Résolu : generic sdbot W32/Sdbot.ftp.worm

Lutino · le 30 mars 2007

salut Bruce Lee voici le rapport smitfraudix

SmitFraudFix v2.157

Rapport fait à 18:51:29,85, ven. 30/03/2007

Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

d:\AVG Anti-Spyware 7.5\guard.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\MSTask.exe

d:\Alcohol 120\StarWind\StarWindService.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

C:\WINNT\system32\rundll32.exe

D:\AVG Anti-Spyware 7.5\avgas.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

D:\PC Alert III\alert.exe

D:\Mozilla Firefox\firefox.exe

C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" sockspy.dll sockspy.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Que penses tu de ces arrets intempestifs de windows dont je te parlais?

bitdefender et avg sont quand meme bien plus calmes... plus d'alertes depuis hier soir

à +

bruce lee · le 30 mars 2007

Re,

Supprime :

clean

clean.zip

SmitfraudFix

qui se trouve sur ton bureau.

Supprime ce qui est en gras :

C:\WINNT\system32\ age.exe<== le fichier

C:\WINNT\system32\ bxo.exe.mwt<== le fichier

Vide ensuite le contenu de ta corbeille.

Rfeais un scan en ligne avec kaspersky puis poste le rapport.

@+

Lutino · le 30 mars 2007

re

j'ai viré les 3 reps de mon bureau puis au moment de virer age.exe, bitdefender s'est réveillé et a bloquué uun generic.sdbot c:\winnt\system32\age.exe donc j'ai pas pu le virer puisqu'il (bdefender) a du le mettre en quarantaine? et j'ai pu virer le.exe.mwt...

Par contre j'ai un fichier, toujours dans system32, .exe (rien.exe) caché, qui me semble suspect: aucune version microsoft dans les proprietés et j'ai beau l'effacer il réapparait à chaque démarrage

voili voilà

@ + je lance kaspersky

Lutino · le 30 mars 2007

re,

kasperski:

Friday, March 30, 2007 9:46:54 PM

Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 30/03/2007

Enregistrements dans la base antivirus Kaspersky : 289246

Paramètres d'analyse

Analyser avec la base antivirus suivante étendue

Analyser les archives vrai

Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

Statistiques de l'analyse

Total d'objets analysés 50611

Nombre de virus trouvés 1

Nombre d'objets infectés 25 / 0

Nombre d'objets suspects 0

Durée de l'analyse 02:00:43

Nom de l'objet infecté Nom du virus Dernière action

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\cert8.db L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\formhistory.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\history.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\key3.db L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\parent.lock L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\search.sqlite L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\urlclassifier2.sqlite L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ... /[From "BB&T" ][Date Fri, 2 Mar 2007 01:21:07 +0100 (added by [email protected])]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From . ... /[From Ed ][Date Thu, 01 Mar 2007 22:44:03 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From ... /[From skogheden" ][Date 1 Mar 2007 19:14:15 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From "Bobbi BOFELOS" ][Date Thu, 1 Mar 2007 10:12:44 -0600]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From [email protected]][Date Wed, 28 Feb 2007 12:41:23 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl ... /[From Karim NAILI ][Date Tue, 27 Feb 2007 12:54:08 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "florence.ma ... /[From Adot ADOT ][Date Mon, 26 Feb 2007 18:22:45 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "[email protected]" ][Date Mon, 26 Feb 2007 16:34:42 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... / ... /[From "DD32 /(Auch DD/)" ][Date 26 Feb 2007 06:52:37 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[Fro ... /[From Casseurs de pub ][Date Thu, 22 Feb 2007 10:35:39 +0100]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From Chaiwat Howannapakorn ][Date Sun, 18 Feb 2007 16:10:55 -0800 (PST)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[ ... /[From Grimm" ][Date 18 Feb 2007 13:07:30 - ... /UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[ ... /[From Grimm" ][Date 18 Feb 2007 13:07:30 -0060]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[From Wild Lips ][Date Sun, 18 Feb 2007 04:52:33 PST]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson YMarguerite" ][Date Sun, 18 Feb 2007 17:19:13 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 ... ... /[From 3Cams ][Date Sat, 17 Feb 2007 23:14:32 PST]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 ... /[From scrutiny an ][Date Sun, 18 Feb 2007 14:34:43 +1000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18 ... /[From Angeline Redmond ][Date Sun, 18 Feb 2007 05:33:51 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18:51:01 +0100 ... /[From lover ][Date Fri, 16 Feb 2007 18:57:28 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18:51:01 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infecté - 24 ignoré

C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007033020070331\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Softwin\BitDefender8\asdict.dat L'objet est verrouillé ignoré

C:\WINNT\CSC000001 L'objet est verrouillé ignoré

C:\WINNT\Debug\ipsecpa.log L'objet est verrouillé ignoré

C:\WINNT\Debug\oakley.log L'objet est verrouillé ignoré

C:\WINNT\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINNT\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINNT\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINNT\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINNT\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINNT\system32\config\default L'objet est verrouillé ignoré

C:\WINNT\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINNT\system32\config\SAM L'objet est verrouillé ignoré

C:\WINNT\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINNT\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINNT\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINNT\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINNT\system32\config\software L'objet est verrouillé ignoré

C:\WINNT\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINNT\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINNT\system32\config\system L'objet est verrouillé ignoré

C:\WINNT\system32\config\SYSTEM.ALT L'objet est verrouillé ignoré

C:\WINNT\system32\drivers\sptd.sys L'objet est verrouillé ignoré

C:\WINNT\system32\drivers\sptd5725.sys L'objet est verrouillé ignoré

C:\WINNT\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré

C:\WINNT\temp\tmp000061f4\tmp00000000 L'objet est verrouillé ignoré

C:\WINNT\WindowsUpdate.log L'objet est verrouillé ignoré

D:\Alcohol 120\StarWind\logs\starwind.2007-03-30.18-28-50.log L'objet est verrouillé ignoré

Analyse terminée.

c'est mieux? ?

Lutino · le 1 avril 2007

salut

je fais remonter le topic car je pense que mister bruce lee est parti en vacances, donc si qqun peut me filer un coup de main...

merci d'avance

Thanos · le 2 avril 2007

salut

Oui bruce lee est en vacances (le veinard )Aussi, en attendant qu'il revienne >

Il va falloir vider ta boite mail (Thunderbird) car tu as reçu des mails infectés!

Une question : es tu en réseau?

Stp poste le rapport suivant >

Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

Le pc va certaienement redémarrer :c'est dû à DiagHelp ce coup ci! (même message d'alerte avec compte à rebours)

Modifié le 2 avril 2007 par charles ingals

Lutino · le 3 avril 2007

Salut Charles ingals et merci bien pour ton aide

1) non je ne suis pas en réseau (ma boite est branchée sur ma carte réseau mais c'est tout)

2) j'ai lançé diaghelp mais le pc n'a pas redemarré (pb?) en tout cas voici le rapport

