Se connecter / S'enregistrer
Votre question

analise hijack

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Janvier 2008 22:14:17

bonjour depuis quelque temps ma connexion internet se bloque et quand j'arrète mon pc une fenetre me dit "connection tray" ne répond plus quand je fais terminer le programme. le pc tente de s'éteindre mes reste bloquer sur la page "enregistrement des paramètres". je suis obliger de faire "reset" pour que ça redémarre. j'ai déjà réinstaller mon modem et réinitialiser ma connexion internet mais toujours le mm problème.

je soupçonne une infection j'ai donc fais un scan "hijack " mais je n'y vois rien d'anormal n'étant pas très expérimenter dans l'analyse de rapport hijack je vous demande votre aide svp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:18, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\david.SKOOLER\Bureau\HijackThis.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{17FF8950-DD98-4DD9-B298-B2602D6F9750}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{17FF8950-DD98-4DD9-B298-B2602D6F9750}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6097 bytes

Autres pages sur : analise hijack

12 Janvier 2008 22:25:30


Bonsoir ,

Visiblement pas un Virus , plutôt un problème Hardware
on va quand même regarder quelque chose

Télécharge Gmer < ici

Dézippe le sur ton Bureau
Ferme tout les programmes et Internet
Maintenant , double clique sur Gmer.exe

Si ton Antivirus te signale un problème , laisse le s'éxécuter
Clique sur l'onglet rootkit , puis coche Files et Services , puis clique sur Scan
une fois le scan terminé, clique sur Copy , puis ouvre le Bloc notes , puis onglet Edition , choisis Coller

le rapport se trouve maintenant dans le Bloc notes
enregistre le sur ton Bureau et Copie / Colle le dans ta réponse
12 Janvier 2008 23:08:57

ok voiçi le rapport gmer

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-12 18:06:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSystemDebugControl
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 70, 72, D7, F3, 00, D5, D7, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 80503AC4 12 Bytes [ 20, 0E, C7, F3, 80, 55, C6, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? srescan.sys Le fichier spécifié est introuvable.
.text USBPORT.SYS!DllUnload F61C062C 5 Bytes JMP 86136770
? System32\Drivers\av393nni.SYS Le fichier spécifié est introuvable.
.text ntkrnlpa.exe!ZwYieldExecution + 31EC 805039F8 12 Bytes [ 70, 72, D7, F3, 00, D5, D7, ... ]
.text ntkrnlpa.exe!ZwYieldExecution + 32B8 80503AC4 12 Bytes [ 20, 0E, C7, F3, 80, 55, C6, ... ]

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrW + FFE29E11 7C9D5008 4 Bytes [ 80, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrW + FFE29E1D 7C9D5014 4 Bytes [ F0, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrW + FFE2BCA9 7C9D6EA0 4 Bytes [ 90, 0A, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrW + FFE2BDA5 7C9D6F9C 4 Bytes [ B0, 02, 37, 03 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrW + FFE2BDC1 7C9D6FB8 4 Bytes [ 00, 0B, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHFree + 102 7C9FABBC 4 Bytes [ 60, 01, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFree + 9C 7C9FAD48 4 Bytes [ 90, 03, 37, 03 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHCoCreateInstance + 10A 7C9FF88C 4 Bytes [ 20, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHCoCreateInstance + 12E 7C9FF8B0 4 Bytes [ 30, 0D, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFindChild + 807 7CA0235C 4 Bytes [ F0, 00, 37, 03 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFindChild + E87 7CA029DC 4 Bytes [ 10, 00, 37, 03 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFindChild + 1753 7CA032A8 4 Bytes [ B0, 02, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFindChild + 1773 7CA032C8 4 Bytes [ 40, 02, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILFindChild + 17AB 7CA03300 4 Bytes [ D0, 01, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 64B 7CA0C1BC 4 Bytes [ 90, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 6A7 7CA0C218 4 Bytes [ 00, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!IsLFNDrive + 8DF 7CA0F328 4 Bytes [ 20, 03, 37, 03 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHTestTokenMembership + E5 7CA14A90 4 Bytes [ 00, 04, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILLoadFromStream + 54F 7CA1634C 4 Bytes [ F0, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!ILLoadFromStream + 65F 7CA1645C 4 Bytes [ D0, 08, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!DragQueryFileAorW + 3A0F 7CA2415C 4 Bytes [ B0, 09, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!DragQueryFileAorW + 4107 7CA24854 4 Bytes [ E0, 0B, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!DragQueryFileAorW + 41DF 7CA2492C 4 Bytes [ 90, 0A, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!DragQueryFileAorW + 428B 7CA249D8 4 Bytes [ 50, 0C, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!DragQueryFileAorW + 42AB 7CA249F8 4 Bytes [ 00, 0B, 34, 02 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!InternalExtractIconListA + 2033 7CA2C7E8 4 Bytes [ 40, 09, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!InternalExtractIconListA + 20EF 7CA2C8A4 4 Bytes [ 20, 0A, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!SHExtractIconsW + 100E 7CA333EC 4 Bytes [ 60, 0F, 34, 02 ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!StrStrIW + 1F5 7CA411A4 4 Bytes [ C0, 05, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!FindExeDlgProc + E4E2 7CAFDFD8 4 Bytes [ 50, 05, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!FindExeDlgProc + E4FE 7CAFDFF4 4 Bytes [ E0, 04, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1356] SHELL32.dll!FindExeDlgProc + E54A 7CAFE040 4 Bytes [ 70, 04, 42, 7E ]
.text E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1776] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ 70, 11, 76, 00 ]
.text E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2528] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ 70, 11, 3E, 00 ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, B0, CC, CC ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28003F90 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 280037C0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005880 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006240 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006050 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28005A50 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005740 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28005C40 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 28004870 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A360 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 2800A140 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009FA0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A540 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A780 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!StrStrW + FFE29E11 7C9D5008 4 Bytes [ 80, 00, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!StrStrW + FFE29E1D 7C9D5014 4 Bytes [ F0, 00, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!StrStrW + FFE2D2C9 7C9D84C0 4 Bytes [ B0, 02, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!StrStrW + FFE2D311 7C9D8508 4 Bytes [ 60, 01, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!StrStrW + FFE2DB71 7C9D8D68 4 Bytes [ 00, 04, 20, 7D ]
.text ...
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!ILFindChild + 1773 7CA032C8 4 Bytes [ 40, 02, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!ILFindChild + 17AB 7CA03300 4 Bytes [ D0, 01, 20, 7D ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] SHELL32.dll!Shell_NotifyIconW 7CA31B92 5 Bytes JMP 28002FE0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 28002100 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 28002200 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WININET.dll!InternetCloseHandle 4408DAC1 5 Bytes JMP 280091A0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WININET.dll!HttpOpenRequestA 44094399 5 Bytes JMP 28008E60 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WININET.dll!InternetReadFile 4409ABF4 5 Bytes JMP 28008FF0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3544] WININET.dll!HttpSendRequestA 4409CD78 5 Bytes JMP 280090D0 e:\Program Files\Messenger Plus! Live\MsgPlusLive.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7426AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7426C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7426B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7427748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F742761E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F743C29A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F3D7B9D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F3D7BEF0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F3D7C050] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F3D7BB40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F3D7BB40] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F3D7B9D0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]
Contenus similaires
12 Janvier 2008 23:29:12

merci
12 Janvier 2008 23:32:55


De rien , bonne continuation :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS