GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-10 23:47:33
Windows 5.1.2600 Service Pack 3
Running: 6yncqbl0.exe; Driver: C:\DOCUME~1\Xavier\LOCALS~1\Temp\uxtyapog.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xF74340B0]
SSDT sptd.sys ZwEnumerateKey [0xF7439A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7439E20]
SSDT sptd.sys ZwOpenKey [0xF7434090]
SSDT sptd.sys ZwQueryKey [0xF7439EF8]
SSDT sptd.sys ZwQueryValueKey [0xF7439D78]
SSDT sptd.sys ZwSetValueKey [0xF7439F8A]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F64958AC 5 Bytes JMP 870B37A0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF616723F]
? System32\Drivers\ap09n2zk.SYS Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 3 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory + 4 7C91D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 873601E8
Device \FileSystem\Fastfat \FatCdrom 8595C980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5C88CD6E-569C-473F-A7A2-9EC1166DDC3A} 86FC11E8
Device \Driver\USBSTOR \Device\0000009d 859565D8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\USBSTOR \Device\0000009e 859565D8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 870B21E8
Device \Driver\usbuhci \Device\USBPDO-1 870B21E8
Device \Driver\usbuhci \Device\USBPDO-2 870B21E8
Device \Driver\ACPI \Device\00000053 86AAE4F8
Device \Driver\usbuhci \Device\USBPDO-3 870B21E8
Device \Driver\ACPI \Device\00000054 86AAE4F8
Device \Driver\usbehci \Device\USBPDO-4 87085600
Device \Driver\ACPI \Device\00000055 86AAE4F8
Device \Driver\ACPI \Device\00000056 86AAE4F8
Device \Driver\ACPI \Device\00000070 86AAE4F8
Device \Driver\ACPI \Device\00000057 86AAE4F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 873D21E8
Device \Driver\ACPI \Device\00000064 86AAE4F8
Device \Driver\ACPI \Device\00000058 86AAE4F8
Device \Driver\Cdrom \Device\CdRom0 86F771E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873D21E8
Device \Driver\ACPI \Device\00000059 86AAE4F8
Device \Driver\ACPI \Device\00000065 86AAE4F8
Device \Driver\Cdrom \Device\CdRom1 86F771E8
Device \Driver\atapi \Device\Ide\IdePort0 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ACPI \Device\00000066 86AAE4F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D7BAB0BF-73E0-4D62-A996-EA4C69C429AA} 86FC11E8
Device \Driver\ACPI \Device\00000067 86AAE4F8
Device \Driver\ACPI \Device\00000068 86AAE4F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86FC11E8
Device \Driver\ACPI \Device\00000090 86AAE4F8
Device \Driver\ACPI \Device\00000077 86AAE4F8
Device \Driver\ACPI \Device\00000091 86AAE4F8
Device \Driver\NetBT \Device\NetbiosSmb 86FC11E8
Device \Driver\ACPI \Device\00000079 86AAE4F8
Device \Driver\ACPI \Device\0000005a 86AAE4F8
Device \Driver\ACPI \Device\0000005b 86AAE4F8
Device \Driver\ACPI \Device\0000005d 86AAE4F8
Device \Driver\PCI_NTPNP8592 \Device\0000005f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 870B21E8
Device \Driver\ACPI \Device\0000006c 86AAE4F8
Device \Driver\ACPI \Device\0000007a 86AAE4F8
Device \Driver\usbuhci \Device\USBFDO-1 870B21E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 870FF980
Device \Driver\ACPI \Device\0000007b 86AAE4F8
Device \Driver\usbuhci \Device\USBFDO-2 870B21E8
Device \Driver\ACPI \Device\0000006e 86AAE4F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 870FF980
Device \Driver\usbuhci \Device\USBFDO-3 870B21E8
Device \Driver\ACPI \Device\0000006f 86AAE4F8
Device \Driver\usbehci \Device\USBFDO-4 87085600
Device \Driver\Ftdisk \Device\FtControl 873D21E8
Device \Driver\ACPI \Device\0000007e 86AAE4F8
Device \Driver\ACPI \Device\0000007f 86AAE4F8
Device \Driver\ap09n2zk \Device\Scsi\ap09n2zk1Port2Path0Target0Lun0 86F697C0
Device \Driver\ap09n2zk \Device\Scsi\ap09n2zk1 86F697C0
Device \FileSystem\Fastfat \Fat 8595C980
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86AEB980
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0xF8 0xB1 0xA8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB0 0x11 0x08 0xB4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0xE3 0xA6 0x81 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC3 0x58 0x21 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1928975804
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 332655
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0xF8 0xB1 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Jeux PC\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB8 0x09 0xC5 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x32 0xF4 0x2D 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBC 0xBD 0xD3 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x0A 0x67 0x26 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x0A 0x67 0x26 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0xF8 0xB1 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Jeux PC\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB8 0x09 0xC5 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x32 0xF4 0x2D 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE0 0x9B 0x7C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x0A 0x67 0x26 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x0A 0x67 0x26 0xAA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0xF8 0xB1 0xA8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Jeux PC\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB8 0x09 0xC5 0xCD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x32 0xF4 0x2D 0x8A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBC 0xBD 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x0A 0x67 0x26 0xAA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x0A 0x67 0x26 0xAA ...
---- EOF - GMER 1.0.15 ----