C:\WINNT\System32/drivers\nwlnkcr.sys -->03/04/2007 22:23:11

C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45

C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44

C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34

C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32

C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44

C:\WINNT\System32/drivers\sptd5725.sys -->25/01/2007 09:07:32

C:\WINNT\System32\nvapps.xml -->03/04/2007 21:42:59

C:\WINNT\System32\jupdate-1.5.0_11-b03.log -->31/03/2007 08:47:54

C:\WINNT\System32\tmp.txt -->30/03/2007 18:51:34

C:\WINNT\System32\tmp.reg -->30/03/2007 18:51:34

C:\WINNT\System32\FNTCACHE.DAT -->29/03/2007 20:30:03

C:\WINNT\System32\Perflib_Perfdata_310.dat -->29/03/2007 19:19:26

C:\WINNT\System32\.exe -->29/03/2007 19:16:47

C:\WINNT\System32\Perflib_Perfdata_314.dat -->28/03/2007 20:46:52

C:\WINNT\System32\i -->28/03/2007 20:10:08

C:\WINNT\System32\dp.exe -->28/03/2007 12:12:16

C:\WINNT\System32\tj -->28/03/2007 12:12:13

C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49

C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43

C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49

C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28

C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27

C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43

C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07

C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49

C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05

C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23

C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32

C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25

C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14

C:\WINNT\System32\Perflib_Perfdata_640.dat -->20/03/2007 18:43:27

C:\WINNT\WindowsUpdate.log -->03/04/2007 22:59:02

C:\WINNT\iis5.log -->03/04/2007 22:57:56

C:\WINNT\KB925902.log -->03/04/2007 22:57:55

C:\WINNT\imsins.log -->03/04/2007 22:57:55

C:\WINNT\comsetup.log -->03/04/2007 22:57:55

C:\WINNT\ockodak.log -->03/04/2007 22:57:54

C:\WINNT\ocgen.log -->03/04/2007 22:57:54

C:\WINNT\updspapi.log -->03/04/2007 22:57:44

C:\WINNT\win.ini -->03/04/2007 21:53:21

C:\WINNT\ShellIconCache -->02/04/2007 22:40:37

C:\WINNT\QTFont.qfn -->01/04/2007 09:38:21

C:\WINNT\mozver.dat -->31/03/2007 08:48:14

C:\WINNT\SchedLgU.Txt -->30/03/2007 21:51:56

C:\WINNT\QTFont.for -->30/03/2007 19:11:55

C:\WINNT\Setup1.exe -->30/03/2007 13:33:12

C:\WINNT\alcrmv.exe |24/01/2007 21:00:18

C:\WINNT\alcupd.exe |24/01/2007 21:00:18

C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36

C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04

C:\WINNT\IsUninst.exe |24/01/2007 20:55:54

C:\WINNT\meta4.exe |25/02/2007 13:35:09

C:\WINNT\MOTA113.exe |25/02/2007 13:35:09

C:\WINNT\PATCH.EXE |27/01/2007 13:25:04

C:\WINNT\runtsckl.exe |02/11/2005 19:07:12

C:\WINNT\tsc.exe |27/01/2007 13:30:15

C:\WINNT\twunk_16.exe |16/12/1999 10:00:00

C:\WINNT\twunk_32.exe |16/12/1999 10:00:00

C:\WINNT\War3Unin.exe |10/02/2007 18:12:03

C:\WINNT\x2.64.exe |25/02/2007 13:35:09

C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20

C:\WINNT\BPMNT.dll |27/01/2007 13:30:14

C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15

C:\WINNT\loadhttp.dll |15/10/2002 15:29:40

C:\WINNT\patchw32.dll |14/12/2001 14:34:46

C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04

C:\WINNT\twain.dll |16/12/1999 10:00:00

C:\WINNT\twain_32.dll |16/12/1999 10:00:00

C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04

C:\WINNT\vsapi32.dll |27/01/2007 13:30:14

C:\WINNT\system32\.exe |28/03/2007 19:03:56

C:\WINNT\system32\append.exe |16/12/1999 10:00:00

C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10

C:\WINNT\system32\debug.exe |16/12/1999 10:00:00

C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04

C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04

C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04

C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04

C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00

C:\WINNT\system32\dp.exe |28/03/2007 12:12:16

C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13

C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38

C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00

C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00

C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00

C:\WINNT\system32\java.exe |31/03/2007 08:47:58

C:\WINNT\system32\javaw.exe |31/03/2007 08:47:58

C:\WINNT\system32\javaws.exe |31/03/2007 08:47:58

C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00

C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52

C:\WINNT\system32\mem.exe |16/12/1999 10:00:00

C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00

C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04

C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00

C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00

C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47

C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39

C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00

C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00

C:\WINNT\system32\Process.exe |27/03/2007 19:14:13

C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18

C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53

C:\WINNT\system32\redir.exe |16/12/1999 10:00:00

C:\WINNT\system32\setver.exe |16/12/1999 10:00:00

C:\WINNT\system32\share.exe |16/12/1999 10:00:00

C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56

C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13

C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13

C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13

C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13

C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00

C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08

C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26

C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04

C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04

C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08

C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09

C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26

C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26

C:\WINNT\system32\devil.dll |25/02/2007 13:35:08

C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00

C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04

C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00

C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06

C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06

C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04

C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00

C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06

C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52

C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58

C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10

C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24

C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35

C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35

C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08

C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00

C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05

C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05

C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05

C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37

C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37

C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00

C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37

C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37

C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26

C:\WINNT\system32\meter.dll |11/07/2002 11:38:14

C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27

C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06

C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04

C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36

C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14

C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08

C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09

C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09

C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09

C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13

C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17

C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19

C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19

C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18

C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16

C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13

C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00

C:\WINNT\system32\nview.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00

C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34

C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34

C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34

C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05

C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38

C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38

C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38

C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12

C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36

C:\WINNT\system32\px.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53

C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00

C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28

C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38

C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14

C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14

C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07

C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13

C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06

C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37

C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06

C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00

C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15

C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53

C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34

C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30

C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44

C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00

C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36

C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34

C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37

C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06

C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\WINNT\system32

19/06/2003 12:05 5 392 csrss.exe

1 fichier(s) 5 392 octets

0 Rép(s) 4 854 493 184 octets libres

Contenu de Downloaded Program Files

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\WINNT\Downloaded Program Files

20/03/2007 23:55 <DIR> .

20/03/2007 23:55 <DIR> ..

13/11/2006 20:48 946 296 asquared.ocx

07/12/2004 17:07 32 bdcore.dll

01/03/2005 15:08 118 784 bdupd.dll

25/02/2007 13:31 65 desktop.ini

01/03/2005 15:08 53 248 ipsupd.dll

08/08/2006 12:45 576 kavwebscan.inf

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

01/03/2005 12:15 1 246 oscan8.inf

16/03/2005 12:31 475 136 oscan8.ocx

14/03/2005 14:58 7 073 scanoptions.tsi

26/05/2005 05:19 291 wuweb.inf

02/11/2005 19:01 1 777 xscan.inf

02/11/2005 19:07 435 712 xscan53.ocx

15 fichier(s) 2 047 801 octets

Total des fichiers listés :

15 fichier(s) 2 047 801 octets

2 Rép(s) 4 854 427 648 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\Program Files

30/03/2007 13:33 <DIR> .

30/03/2007 13:33 <DIR> ..

24/01/2007 20:40 <DIR> Accessoires

11/02/2007 13:23 <DIR> AddOnsOO2

25/01/2007 13:32 <DIR> Adobe

25/02/2007 13:35 <DIR> AviSynth 2.5

24/02/2007 20:44 <DIR> Common Files

24/01/2007 20:41 <DIR> ComPlus Applications

28/01/2007 20:21 <DIR> directx

20/03/2007 23:42 <DIR> Fichiers communs

11/03/2007 20:17 <DIR> Google

02/02/2007 10:16 <DIR> Hewlett-Packard

25/02/2007 13:28 <DIR> Internet Explorer

31/03/2007 08:47 <DIR> Java

24/01/2007 20:40 <DIR> Lecteur Windows Media

02/02/2007 10:39 <DIR> Media Player Classic

24/01/2007 23:20 <DIR> microsoft frontpage

24/01/2007 23:34 <DIR> Microsoft Office

28/03/2007 14:50 <DIR> NetMeeting

11/02/2007 13:24 <DIR> OOoHG

11/02/2007 13:19 <DIR> OpenOffice.org 2.0

30/03/2007 13:33 <DIR> Optimisation Windows

29/03/2007 20:07 <DIR> Outlook Express

14/03/2007 22:02 <DIR> Picasa2

23/02/2007 15:25 <DIR> Pinnacle

24/01/2007 21:22 <DIR> Softwin

23/02/2007 15:25 <DIR> VOB

29/03/2007 20:08 <DIR> Windows Media Player

24/01/2007 20:40 <DIR> Windows NT

21/02/2007 14:41 <DIR> WinPcap

26/02/2007 19:52 <DIR> Yahoo!

0 fichier(s) 0 octets

31 Rép(s) 4 854 558 720 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\Program Files\fichiers communs

20/03/2007 23:42 <DIR> .

20/03/2007 23:42 <DIR> ..

25/01/2007 09:00 <DIR> Adobe

29/01/2007 20:12 <DIR> Ahead

07/03/2007 15:11 <DIR> InstallShield

11/02/2007 13:14 <DIR> Java

25/02/2007 13:31 <DIR> Microsoft Shared

02/02/2007 10:15 <DIR> MSSoap

24/01/2007 20:34 <DIR> ODBC

25/02/2007 13:31 <DIR> Services

24/01/2007 21:21 <DIR> Softwin

29/03/2007 20:07 <DIR> System

0 fichier(s) 0 octets

12 Rép(s) 4 854 558 720 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

24/01/2007 23:53 <DIR> .

24/01/2007 23:53 <DIR> ..

