grosse infection[résolu]

[bruce lee]

Bonjour Loukass,

 

Evite de surfer sur Internet et de rentrer tes codes confidentiels (banque...etc)

 

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

 

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 

File::

C:\WINDOWS\system32\qspouuna.ini

C:\WINDOWS\system32\byXRiGaB.dll

C:\WINDOWS\System32\anuuopsq.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"fcd41e31"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRiGaB]

 

-Enregistre ce fichier dans: Bureau

-Nom du fichier : CFScript

-Type du fichier : tous les fichiers

-clique sur Enregistrer

-quitte le Bloc Notes

 

 

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

 

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
  

 

Télécharge la dernière version de AVP Tool et enregistre-le sur ton bureau.

Installe-le en double-cliquant sur Setup_7.0.0.xxx.

 

Si ta suite de sécurité rouspète, désactive-là un instant pour installer l'outil de désinfection de Kaspersky.

 

Redémarre le pc en mode sans échec: http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm

 

Ouvre le dossier jaune de Kaspersky sur le bureau: double-clic sur le K rouge setup, coche TOUTES les cases puis clique sur Scan.

 

A la fin si des objets sont découverts, clique sur Neutralize all.

 

Clique sur Reports/Save to file --> nomme le fichier texte "Rapport kav" et colle ce rapport dans te réponse.

 

Ferme l'outil, on le désinstallera plus tard selon le rapport, il ne doit pas rester sur le pc car il évolue tous les jours!

 

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

 

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

 

Poste aussi un nouveau rapport ComboFix.

 

 

 

@+

Modifié le 23 mai 2008 par bruce lee

[loukass]

Salutations,

je n'ai plus de bureau au démarrage(mode sans échec et dern.bonn config aussi)

j'ai du l'éxécuter avec C/programme files sur le gestionnaire de tache.

 

le rapport Combopour commencer.

 

ComboFix 08-05-21.3 - lucas 2008-05-24 5:30:15.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.304 [GMT 2:00]

Endroit: C:\Documents and Settings\lucas\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\lucas\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

.

/wow section - STAGE 41

SED: couldn't write 55 items to stdout: Invalid argument

SED: couldn't flush stdout: Invalid argument

SED: couldn't flush stdout: Invalid argument

Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\byXRiGaB.dll

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\JTuxbJjl.ini

C:\WINDOWS\system32\qspouuna.ini

C:\WINDOWS\system32\vmsupubf.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier cr‚‚ dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

------- Sigcheck -------

 

 

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2008-05-23 04:48 155648 C:\WINDOWS\system32\ctfmon.exe]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-05-23 04:48 1122304 C:\Program Files\Messenger\msmsgs.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Local Security Authority Service"="C:\WINDOWS\System32\Isass.exe" []

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-23 04:48 393216 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe]

"Microsoft® System Manager"="C:\WINDOWS\system32\sysmgr.exe" [2008-05-23 13:19 64000 C:\WINDOWS\system32\sysmgr.exe]

"BMffe72dad"="C:\WINDOWS\System32\svemfgwx.dll" [2008-05-24 05:25 126464 C:\WINDOWS\system32\svemfgwx.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-05-23 04:48 155648 C:\WINDOWS\system32\ctfmon.exe]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ljJbxuTJ

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-24 05:33:08

Windows 5.1.2600 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\System32\ljJbxuTJ.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\System32\svemfgwx.dll

-> C:\WINDOWS\System32\ljJbxuTJ.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system\wcntfysvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe

C:\WINDOWS\slysom.exe

C:\WINDOWS\system32\rundll32.exe

C:\asguard.exe

C:\WINDOWS\TEMP\DIL4.tmp

C:\WINDOWS\TEMP\DIL5.tmp

C:\WINDOWS\mrofinu1001186.exexe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-24 5:34:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-24 03:34:04

ComboFix2.txt 2008-05-23 10:53:58

ComboFix3.txt 2008-05-23 00:27:34

 

Pre-Run: 27,743,358,976 octets libres

Post-Run: 27,739,262,976 octets libres

 

97

[loukass]

Désolé Bruce Lee,

impossible de te joindre un rapp. SDFix car après avoir lancé le processus il signale :

"le système ne peut trouver le fichier C:\document and settings\Bureau\SDFix\Apps\locate.com"

ensuite la fenetre SDFix ainsi que mon bureau disparaisse.Il faut que je repasse par le Gest.de tache pour le récupérer. j'ai éssayé de lancer SDFix en l'éxecutant avec la cible exact vers RunThis.bat mais le résultat est le meme.

j'essaie de t'envoyer un Rapport Kav.

@+

[bruce lee]

Salut,

 

Pense a Gmer aussi

[loukass]

salut salut,

je n'arrive pas à finaliser le Scan AVPtool. Il bloque à 99% et le PC redémarre.

 

le rapport gmer.:

 

GMER 1.0.14.14205 - http://www.gmer.net

Rootkit scan 2008-05-28 17:39:45

Windows 5.1.2600

 

 

---- System - GMER 1.0.14 ----

 

SSDT \??\C:\WINDOWS\system32\ksnhtr.sys (Windows File Protection/Microsoft Corporation) ZwCreateKey [0xF7F5995F] <-- ROOTKIT !!!

SSDT F88F9F07 ZwEnumerateValueKey

SSDT \??\C:\WINDOWS\system32\ksnhtr.sys (Windows File Protection/Microsoft Corporation) ZwOpenKey [0xF7F59A13] <-- ROOTKIT !!!

SSDT F88F9B5D ZwQueryDirectoryFile

SSDT F88F9CA3 ZwQuerySystemInformation

 

Code E16C8AEE ZwQueryDirectoryFile

Code E16C8AED NtQueryDirectoryFile

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [ 5F, 99, F5, F7 ]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [ 07, 9F, 8F, F8 ]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 804FC800 4 Bytes [ 13, 9A, F5, F7 ]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 350 804FC868 4 Bytes [ 5D, 9B, 8F, F8 ]

.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 3C0 804FC8D8 4 Bytes [ A3, 9C, 8F, F8 ]

PAGE ntoskrnl.exe!NtQueryDirectoryFile 805841B5 5 Bytes JMP E16C8AF2

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\sysmgr.exe[512] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FF928DA

.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FF9292E

.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FF9293B

.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FF92927

.text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\rundll32.exe[728] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\service.exe[816] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\svchost.exe[844] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[976] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[976] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\Rundll32.exe[1192] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\ctfmon.exe[1232] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system32\spoolsv.exe[1300] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\Program Files\Messenger\msmsgs.exe[1372] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\system\wcntfysvc.exe[1408] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

? C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

.text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\slysom.exe[1684] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.reloc Sections: C:\WINDOWS\Explorer.exe[1960] C:\WINDOWS\Explorer.exe section is executable [0x010F4000, 0xB600, 0xE2000060]

.reloc Sections: C:\WINDOWS\Explorer.exe[1960] C:\WINDOWS\Explorer.exe entry point in ".reloc" section [0x010F7600]

.text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\Explorer.exe[1960] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[1976] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[1976] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[2240] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[2372] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[2904] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[2904] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[2948] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3032] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3032] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3064] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3116] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3116] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3160] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3236] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3236] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3272] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3356] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3356] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3392] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3480] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3480] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3504] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3572] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3572] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3612] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3680] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3680] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[3716] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[3932] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[3932] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[4036] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[4192] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[4192] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE[4224] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[4284] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[4656] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[4656] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\System32\cmd.exe[4684] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.idata Sections: C:\WINDOWS\winlogon.exe[4808] C:\WINDOWS\winlogon.exe unknown last section [0x00414000, 0x1000, 0xC0000040]

.text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text C:\WINDOWS\winlogon.exe[4808] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text c:\d.exe[5096] ntdll.dll!NtCreateFile 77F6E603 5 Bytes CALL 7FFA28DA

.text c:\d.exe[5096] ntdll.dll!NtCreateProcess 77F6E6A3 5 Bytes CALL 7FFA292E

.text c:\d.exe[5096] ntdll.dll!NtCreateProcessEx 77F6E6B3 5 Bytes CALL 7FFA293B

.text c:\d.exe[5096] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

.text C:\Documents and Settings\lucas\Local Settings\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[5848] ntdll.dll!NtOpenFile 77F6EAF3 5 Bytes CALL 7FFA2927

 

---- User IAT/EAT - GMER 1.0.14 ----

 

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00A804A8

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00A804D2

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00A804FC

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00A80526

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00A80550

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00A8057A

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00A805A4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00A805CE

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00A805F8

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00A80622

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00A8064C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00A80676

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00A806A0

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00A806CA

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00A806F4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00A8071E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00A80748

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00A80772

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00A8079C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00A807C6

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00A807F0

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00A8081A

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00A80844

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00A8086E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00A80898

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00A80CB2

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00A80CDC

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00A80D06

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00A80D30

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00A80D5A

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00A80D84

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00A80DAE

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00A80DD8

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00A80E02

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00A80E2C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00A80E56

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00A80E80

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00A80EAA

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00A80ED4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00A80EFE

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00A80F28

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00A80F52

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00A80F7C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00A80FA6

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00A80FD0

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00AB0010

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB003A

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00AB0064

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00AB008E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00AB00B8

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00AB00E2

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB01B4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!FreeLibrary] 00AB01DE

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] 00AB0208

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] 00AB0232

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExA] 00AB025C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExW] 00AB0286

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!GetModuleFileNameW] 00AB02B0

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 00AB02DA

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0304

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 00AB032E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 00AB0358

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 00AB0382

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 00AB03AC

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00AB0550

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00AB057A

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00AB05A4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00AB05CE

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00AB05F8

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00AB0622

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00AB064C

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00AB0676

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00AB06A0

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00AB06CA

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00AB06F4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00AB071E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00AB0A90

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00AB0ABA

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00AB0AE4

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00AB0B0E

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00AB0B38

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00AB0B62

IAT C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe[1620] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00AB0B8C

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs ksnhtr.sys (Windows File Protection/Microsoft Corporation)

 

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira Antivir File Filter Driver Manager/Avira GmbH)

 

Device \Driver\Tcpip \Device\Ip F88FAEE8

Device \Driver\Tcpip \Device\Tcp F88FAEE8

Device \Driver\Tcpip \Device\Udp F88FAEE8

Device \Driver\Tcpip \Device\RawIp F88FAEE8

Device \Driver\Tcpip \Device\IPMULTICAST F88FAEE8

 

---- Modules - GMER 1.0.14 ----

 

Module \SystemRoot\System32\Drivers\Beep.SYS (*** hidden *** ) F8A4C000-F8A4F000 (12288 bytes)

Module \??\globalroot\systemroot\system32\drivers\clbdriver.sys (*** hidden *** ) F89E4000-F89E7000 (12288 bytes)

Module \??\C:\WINDOWS\System32\service.sys (*** hidden *** ) F88F8000-F88FD000 (20480 bytes)

 

---- Threads - GMER 1.0.14 ----

 

Thread 4:3984 F88FAC54

Thread 4:3988 F88FA0DF

---- Processes - GMER 1.0.14 ----

 

Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [548] 0x76F80000

 

Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 592

Library C:\WINDOWS\system32\services.exe (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [592] 0x01000000

Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [784] 0x76F80000

 

Process C:\WINDOWS\System32\service.exe (*** hidden *** ) 816

Library C:\WINDOWS\System32\service.exe (*** hidden *** ) @ C:\WINDOWS\System32\service.exe [816] 0x00400000

Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [844] 0x76F80000

Library C:\WINDOWS\system32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1300] 0x76F80000

Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [1372] 0x76F80000

Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1880] 0x76F80000

Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [1960] 0x76F80000

Library C:\WINDOWS\System32\CLBCATQ.DLL (*** hidden *** ) @ C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE [4224] 0x76F80000

 

---- Services - GMER 1.0.14 ----

 

Service C:\WINDOWS\system32\ksnhtr.sys (*** hidden *** ) [sYSTEM] ksnhtr <-- ROOTKIT !!!

Service C:\WINDOWS\system32\sywtdxaz.sys (*** hidden *** ) [sYSTEM] sywtdxaz <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0a03@Service pci

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\gencdrom@Service cdrom

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\gendisk@Service disk

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#dmio@Service dmio

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#swenum@Service swenum

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#update@Service update

Reg HKLM\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe

Reg HKLM\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip

Reg HKLM\SYSTEM\ControlSet001\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave

Reg HKLM\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd

Reg HKLM\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD

Reg HKLM\SYSTEM\ControlSet001\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll

Reg HKLM\SYSTEM\ControlSet001\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll

Reg HKLM\SYSTEM\ControlSet001\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184

Reg HKLM\SYSTEM\ControlSet001\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll

Reg HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet001\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\mnmdd\Video@Service mnmdd

Reg HKLM\SYSTEM\ControlSet001\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll

Reg HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll

Reg HKLM\SYSTEM\ControlSet001\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll

Reg HKLM\SYSTEM\ControlSet001\Services\RDPCDD\Video@Service RDPCDD

Reg HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll

Reg HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet001\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet001\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll

Reg HKLM\SYSTEM\ControlSet001\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll

Reg HKLM\SYSTEM\ControlSet001\Services\VgaSave\Video@Service VgaSave

Reg HKLM\SYSTEM\ControlSet001\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time

Reg HKLM\SYSTEM\ControlSet001\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll

Reg HKLM\SYSTEM\ControlSet001\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll

Reg HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll

Reg HKLM\SYSTEM\ControlSet001\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll

Reg HKLM\SYSTEM\ControlSet001\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0a03@Service pci

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gencdrom@Service cdrom

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gendisk@Service disk

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#dmio@Service dmio

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#swenum@Service swenum

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#update@Service update

Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe

Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD

Reg HKLM\SYSTEM\CurrentControlSet\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184

Reg HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr@ImagePath \??\C:\WINDOWS\system32\ksnhtr.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr\security

Reg HKLM\SYSTEM\CurrentControlSet\Services\ksnhtr\security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\Video@Service mnmdd

Reg HKLM\SYSTEM\CurrentControlSet\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\Video@Service RDPCDD

Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz@ImagePath \??\C:\WINDOWS\system32\sywtdxaz.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\sywtdxaz\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\Video@Service VgaSave

Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time

Reg HKLM\SYSTEM\CurrentControlSet\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*CPQA0D7@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0300@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0301@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0302@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0303@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0304@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0305@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0306@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0309@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp030a@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp030b@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0320@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0343@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0344@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0345@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0a03@Service pci

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0c08@Service ACPI

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f03@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f0b@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f0e@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f12@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\*pnp0f13@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\gencdrom@Service cdrom

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\gendisk@Service disk

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#cc_0604@Service pci

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0008@Service isapnp

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\pci#ven_1039&dev_5513@Service pciide

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\primary_ide_channel@Service atapi

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\PS2_KEYBOARD@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\PS2_MOUSE@Service i8042prt

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#dmio@Service dmio

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#ftdisk@Service ftdisk

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdpdr@Service rdpdr

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdp_kbd@Service TermDD

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#rdp_mou@Service TermDD

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#swenum@Service swenum

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\root#update@Service update

Reg HKLM\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\secondary_ide_channel@Service atapi

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{585161EA-4CD1-4C58-994F-2A1752CC03C4}\Ndi@Service WebClient

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{929400B8-0126-4546-BB4C-050A1C3F79C4}\Ndi@Service LanmanWorkstation

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0363D6CE-767F-4A18-8183-FBF2A1474DC9}\Ndi@Service Gpc

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{2867B2BD-9CF9-42C2-93FA-1EC52D34EB43}\Ndi@Service ALG

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{49C63024-A75B-48C9-A9EC-6633D694065F}\Ndi@Service wzcsvc

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{507EDB4D-E7AF-4668-81AD-FD46D9BBB53D}\Ndi@Service RemoteAccess

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{6A33A6F1-C8D2-4EAE-A010-892D589CDE44}\Ndi@Service LanmanServer

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{887530FB-939D-4F4D-BCCD-098E0714E9EB}\Ndi@Service RSVP

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CEC46F97-3C30-48B5-B7BC-34004539F68A}\Ndi@Service NetBIOS

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{E25E1413-060E-410F-9292-FDEF61E45668}\Ndi@Service PSched

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{F2258432-3035-422F-931C-E2DD836C7528}\Ndi@Service RasMan

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{08A5F9C3-81AA-4DC3-A6A1-915BC21398D6}\Ndi@Service Tcpip

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1971980E-5254-4818-9704-A9A1B3C0D918}\Ndi@Service NdisWan

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{1EAD70A1-21FF-4CB7-BB48-7D743E5CFB6C}\Ndi@Service NetBT

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{51DE79DA-5CCF-4EC8-920C-9EAF08CB371E}\Ndi@Service Ndisuio

Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{D61BC390-5D95-4609-A011-7E4784D8714A}\Ndi@Service RasPppoe

Reg HKLM\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\Tds\tcp@ServiceName tcpip

Reg HKLM\SYSTEM\ControlSet003\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\Video@Service VgaSave

Reg HKLM\SYSTEM\ControlSet003\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\Video@Service mnmdd

Reg HKLM\SYSTEM\ControlSet003\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\Video@Service RDPCDD

Reg HKLM\SYSTEM\ControlSet003\Services\Alerter\Parameters@ServiceDll %SystemRoot%\system32\alrsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\AppMgmt\Parameters@ServiceDll %SystemRoot%\System32\appmgmts.dll

Reg HKLM\SYSTEM\ControlSet003\Services\AudioSrv\Parameters@ServiceDll %SystemRoot%\System32\audiosrv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\BITS\Parameters@ServiceDll %systemroot%\system32\qmgr.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Browser\Parameters@ServiceDll %SystemRoot%\System32\browser.dll

Reg HKLM\SYSTEM\ControlSet003\Services\CryptSvc\Parameters@ServiceDll %SystemRoot%\System32\cryptsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters@ServiceDll %SystemRoot%\System32\dhcpcsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\dmserver\Parameters@ServiceDll %SystemRoot%\System32\dmserver.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Dnscache\Parameters@ServiceDll %SystemRoot%\System32\dnsrslvr.dll

Reg HKLM\SYSTEM\ControlSet003\Services\ERSvc\Parameters@ServiceDll %SystemRoot%\System32\ersvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184

Reg HKLM\SYSTEM\ControlSet003\Services\EventSystem\Parameters@ServiceDll C:\WINDOWS\System32\es.dll

Reg HKLM\SYSTEM\ControlSet003\Services\FastUserSwitchingCompatibility\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet003\Services\helpsvc\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\HidServ\Parameters@ServiceDll %SystemRoot%\System32\hidserv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@Type 1

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@Start 1

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr@ImagePath \??\C:\WINDOWS\system32\ksnhtr.sys

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr\security

Reg HKLM\SYSTEM\ControlSet003\Services\ksnhtr\security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\lanmanserver\parameters@ServiceDll %SystemRoot%\System32\srvsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\lanmanworkstation\parameters@ServiceDll %SystemRoot%\System32\wkssvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\LmHosts\Parameters@ServiceDll %SystemRoot%\System32\lmhsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Messenger\Parameters@ServiceDll %SystemRoot%\System32\msgsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\mnmdd\Video@Service mnmdd

Reg HKLM\SYSTEM\ControlSet003\Services\Netman\Parameters@ServiceDll %SystemRoot%\System32\netman.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Nla\Parameters@ServiceDll %SystemRoot%\System32\mswsock.dll

Reg HKLM\SYSTEM\ControlSet003\Services\NtmsSvc\Parameters@ServiceDll %SystemRoot%\system32\ntmssvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\RasAuto\Parameters@ServiceDll %SystemRoot%\System32\rasauto.dll

Reg HKLM\SYSTEM\ControlSet003\Services\RasMan\Parameters@ServiceDll %SystemRoot%\System32\rasmans.dll

Reg HKLM\SYSTEM\ControlSet003\Services\RDPCDD\Video@Service RDPCDD

Reg HKLM\SYSTEM\ControlSet003\Services\RemoteAccess\Parameters@ServiceDll %SystemRoot%\System32\mprdim.dll

Reg HKLM\SYSTEM\ControlSet003\Services\RemoteRegistry\Parameters@ServiceDll %SystemRoot%\system32\regsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\System32\rpcss.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Schedule\Parameters@ServiceDll %SystemRoot%\system32\schedsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\seclogon\Parameters@ServiceDll %SystemRoot%\System32\seclogon.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SENS\Parameters@ServiceDll %SystemRoot%\system32\sens.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters@ServiceDll %SystemRoot%\System32\ipnathlp.dll

Reg HKLM\SYSTEM\ControlSet003\Services\ShellHWDetection\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet003\Services\srservice\Parameters@ServiceDll C:\WINDOWS\System32\srsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SSDPSRV\Parameters@ServiceDll %SystemRoot%\System32\ssdpsrv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\stisvc\Parameters@ServiceDll %SystemRoot%\system32\wiaservc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@Type 1

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@Start 1

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz@ImagePath \??\C:\WINDOWS\system32\sywtdxaz.sys

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz\Security

Reg HKLM\SYSTEM\ControlSet003\Services\sywtdxaz\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\TapiSrv\Parameters@ServiceDll %SystemRoot%\System32\tapisrv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\TermService\Parameters@ServiceDll %SystemRoot%\System32\termsrv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Themes\Parameters@ServiceDll %SystemRoot%\System32\shsvcs.dll

Reg HKLM\SYSTEM\ControlSet003\Services\TrkWks\Parameters@ServiceDll %SystemRoot%\system32\trkwks.dll

Reg HKLM\SYSTEM\ControlSet003\Services\uploadmgr\Parameters@ServiceDll %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\upnphost\Parameters@ServiceDll %SystemRoot%\System32\upnphost.dll

Reg HKLM\SYSTEM\ControlSet003\Services\VgaSave\Video@Service VgaSave

Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Parameters@ServiceMain SvchostEntry_W32Time

Reg HKLM\SYSTEM\ControlSet003\Services\WebClient\Parameters@ServiceDll %SystemRoot%\System32\webclnt.dll

Reg HKLM\SYSTEM\ControlSet003\Services\winmgmt\Parameters@ServiceDll %SystemRoot%\system32\wbem\WMIsvc.dll

Reg HKLM\SYSTEM\ControlSet003\Services\WmdmPmSp\Parameters@ServiceDll C:\WINDOWS\System32\mspmspsv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\Wmi\Parameters@ServiceDll %SystemRoot%\System32\advapi32.dll

Reg HKLM\SYSTEM\ControlSet003\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\System32\wuauserv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\WZCSVC\Parameters@ServiceDll %SystemRoot%\System32\wzcsvc.dll

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run@service.exe C:\WINDOWS\System32\service.exe

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup@ServicePackSourcePath I:\

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2@ServiceName {04E7D010-09BA-4688-A053-F2D3D5BDA64A}

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\3@ServiceName {C7B8AD91-27DA-492A-8FF3-50A15A2871BA}

Reg HKLM\SOFTWARE\Classes\AppID\{000C101C-0000-0000-C000-000000000046}@ServiceParameters

Reg HKLM\SOFTWARE\Classes\AppID\{038ABBA4-4138-4AC4-A492-4A3DF068BD8A}@ServiceParameters -Service

Reg HKLM\SOFTWARE\Classes\AppID\{C49F2185-50A7-11D3-9144-00104BA11C5E}@ServiceParameters -Service

Reg HKLM\SOFTWARE\Classes\AppID\{D61A27C1-8F53-11D0-BFA0-00A024151983}@ServiceParameters -Service

Reg HKLM\SOFTWARE\Classes\AppID\{FE9E4896-A014-11D1-855C-00A0C944138C}@ServiceParameters -Service -From_DCOM

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray@Services 27

 

---- Files - GMER 1.0.14 ----

 

File C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\skin\en\service.loc 29946 bytes

File C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\skin\layout\service.ini 54308 bytes

File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Services de composants.lnk 1582 bytes

File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Services.lnk 1602 bytes

File C:\Documents and Settings\lucas\Bureau\virus\Kaspersky Lab Tool\skin\en\service.loc 29946 bytes

File C:\Documents and Settings\lucas\Bureau\virus\Kaspersky Lab Tool\skin\layout\service.ini 54308 bytes

File C:\Program Files\Fichiers communs\Services 0 bytes

File C:\Program Files\Fichiers communs\Services\bigfoot.bmp 2702 bytes

File C:\Program Files\Fichiers communs\Services\Thumbs.db 11776 bytes

File C:\Program Files\Fichiers communs\Services\verisign.bmp 2702 bytes

File C:\Program Files\Fichiers communs\Services\whowhere.bmp 2702 bytes

File C:\Program Files\Services en ligne 0 bytes

File C:\Program Files\Services en ligne\Connectez-vous en ligne avec MSN.lnk 1654 bytes

File C:\Program Files\Services en ligne\Indiquez-moi davantage de fournisseurs de services Internet.lnk 1025 bytes

File C:\WINDOWS\system32\drivers\etc\services 7445 bytes

File C:\WINDOWS\system32\drivers\vmdesched.sys 5632 bytes

File C:\WINDOWS\system32\services.msc 33075 bytes

File C:\WINDOWS\system32\clb.dll 11264 bytes

File C:\WINDOWS\system32\clbcatex.dll 100864 bytes

File C:\WINDOWS\system32\clbcatq.dll 468480 bytes

File C:\WINDOWS\system32\cdosys.dll 45056 bytes

File C:\WINDOWS\system32\clbinit.dll 1695 bytes

File C:\WINDOWS\system32\dllcache\clb.dll 11264 bytes

File C:\WINDOWS\system32\dllcache\clbcatex.dll 100864 bytes

File C:\WINDOWS\system32\dllcache\clbcatq.dll 468480 bytes

File C:\WINDOWS\system32\dllcache\services.exe 178688 bytes

File C:\WINDOWS\system32\service.exe 47616 bytes

File C:\WINDOWS\system32\service.sys 18368 bytes <-- ROOTKIT !!!

File C:\WINDOWS\system32\services.exe 101888 bytes <-- ROOTKIT !!!

File C:\WINDOWS\TEMP\clb3E8.tmp 114688 bytes

 

---- Services - GMER 1.0.14 ----

 

Service C:\WINDOWS\System32\service.sys [MANUAL] service.sys <-- ROOTKIT !!!

Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] Eventlog <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.14 ----

 

[bruce lee]

Salut,

 

SDFix supprime tes rootkits. Utilise le en mode sans echec puis poste son rapport.

[loukass]

Salut,

 

SDFix supprime tes rootkits. Utilise le en mode sans echec puis poste son rapport.

 

SDFix ne fonctionne toujours pas :

"le système ne peut pas trouver le programme:........"

J'ai essayé de le réinstaler ailleurs que sur le bureau(car il ne trouve pas cette cible) ça marche tj pas.

[loukass]

Salut

j'essaie de t'envoyer des rapport Kav(il n'est pas finalisé -99%-) un après le scan lors du travail de désinfection et l'autre lorsque Kaspersky bloque mais quand je veus le coller dans ma réponse ça ne marche pas!

Le gestionnaire de tache indique "pas de réponse" dans l'état du site ?!?

IE ne fonctionne tj pas ,ma connection passe par MSN.E.

 

Bon, à bientot

[bruce lee]

Salut loukass,

 

Je pense que le mieux est de formater une nouvelle fois. J'aimerai que tu suives ce tuto pour formater (formatage de bas niveau). Une fois formaté, réinstalle XP puis ton kit Internet. Ensuite télécharge et installe:

 

Antivir:

http://www.malekal.com/tutorial_antivir.php

 

_ Sunbelt Personal Firewall que tu peux télecharger ici http://www.inoculer.com/firewall5.php3

-tuto pour Sunbelt Personal Firewall http://www.vulgarisation-informatique.com/kerio.php

 

Telecharge et installe le puis mets le à jour si necessaire.

 

Poste ensuite un nouveau rapport HijackThis.

[loukass]

salut,

AIIIEEE, alors on passe à la solution extrème.

De toutes manière ça peut pas ètre pire donc pourquoi pas.

Tu peus m'envoyer le lien de ce tuto stp.

merci