Aller au contenu

loukass

Membres
  • Compteur de contenus

    33
  • Inscription

  • Dernière visite

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Sexe
    Male

Autres informations

  • Mes langues
    francais

loukass's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonjour à vous, Mon PC tourne avec XP family SP3,FireWall:Sunbelt,Avira Antivir. Je sors d'une "grosse désinfection" et suite à un formatage j'ai réinstalé tout le système. Voici mon problème: Windows Update m'annonce de nlles mises à jour disponible(je lance l'update) puis ce message: Certaines mises à jour n'ont pas pu etre installées Les mises à jour suivantes n'ont pas été installée: Outil de suppression de logiciels malveillants Windows - mai 2008 (KB890830) Mise à jour pour Windows XP (KB942763) Windows Internet Explorer 7 pour Windows XP et voila, pas de code d'erreur spécifique ni de précision sur le problème. D'avance merci .
  2. Merci pour la clarté de tes conseilles et pour toutes ces infos. J'entame la phase de digestion,je ferai surement encore appel à tes services. @+ Bruce Lee
  3. A priori pas de problèmes ,MERCI ENCORE. Je vais voir ce forum. Bonne continuation Adios.
  4. Bruce Lee,bonjour à toi Avant tout je me joins à mon Pc pour te dire un grand MERCI. Ta technique antiviral est digne du grand Maitre dont tu portes le nom.(Ceux malgré ma GROOSSSE infection et les solutions radicales) -pour les mises à jour j'ai ce message: "certaines mises à jour ne peuvent pas etre installées: Outil de suppression de logiciels malveillants Windows - mai 2008 (KB890830) Mise à jour de sécurité pour Flash Player (KB923789) Mise à jour pour Windows XP (KB942763) Windows Internet Explorer 7 pour Windows XP" et rien d'autre.
  5. La suite Rapport Kav et hijack: Scan ---- Scanned: 105216 Detected: 0 Untreated: 0 Start time: 01/06/2008 05:59:34 Duration: 01:01:29 Finish time: 01/06/2008 07:01:03 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Logfile of HijackThis v1.99.1 Scan saved at 07:07:13, on 01/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\LUCAST~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: setup_7.0.0.180_18.05.2008_22-36 - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" -r (file missing) O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C'est pas trop mal ,qu'est-ce t'en dis ? Au fait ,certaines mises à jour ne peuvent pas etre installées: Outil de suppression de logiciels malveillants Windows - mai 2008 (KB890830) Mise à jour de sécurité pour Flash Player (KB923789) Mise à jour pour Windows XP (KB942763) Windows Internet Explorer 7 pour Windows XP Ce n'est peut-etre pas ta priorité je pense,mais Comment y remédier? @+
  6. Hello Bruce Lee, pour commencer un rapport mbam qui respire la santé: Malwarebytes' Anti-Malware 1.14 Version de la base de données: 811 05:46:29 01/06/2008 mbam-log-6-1-2008 (05-46-28).txt Type de recherche: Examen complet (C:\|H:\|) Eléments examinés: 47683 Temps écoulé: 6 minute(s), 35 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) la suite arrive.
  7. Peus-tu m'envoyer le lien pour le tuto de Sunbelt (l'autre correspond à Kerio) Merci d'avance.
  8. Salut Bruce lee, Ca a pas l'air mal (enfin): Je suis revenu à ma config d'origine -XP familial- J'ai donc pu accéder aux mises à jour-SP3-. Antivir / Sunbelt sont installés. Voici le rapport hijack: Logfile of HijackThis v1.99.1 Scan saved at 15:44:42, on 31/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\lucas temporal\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe Mon Pc est en grande forme,merci. En attente de ton analyse . à @
  9. salut, AIIIEEE, alors on passe à la solution extrème. De toutes manière ça peut pas ètre pire donc pourquoi pas. Tu peus m'envoyer le lien de ce tuto stp. merci
  10. Salut j'essaie de t'envoyer des rapport Kav(il n'est pas finalisé -99%-) un après le scan lors du travail de désinfection et l'autre lorsque Kaspersky bloque mais quand je veus le coller dans ma réponse ça ne marche pas! Le gestionnaire de tache indique "pas de réponse" dans l'état du site ?!? IE ne fonctionne tj pas ,ma connection passe par MSN.E. Bon, à bientot
  11. SDFix ne fonctionne toujours pas : "le système ne peut pas trouver le programme:........" J'ai essayé de le réinstaler ailleurs que sur le bureau(car il ne trouve pas cette cible) ça marche tj pas.
  12. salut salut, je n'arrive pas à finaliser le Scan AVPtool. Il bloque à 99% et le PC redémarre. le rapport gmer.: GMER 1.0.14.14205 - http://www.gmer.net Rootkit scan 2008-05-28 17:39:45 Windows 5.1.2600 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\ksnhtr.sys (Windows File Protection/Microsoft Corporation) ZwCreateKey [0xF7F5995F] <-- ROOTKIT !!! SSDT F88F9F07 ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\ksnhtr.sys (Windows File Protection/Microsoft Corporation) ZwOpenKey [0xF7F59A13] <-- ROOTKIT !!! SSDT F88F9B5D ZwQueryDirectoryFile SSDT F88F9CA3 ZwQuerySystemInformation Code E16C8AEE ZwQueryDirectoryFile Code E16C8AED NtQueryDirectoryFile ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [ 5F, 99, F5, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [ 07, 9F, 8F, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 804FC800 4 Bytes [ 13, 9A, F5, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 350 804FC868 4 Bytes [ 5D, 9B, 8F, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 3C0 804FC8D8 4 Bytes [ A3, 9C, 8F, F8 ] PAGE ntoskrnl.exe!NtQueryDirectoryFile 805841B5 5 Bytes JMP E16C8AF2 ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FF928DA .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FF9292E .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FF9293B .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FF92927 .text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[976] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 ? C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .reloc Sections: C:\WINDOWS\Explorer.exe[1960] C:\WINDOWS\Explorer.exe section is executable [0x010F4000, 0xB600, 0xE2000060] .reloc Sections: C:\WINDOWS\Explorer.exe[1960] C:\WINDOWS\Explorer.exe entry point in ".reloc" section [0x010F7600] .text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[1976] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[2904] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3032] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3116] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3236] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3356] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3480] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3572] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3680] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[3932] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[4192] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[4656] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .idata Sections: C:\WINDOWS\winlogon.exe[4808] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040] .text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text c:\d.exe[5096] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA .text c:\d.exe[5096] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E .text c:\d.exe[5096] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B .text c:\d.exe[5096] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 .text C:\Documents and Settings\lucas\Local Settings\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[5848] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00A804A8 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00A804D2 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00A804FC IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00A80526 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00A80550 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00A8057A IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00A805A4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00A805CE IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00A805F8 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00A80622 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00A8064C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00A80676 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00A806A0 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00A806CA IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00A806F4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00A8071E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00A80748 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00A80772 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00A8079C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00A807C6 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00A807F0 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00A8081A IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00A80844 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00A8086E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00A80898 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00A80CB2 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00A80CDC IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00A80D06 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00A80D30 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00A80D5A IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00A80D84 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00A80DAE IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00A80DD8 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00A80E02 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00A80E2C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00A80E56 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00A80E80 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00A80EAA IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00A80ED4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00A80EFE IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00A80F28 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00A80F52 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00A80F7C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00A80FA6 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00A80FD0 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00AB0010 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB003A IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00AB0064 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00AB008E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00AB00B8 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00AB00E2 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB01B4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!FreeLibrary] 00AB01DE IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] 00AB0208 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] 00AB0232 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExA] 00AB025C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExW] 00AB0286 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB02B0 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 00AB02DA IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0304 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 00AB032E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 00AB0358 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 00AB0382 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 00AB03AC IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00AB0550 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB057A IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00AB05A4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00AB05CE IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00AB05F8 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00AB0622 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00AB064C IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0676 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00AB06A0 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00AB06CA IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00AB06F4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00AB071E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00AB0A90 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00AB0ABA IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0AE4 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00AB0B0E IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00AB0B38 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00AB0B62 IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00AB0B8C ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs ksnhtr.sys (Windows File Protection/Microsoft Corporation) AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira Antivir File Filter Driver Manager/Avira GmbH) Device \Driver\Tcpip \Device\Ip F88FAEE8 Device \Driver\Tcpip \Device\Tcp F88FAEE8 Device \Driver\Tcpip \Device\Udp F88FAEE8 Device \Driver\Tcpip \Device\RawIp F88FAEE8 Device \Driver\Tcpip \Device\IPMULTICAST F88FAEE8 ---- Modules - GMER 1.0.14 ---- Module \SystemRoot\System32\Drivers\Beep.SYS (*** hidden *** ) F8A4C000-F8A4F000 (12288 bytes) Module \??\globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) F89E4000-F89E7000 (12288 bytes) Module \??\C:\WINDOWS\System32\service.sys (*** hidden *** ) F88F8000-F88FD000 (20480 bytes) ---- Threads - GMER 1.0.14 ---- Thread 4:3984 F88FAC54 Thread 4:3988 F88FA0DF ---- Processes - GMER 1.0.14 ---- Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [548] 0x76F80000 Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 592 Library C:\WINDOWS\system32\services.exe (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [592] 0x01000000 Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [784] 0x76F80000 Process C:\WINDOWS\System32\service.exe (*** hidden *** ) 816 Library C:\WINDOWS\System32\service.exe (*** hidden *** ) @ C:\WINDOWS\System32\service.exe [816] 0x00400000 Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [844] 0x76F80000 Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1300] 0x76F80000 Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [1372] 0x76F80000 Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1880] 0x76F80000 Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [1960] 0x76F80000 Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE [4224] 0x76F80000 ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\system32\ksnhtr.sys (*** hidden *** ) [sYSTEM] ksnhtr <-- ROOTKIT !!! Service C:\WINDOWS\system32\sywtdxaz.sys (*** hidden *** ) [sYSTEM] sywtdxaz <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0a03@Service pci Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\gencdrom@Service cdrom Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\gendisk@Service disk Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#dmio@Service dmio Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#swenum@Service swenum Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#update@Service update Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe Reg HKLM\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip Reg HKLM\SYSTEM\ControlSet001\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave Reg HKLM\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd Reg HKLM\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD Reg HKLM\SYSTEM\ControlSet001\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll Reg HKLM\SYSTEM\ControlSet001\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll Reg HKLM\SYSTEM\ControlSet001\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll Reg HKLM\SYSTEM\ControlSet001\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll Reg HKLM\SYSTEM\ControlSet001\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll Reg HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll Reg HKLM\SYSTEM\ControlSet001\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184 Reg HKLM\SYSTEM\ControlSet001\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll Reg HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet001\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll Reg HKLM\SYSTEM\ControlSet001\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\mnmdd\Video@Service mnmdd Reg HKLM\SYSTEM\ControlSet001\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll Reg HKLM\SYSTEM\ControlSet001\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll Reg HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll Reg HKLM\SYSTEM\ControlSet001\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll Reg HKLM\SYSTEM\ControlSet001\Services\RDPCDD\Video@Service RDPCDD Reg HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll Reg HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll Reg HKLM\SYSTEM\ControlSet001\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll Reg HKLM\SYSTEM\ControlSet001\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll Reg HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll Reg HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet001\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll Reg HKLM\SYSTEM\ControlSet001\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll Reg HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll Reg HKLM\SYSTEM\ControlSet001\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll Reg HKLM\SYSTEM\ControlSet001\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet001\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll Reg HKLM\SYSTEM\ControlSet001\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll Reg HKLM\SYSTEM\ControlSet001\Services\VgaSave\Video@Service VgaSave Reg HKLM\SYSTEM\ControlSet001\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time Reg HKLM\SYSTEM\ControlSet001\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll Reg HKLM\SYSTEM\ControlSet001\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll Reg HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll Reg HKLM\SYSTEM\ControlSet001\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll Reg HKLM\SYSTEM\ControlSet001\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll Reg HKLM\SYSTEM\ControlSet001\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0a03@Service pci Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gencdrom@Service cdrom Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gendisk@Service disk Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#dmio@Service dmio Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#swenum@Service swenum Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#update@Service update Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD Reg HKLM\SYSTEM\CurrentControlSet\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@ImagePath \??\C:\WINDOWS\system32\ksnhtr.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr\security Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\Video@Service mnmdd Reg HKLM\SYSTEM\CurrentControlSet\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\Video@Service RDPCDD Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@ImagePath \??\C:\WINDOWS\system32\sywtdxaz.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\Video@Service VgaSave Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time Reg HKLM\SYSTEM\CurrentControlSet\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0a03@Service pci Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\gencdrom@Service cdrom Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\gendisk@Service disk Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#dmio@Service dmio Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#swenum@Service swenum Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#update@Service update Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe Reg HKLM\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip Reg HKLM\SYSTEM\ControlSet003\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave Reg HKLM\SYSTEM\ControlSet003\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd Reg HKLM\SYSTEM\ControlSet003\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD Reg HKLM\SYSTEM\ControlSet003\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll Reg HKLM\SYSTEM\ControlSet003\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll Reg HKLM\SYSTEM\ControlSet003\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll Reg HKLM\SYSTEM\ControlSet003\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll Reg HKLM\SYSTEM\ControlSet003\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll Reg HKLM\SYSTEM\ControlSet003\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll Reg HKLM\SYSTEM\ControlSet003\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184 Reg HKLM\SYSTEM\ControlSet003\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll Reg HKLM\SYSTEM\ControlSet003\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet003\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@Start 1 Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@ImagePath \??