 865361D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLEANUP 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_PNP 864164E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86511980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 862F3980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867631D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 19:15:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23A4 805010A8 8 Bytes [ 6F, 78, 31, F7, D0, 28, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 78, 31, F7, 83, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ D0, A0, 77, EE, BF, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 8 Bytes [ 60, 2C, 77, EE, E0, 8E, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23ED 805010F1 3 Bytes [ 91, 77, EE ]
.text ...
.text USBPORT.SYS!DllUnload F700B62C 5 Bytes JMP 864415B0
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 270018E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003510 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004BC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 27004760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 270048E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!send 719F428A 5 Bytes JMP 27009360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!recv 719F615A 5 Bytes JMP 27008FC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 270096F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetCloseHandle 771BE85D 5 Bytes JMP 27008230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 27007F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 270080B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 867CF1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 865361D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLEANUP 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_PNP 864164E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86511980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 862F3980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867631D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir tout le monde
Merci salwa d'avoir posé cette question ( à tester absolument ) :
« d'apres ce que j'ai compris cette infection bloque certain programe , es possible de contourner ca en renommant le programe en question , comme par exemple renomer gmer en abcd ??? »
Bonne chance
Al.
Merci salwa d'avoir posé cette question ( à tester absolument ) :
« d'apres ce que j'ai compris cette infection bloque certain programe , es possible de contourner ca en renommant le programe en question , comme par exemple renomer gmer en abcd ??? »
Bonne chance
Al.
Oauis j'ai acces a tous les programmes etc...
Encore un truc Bitdefender.... Ecoute j'ai Bitdefender sur mon Ordi, c'est pas efficace. Il ne m'a pas protege, alors le scan online de chez eux....
Voila.
Encore un truc Bitdefender.... Ecoute j'ai Bitdefender sur mon Ordi, c'est pas efficace. Il ne m'a pas protege, alors le scan online de chez eux....
Voila.
re,
le scan on line de bitdefender est très intéressant!
je voudrais voir le rapport qu'il montrera!
a+
le scan on line de bitdefender est très intéressant!
je voudrais voir le rapport qu'il montrera!
a+
Rapport Bitdefender :
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Jan 29, 2007 - 00:51:41
Voie d'analyse: C:\;D:\;
Statistiques
Temps
02:07:27
Fichiers
450779
Directoires
7825
Secteurs de boot
4
Archives
19197
Paquets programmes
40789
Résultats
Virus identifiés
0
Fichiers infectés
0
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
394334
Version des moteurs
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
6
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
Aucun virus trouvé.
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Jan 29, 2007 - 00:51:41
Voie d'analyse: C:\;D:\;
Statistiques
Temps
02:07:27
Fichiers
450779
Directoires
7825
Secteurs de boot
4
Archives
19197
Paquets programmes
40789
Résultats
Virus identifiés
0
Fichiers infectés
0
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
394334
Version des moteurs
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
6
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
Aucun virus trouvé.
re,
donc ça conforte mon point de vue!
la bébéte est morte!
Le pc tourne normalement?
Aucune alerte?
a+
donc ça conforte mon point de vue!
la bébéte est morte!
Le pc tourne normalement?
Aucune alerte?
a+
Tout tourne merveilleusement, j'ai comme l'impression qu'il tourne plus rapidement, les problemes que j'avais avec ie7 ont disparus ( il etait lent ), plus aucune alerte, stabilite 100%. bref tout pour le mieux dans le meilleur des mondes :)
Merci Encore a toi Did71 et a Malekal!
je sais pas comment vous remercier!!!!
Merci Encore a toi Did71 et a Malekal!
je sais pas comment vous remercier!!!!
Précédent
- 1
- 2
- 3
- 4
- 5
