Publicité
Publicité
Format du document : text/plain
Prévisualisation
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 23:36:35
Windows 5.1.2600 Service Pack 3
Running: qyw8vvp0.exe; Driver: C:\DOCUME~1\SOUBIROU\LOCALS~1\Temp\uggyqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.pak2 C:\WINDOWS\system32\drivers\jkljvts.sys entry point in ".pak2" section [0xF73DE13D]
? C:\WINDOWS\system32\drivers\jkljvts.sys Un périphérique attaché au système ne fonctionne pas correctement.
PAGE Ntfs.sys F71EFE55 4 Bytes CALL 863790E1
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 862D58E0
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] jkljvts <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\jkljvts.sys (size mismatch) 802304/0 bytes executable
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-05-12 23:36:35
Windows 5.1.2600 Service Pack 3
Running: qyw8vvp0.exe; Driver: C:\DOCUME~1\SOUBIROU\LOCALS~1\Temp\uggyqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.pak2 C:\WINDOWS\system32\drivers\jkljvts.sys entry point in ".pak2" section [0xF73DE13D]
? C:\WINDOWS\system32\drivers\jkljvts.sys Un périphérique attaché au système ne fonctionne pas correctement.
PAGE Ntfs.sys F71EFE55 4 Bytes CALL 863790E1
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 862D58E0
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] jkljvts <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\jkljvts@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\jkljvts.sys (size mismatch) 802304/0 bytes executable
---- EOF - GMER 1.0.15 ----