\C:\WINDOWS\system32\ksnhtr.sys Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr\security Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\mnmdd\Video@Service mnmdd Reg HKLM\SYSTEM\ControlSet003\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll Reg HKLM\SYSTEM\ControlSet003\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll Reg HKLM\SYSTEM\ControlSet003\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll Reg HKLM\SYSTEM\ControlSet003\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll Reg HKLM\SYSTEM\ControlSet003\Services\RDPCDD\Video@Service RDPCDD Reg HKLM\SYSTEM\ControlSet003\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll Reg HKLM\SYSTEM\ControlSet003\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll Reg HKLM\SYSTEM\ControlSet003\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll Reg HKLM\SYSTEM\ControlSet003\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll Reg HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll Reg HKLM\SYSTEM\ControlSet003\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet003\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll Reg HKLM\SYSTEM\ControlSet003\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@Start 1 Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@ImagePath \??\C:\WINDOWS\system32\sywtdxaz.sys Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz\Security Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll Reg HKLM\SYSTEM\ControlSet003\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll Reg HKLM\SYSTEM\ControlSet003\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll Reg HKLM\SYSTEM\ControlSet003\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll Reg HKLM\SYSTEM\ControlSet003\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll Reg HKLM\SYSTEM\ControlSet003\Services\VgaSave\Video@Service VgaSave Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time Reg HKLM\SYSTEM\ControlSet003\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll Reg HKLM\SYSTEM\ControlSet003\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll Reg HKLM\SYSTEM\ControlSet003\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll Reg HKLM\SYSTEM\ControlSet003\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll Reg HKLM\SYSTEM\ControlSet003\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll Reg HKLM\SYSTEM\ControlSet003\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\System32\service.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup@ServicePackSourcePath I:\ Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2@ServiceName {04E7D010-09BA-4688-A053-F2D3D5BDA64A} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\3@ServiceName {C7B8AD91-27DA-492A-8FF3-50A15A2871BA} Reg HKLM\SOFTWARE\Classes\AppID\{000C101C-0000-0000-C000-000000000046}@ServiceParameters Reg HKLM\SOFTWARE\Classes\AppID\{038ABBA4-4138-4AC4-A492-4A3DF068BD8A}@ServiceParameters -Service Reg HKLM\SOFTWARE\Classes\AppID\{C49F2185-50A7-11D3-9144-00104BA11C5E}@ServiceParameters -Service Reg HKLM\SOFTWARE\Classes\AppID\{D61A27C1-8F53-11D0-BFA0-00A024151983}@ServiceParameters -Service Reg HKLM\SOFTWARE\Classes\AppID\{FE9E4896-A014-11D1-855C-00A0C944138C}@ServiceParameters -Service -From_DCOM Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray@Services 27 ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\skin\en\service.loc 29946 bytes File C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\skin\layout\service.ini 54308 bytes File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Services de composants.lnk 1582 bytes File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Services.lnk 1602 bytes File C:\Documents and Settings\lucas\Bureau\virus\Kaspersky Lab Tool\skin\en\service.loc 29946 bytes File C:\Documents and Settings\lucas\Bureau\virus\Kaspersky Lab Tool\skin\layout\service.ini 54308 bytes File C:\Program Files\Fichiers communs\Services 0 bytes File C:\Program Files\Fichiers communs\Services\bigfoot.bmp 2702 bytes File C:\Program Files\Fichiers communs\Services\Thumbs.db 11776 bytes File C:\Program Files\Fichiers communs\Services\verisign.bmp 2702 bytes File C:\Program Files\Fichiers communs\Services\whowhere.bmp 2702 bytes File C:\Program Files\Services en ligne 0 bytes File C:\Program Files\Services en ligne\Connectez-vous en ligne avec MSN.lnk 1654 bytes File C:\Program Files\Services en ligne\Indiquez-moi davantage de fournisseurs de services Internet.lnk 1025 bytes File C:\WINDOWS\system32\drivers\etc\services 7445 bytes File C:\WINDOWS\system32\drivers\vmdesched.sys 5632 bytes File C:\WINDOWS\system32\services.msc 33075 bytes File C:\WINDOWS\system32\clb.dll 11264 bytes File C:\WINDOWS\system32\clbcatex.dll 100864 bytes File C:\WINDOWS\system32\clbcatq.dll 468480 bytes File C:\WINDOWS\system32\cdosys.dll 45056 bytes File C:\WINDOWS\system32\clbinit.dll 1695 bytes File C:\WINDOWS\system32\dllcache\clb.dll 11264 bytes File C:\WINDOWS\system32\dllcache\clbcatex.dll 100864 bytes File C:\WINDOWS\system32\dllcache\clbcatq.dll 468480 bytes File C:\WINDOWS\system32\dllcache\services.exe 178688 bytes File C:\WINDOWS\system32\service.exe 47616 bytes File C:\WINDOWS\system32\service.sys 18368 bytes <-- ROOTKIT !!! File C:\WINDOWS\system32\services.exe 101888 bytes <-- ROOTKIT !!! File C:\WINDOWS\TEMP\clb3E8.tmp 114688 bytes ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\System32\service.sys [MANUAL] service.sys <-- ROOTKIT !!! Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] Eventlog <-- ROOTKIT !!! ---- EOF - GMER 1.0.14 ----
  13. Désolé Bruce Lee, impossible de te joindre un rapp. SDFix car après avoir lancé le processus il signale : "le système ne peut trouver le fichier C:\document and settings\Bureau\SDFix\Apps\locate.com" ensuite la fenetre SDFix ainsi que mon bureau disparaisse.Il faut que je repasse par le Gest.de tache pour le récupérer. j'ai éssayé de lancer SDFix en l'éxecutant avec la cible exact vers RunThis.bat mais le résultat est le meme. j'essaie de t'envoyer un Rapport Kav. @+
  14. Salutations, je n'ai plus de bureau au démarrage(mode sans échec et dern.bonn config aussi) j'ai du l'éxécuter avec C/programme files sur le gestionnaire de tache. le rapport Combopour commencer. ComboFix 08-05-21.3 - lucas 2008-05-24 5:30:15.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.304 [GMT 2:00] Endroit: C:\Documents and Settings\lucas\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\lucas\Bureau\CFScript.txt * Création d'un nouveau point de restauration . /wow section - STAGE 41 SED: couldn't write 55 items to stdout: Invalid argument SED: couldn't flush stdout: Invalid argument SED: couldn't flush stdout: Invalid argument Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXRiGaB.dll C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\JTuxbJjl.ini C:\WINDOWS\system32\qspouuna.ini C:\WINDOWS\system32\vmsupubf.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2008-05-23 04:48 155648 C:\WINDOWS\system32\ctfmon.exe] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-05-23 04:48 1122304 C:\Program Files\Messenger\msmsgs.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Local Security Authority Service"="C:\WINDOWS\System32\Isass.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-23 04:48 393216 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] "Microsoft® System Manager"="C:\WINDOWS\system32\sysmgr.exe" [2008-05-23 13:19 64000 C:\WINDOWS\system32\sysmgr.exe] "BMffe72dad"="C:\WINDOWS\System32\svemfgwx.dll" [2008-05-24 05:25 126464 C:\WINDOWS\system32\svemfgwx.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-05-23 04:48 155648 C:\WINDOWS\system32\ctfmon.exe] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ljJbxuTJ [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 05:33:08 Windows 5.1.2600 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\System32\ljJbxuTJ.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\System32\svemfgwx.dll -> C:\WINDOWS\System32\ljJbxuTJ.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system\wcntfysvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe C:\WINDOWS\slysom.exe C:\WINDOWS\system32\rundll32.exe C:\asguard.exe C:\WINDOWS\TEMP\DIL4.tmp C:\WINDOWS\TEMP\DIL5.tmp C:\WINDOWS\mrofinu1001186.exexe . ************************************************************************** . Temps d'accomplissement: 2008-05-24 5:34:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 03:34:04 ComboFix2.txt 2008-05-23 10:53:58 ComboFix3.txt 2008-05-23 00:27:34 Pre-Run: 27,743,358,976 octets libres Post-Run: 27,739,262,976 octets libres 97
  15. Encore de nombreeeuuuuux soucis: -"impossible de trouver iexplorer.exe" -le bureau disparé de temps en temps(bien sur je dois redémarrer) -le bloc note dans "démarrage" n'est pas accessible(mm pas un mess. d'erreur) -les rapport qui sont sur le bureau(combo etc...)ne sont pas des appl. win32 valide. il me faut les glisser/deposer sur un raccourci du bloc note trouvé dans c:windows. -je ne peus toujours pas installer Antivir Enfin un vrai plaisir ce PC . je te joins un hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:48:58, on 23/05/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\iexplore.exe C:\WINDOWS\System32\Isass.exe C:\WINDOWS\System32\mezziam.exe C:\WINDOWS\mrofinu1001186.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\cptoig.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\lucas\Bureau\virus\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\cptoig.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [fcd41e31] rundll32.exe "C:\WINDOWS\System32\anuuopsq.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 2689 bytes et un combo(CFScript) -poursuite de ta procédure- ComboFix 08-05-21.3 - lucas 2008-05-23 2:23:17.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.400 [GMT 2:00] Endroit: C:\Documents and Settings\lucas\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\lucas\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\mrofinu1001186.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\ftpupd.exe C:\WINDOWS\system32\isass.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\qspouuna.ini C:\WINDOWS\system32\wvUonKDu.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00 90624 C:\WINDOWS\system32\ctfmon.exe] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1089565 C:\Program Files\Messenger\msmsgs.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Local Security Authority Service"="C:\WINDOWS\System32\Isass.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 262184 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] "fcd41e31"="C:\WINDOWS\System32\anuuopsq.dll" [2008-05-23 01:16 115200 C:\WINDOWS\system32\anuuopsq.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 90624 C:\WINDOWS\system32\ctfmon.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRiGaB] byXRiGaB.dll 2008-05-23 01:05 57344 C:\WINDOWS\system32\byXRiGaB.dll *Newly Created Service* - ALG *Newly Created Service* - IPNAT . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 02:26:36 Windows 5.1.2600 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\WINDOWS\system32\qspouuna.ini 294 bytes Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\byXRiGaB.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\System32\anuuopsq.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-23 2:27:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-23 00:27:26 Pre-Run: 28,810,043,392 octets libres Post-Run: 28,770,541,568 octets libres 74 Desolé pour le double envoi.
×
×
  • Créer...