04/11/1999 02:38 561 210 MSONSEXT.DLL

03/06/1999 21:09 122 937 MSOWS409.DLL

07/03/2001 16:00 127 033 MSOWS40c.DLL

3 fichier(s) 811 180 octets

2 Rép(s) 4 854 493 184 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\Program Files\common files

24/02/2007 20:44 <DIR> .

24/02/2007 20:44 <DIR> ..

24/02/2007 20:53 <DIR> System

0 fichier(s) 0 octets

3 Rép(s) 4 854 554 624 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

Répertoire de C:\

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

2 fichier(s) 171 520 octets

0 Rép(s) 4 854 554 624 octets libres

c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe

c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe

c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe

c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe

c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe

c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe

c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe

c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe

c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe

c:\Documents and Settings\Administrateur\Bureau\blbeta.exe

c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe

c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

c:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

c:\Documents and Settings\Administrateur\Bureau\mwav.exe

c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe

c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe

c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB891861-v2-x86-FRA.EXE

c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Administrateur\Bureau\OptimisationWindows3-0-4\setup.exe

c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe

3) j'ai très souvent mais pas systematiquement un backdoor.sbot ou generic.sdbot que bitdefender bloque (avec un fichier style nimportequoi.exe) que je ne peux effacer qu'en mode ss echec mais qui revient à chaque fois.

') j'avais aussi, comme la personne que tu avais aidée, le dossier winnt en partage : j'ai fait la manip de registre que tu avais proposé et ça a disparu.

voilà c'est grave doc?

Lutino · le 3 avril 2007

ah oui j'oubliais j'ai vidé ma boite mail, mais le fait d'avoir des messages infectés me semble recent: les derneiers rapports n'en faisait pas cas je pense.

thanks

Thanos · le 3 avril 2007

salut

j'avais aussi, comme la personne que tu avais aidée, le dossier winnt en partage : j'ai fait la manip de registre que tu avais proposé et ça a disparu.

le dossier Winnt n'est plus en partage donc ? une bonne chose de faite!

Poste moi stp ces deux rapports >

*Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

*Ouvre HijackThis.

Clique sur Open Misc Tools Section

Assure toi que les deux cases de droite sont bien cochées:

* List all minor sections(Full)

* List Empty Sections(Complete)

Clique sur Generate StartupList Log

Click sur "oui" lorsque l'on te le demande.

Cela va générer un rapport,copie le et poste le ici.

Lutino · le 3 avril 2007

yop

ok voila déjà le rapport gmer

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-04-03 23:43:11

Windows 5.0.2195 Service Pack 4

---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey

SSDT sptd.sys ZwEnumerateKey

SSDT sptd.sys ZwEnumerateValueKey

SSDT \??\C:\Program Files\Softwin\BitDefender8\filespy.sys ZwOpenFile

SSDT sptd.sys ZwOpenKey

SSDT \??\d:\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess

SSDT sptd.sys ZwQueryKey

SSDT sptd.sys ZwQueryValueKey

SSDT sptd.sys ZwSetValueKey

SSDT \??\d:\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINNT\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

? C:\WINNT\System32\Drivers\SPTD5725.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

? C:\WINNT\System32\Drivers\vaxscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

? C:\WINNT\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable.

.text NTDLL.DLL!NtClose 784681F8 5 Bytes JMP 720342BA

.text NTDLL.DLL!NtCreateProcess 78468308 5 Bytes JMP 72034445

.text NTDLL.DLL!NtCreateSection 78468328 5 Bytes JMP 720342D8

---- User code sections - GMER 1.0.12 ----

.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\services.exe[280] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text d:\AVG Anti-Spyware 7.5\guard.exe[520] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00543140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\nvsvc32.exe[612] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\stisvc.exe[796] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\System32\WBEM\WinMgmt.exe[828] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe[880] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00523140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A

.text C:\WINNT\system32\rundll32.exe[976] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A

.text C:\WINNT\system32\rundll32.exe[976] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A

.text C:\WINNT\system32\rundll32.exe[976] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A

.text C:\WINNT\system32\rundll32.exe[976] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A

.text C:\WINNT\system32\rundll32.exe[976] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A

.text C:\WINNT\system32\rundll32.exe[976] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A

.text C:\WINNT\Explorer.EXE[1068] ADVAPI32.DLL!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A

.text C:\WINNT\Explorer.EXE[1068] ADVAPI32.DLL!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A

.text C:\WINNT\Explorer.EXE[1068] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A

.text C:\WINNT\Explorer.EXE[1068] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A

.text D:\Mozilla Firefox\firefox.exe[1096] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!FreeLibrary + 37 77E9089E 4 Bytes [ 9A, F7, 86, F9 ]

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text D:\Mozilla Firefox\firefox.exe[1096] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A

.text D:\Mozilla Firefox\firefox.exe[1096] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] advapi32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] advapi32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] shell32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] shell32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A

.text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00943140 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A

.text D:\PC Alert III\alert.exe[1200] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A

.text D:\PC Alert III\alert.exe[1200] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!closesocket 74FB145E 5 Bytes JMP 00943110 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!send 74FB1BCC 5 Bytes JMP 00942B00 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 00942DD0 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!sendto 74FB3454 5 Bytes JMP 00942D70 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!bind 74FB361B 5 Bytes JMP 009430D0 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 00942D00 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!connect 74FBC1B9 5 Bytes JMP 00942E00 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!listen 74FBC556 5 Bytes JMP 00942AC0 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] WS2_32.dll!accept 74FBC9B7 5 Bytes JMP 00942FE0 C:\WINNT\system32\sockspy.dll

.text D:\PC Alert III\alert.exe[1200] SHELL32.DLL!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A

.text D:\PC Alert III\alert.exe[1200] SHELL32.DLL!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A

.text C:\WINNT\system32\RUNDLL32.EXE[1292] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A

.text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] WS2_32.dll!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A

.text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] WS2_32.dll!listen 74FBC556 6 Bytes JMP 5F100F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!LoadLibraryA 77E9023D 5 Bytes JMP 00D93140 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] SHELL32.DLL!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] SHELL32.DLL!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 00D93110 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 00D92B00 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 00D92DD0 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 00D92D70 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 00D930D0 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 00D92D00 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 00D92E00 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 00D92AC0 C:\WINNT\system32\sockspy.dll

.text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 00D92FE0 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] KERNEL32.dll!CreateThread + 18 77E9B864 4 Bytes [ 68, 0F, 6E, 88 ]

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll

.text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!FreeLibrary + 37 77E9089E 4 Bytes [ 9A, F7, 86, F9 ]

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F220F5A

.text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F1F0F5A

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 827EC0E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 827EC0E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 827BBC68

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 827BBC68

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 827BBC68

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 827BBC68

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 827BBC68

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 827BBEA8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 826E7908

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 827BBEA8

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8247C728

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8247C728

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 826E7908

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 827BBEA8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 826E7908

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 826E7908

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 827BBEA8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SYSTEM_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_SYSTEM_CONTROL 824D20E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 824D20E8

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 827BB428

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 827BB428

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 824793C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 824793C8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 824D47A8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 824D47A8

Device \Driver000069 \Device000007 IRP_MJ_POWER [bFF3CEA8] sptd.sys

Device \Driver000069 \Device000007 IRP_MJ_SYSTEM_CONTROL [bFF50A70] sptd.sys

Device \Driver000069 \Device000007 IRP_MJ_PNP [bFF49728] sptd.sys

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 827BBEA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 827BBEA8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 824D40E8

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 824D40E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 826513E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 826513E8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLOSE 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_READ 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_WRITE 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_INFORMATION 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_INFORMATION 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_EA 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_EA 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FLUSH_BUFFERS 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DIRECTORY_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SHUTDOWN 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_LOCK_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLEANUP 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_MAILSLOT 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_SECURITY 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_SECURITY 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_POWER 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SYSTEM_CONTROL 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CHANGE 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_QUOTA 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_QUOTA 827BB9A8

Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_PNP 827BB9A8

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_READ 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 821902A8

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 821902A8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8245EB68

Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8245EB68

---- EOF - GMER 1.0.12 ----

miam

Connexion

Pas encore inscrit ?

Résolu : generic sdbot W32/Sdbot.ftp.worm

Messages recommandés

Lutino

Lien vers le commentaire

Partager sur d’autres sites

bruce lee

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Lien vers le commentaire

Partager sur d’autres sites

Lutino

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer