Se connecter / S'enregistrer
Votre question

Tentatives d'intrusion sur mon PC depuis une récente infection [Résolu

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mars 2009 17:41:34

Bonjour à tous,
Je sollicite votre aide car j'ai été infecté ce matin après avoir ouvert malencontreusement un exécutable qui s'est avéré être un malware.
Avast! s'en est rendu compte une fois le fichier lancé et a bloqué le programme que j'ai envoyé directement à la corbeille.
J'ai réalisé 2 scans avec Avast! (le premier ayant détecté des erreurs, le second plus une seule) et un coup de Spybot (on ne sait jamais, j'ai trouvé 2 fichiers troyens de surcroit).
Le comportement de mon pc a changé après cela : nouvelle fenêtre pour éteindre le pc, demande de mot de passe au démarrage en l'absence de mot de passe et de case d'écran d'accueil cochée et surtout... tentative d'intrusion répétée dès que j'ouvre Firefox. Avast! me bloque une entrée vers "jl.chura.pl/rc/".

Découvrant cela, je redémarre mon PC en mode sans échec, refait un scan avec Avast! qui trouve de nouveau des virus.

Que faire ?

Voici un rapport HijackThis. Merci d'avance de votre aide précieuse.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:52, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD0027B-BA15-473F-A711-14444B61C887}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 12385 bytes

Autres pages sur : tentatives intrusion recente infection resolu

a b 8 Sécurité
11 Mars 2009 18:53:10

Bonjour,

Apparemment ok.

Télécharge Gmer. (Przemyslaw Gmerek)

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    m
    0
    l
    11 Mars 2009 20:05:02

    Voilà le scan.

    GMER 1.0.15.14878 - http://www.gmer.net
    Rootkit scan 2009-03-11 20:02:49
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    INT 0x62 ? 86B65BF8
    INT 0x73 ? 860F6BF8
    INT 0x74 ? 860F6BF8
    INT 0x84 ? 860F6BF8
    INT 0xA4 ? 86BD4BF8
    INT 0xB4 ? 860F6BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spcu.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload F66908AC 5 Bytes JMP 860F61D8
    .text aru0a74l.SYS F64EC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aru0a74l.SYS F64EC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aru0a74l.SYS F64EC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aru0a74l.SYS F64EC3C9 1 Byte [2E]
    .text aru0a74l.SYS F64EC3CB 9 Bytes [00, 00, 5A, 02, 00, 00, 00, ...] {ADD [EAX], AL; POP EDX; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF83FD0
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF8405F
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF8406C
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF84055
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF840AD
    .text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
    .text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
    .text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
    .text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
    .text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
    .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73FF040] spcu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73FF13C] spcu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73FF0BE] spcu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73FF7FC] spcu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73FF6D2] spcu.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F740F048] spcu.sys
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfRaiseIrql] 8B000000
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfLowerIrql] 56C35DE5
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
    IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86BD31F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Fastfat \FatCdrom 8592C378

    AttachedDevice \Driver\Tcpip \Device\Ip lnsfw1.sys
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\usbuhci \Device\USBPDO-0 860F31F8
    Device \Driver\usbuhci \Device\USBPDO-1 860F31F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86BD51F8
    Device \Driver\dmio \Device\DmControl\DmConfig 86BD51F8
    Device \Driver\dmio \Device\DmControl\DmPnP 86BD51F8
    Device \Driver\dmio \Device\DmControl\DmInfo 86BD51F8
    Device \Driver\usbuhci \Device\USBPDO-2 860F31F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{2418AA0B-6B07-4D60-93A6-02595EDB3E68} 858AD500
    Device \Driver\usbuhci \Device\USBPDO-3 860F31F8
    Device \Driver\usbehci \Device\USBPDO-4 85FDA1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{C17A5AF9-7947-4AF4-A3F2-5EDFF6739FED} 858AD500

    AttachedDevice \Driver\Tcpip \Device\Tcp lnsfw1.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86B661F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86B661F8
    Device \Driver\Cdrom \Device\CdRom0 860391F8
    Device \Driver\Cdrom \Device\CdRom1 860391F8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 86B661F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 858AD500
    Device \Driver\NetBT \Device\NetbiosSmb 858AD500
    Device \Driver\PCI_PNP2350 \Device\0000005c spcu.sys

    AttachedDevice \Driver\Tcpip \Device\Udp lnsfw1.sys
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp lnsfw1.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbuhci \Device\USBFDO-0 860F31F8
    Device \Driver\sptd \Device\3923771100 spcu.sys
    Device \Driver\sptd \Device\3923771100 spcu.sys
    Device \Driver\usbuhci \Device\USBFDO-1 860F31F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8595C500
    Device \Driver\usbuhci \Device\USBFDO-2 860F31F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8595C500
    Device \Driver\usbuhci \Device\USBFDO-3 860F31F8
    Device \Driver\usbehci \Device\USBFDO-4 85FDA1F8
    Device \Driver\Ftdisk \Device\FtControl 86B661F8
    Device \Driver\aru0a74l \Device\Scsi\aru0a74l1 860361F8
    Device \Driver\aru0a74l \Device\Scsi\aru0a74l1Port2Path0Target0Lun0 860361F8
    Device \FileSystem\Fastfat \Fat 8592C378

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Cdfs \Cdfs 85C62500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...

    ---- EOF - GMER 1.0.15 ----

    m
    0
    l
    Contenus similaires
    a b 8 Sécurité
    11 Mars 2009 20:18:40

    Pas infecté pour moi.
    m
    0
    l
    11 Mars 2009 20:36:56

    Euh dans ce cas j'ai un gros gros soucis alors parce que dès que je fais quelque chose Avast! me le bloque, empêche des fichiers de s'éxecuter, sous Firefox continue de bloquer un accès à "jl.chura.pl/rc/" (alors que je ne fais rien du tout pour y accéder).
    Dois-je faire une grosse sauvegarde et réinstaller Windows ?
    m
    0
    l
    12 Mars 2009 15:32:44

    j ai le même pb avec un exe que je n' aurais jamais du charger (...), et qui fait ramer mon IE; il essaye de pointer vers jl.chura.pl/rc , et ca fait beugguer IE...à l aide!!!

    ci après rapport gmer; merci !!!! :

    .text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\SearchIndexer.exe[792] kernel32.dll!WriteFile 7C810D87 7 Bytes JMP 00D31B19 C:\WINNT\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
    .text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\WINNT\system32\services.exe[976] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\WINNT\system32\services.exe[976] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
    .text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\Explorer.EXE[3160] Explorer.EXE 0101A8EB 4 Bytes [FF, 15, 1C, 11]
    .text C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is writeable [0x01001000, 0x44AD9, 0xE0000060]
    .reloc C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE2000040]
    .text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
    .text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtOpenFile
    m
    0
    l
    a b 8 Sécurité
    12 Mars 2009 17:13:44

    Chacun son sujet merci !

    Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue  à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt  (qui sera affiché)
    ainsi que de info.txt  (qui sera réduit dans la Barre des Tâches)
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit  
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    m
    0
    l
    a b 8 Sécurité
    12 Mars 2009 19:21:26

    Message supprimé : tu connais pas le sens de "chacun son sujet" ?
    m
    0
    l
    12 Mars 2009 19:37:45

    Angeldark, merci de ton aide mais suite à ton dernier message, j'ai pensé que tu abandonnais. J'ai donc lancé un formatage et une réinstallation de mon PC. Tant pis.
    Je mets mon sujet en "résolu". Merci de ton aide malgré tout.
    m
    0
    l
    a b 8 Sécurité
    13 Mars 2009 17:55:28

    Dommage :/ 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS