Se connecter / S'enregistrer
Votre question

Probleme virus ???

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
10 Février 2009 00:22:11

Pouvez vous m'aider ?? Merci d'avance .

Bonjour j'ai un probleme je viens de rinstaller windows et jai du passer un virus via ma cle USB.

En effet quand je clique deux fois sur le disque C:/ je declenche une alerte du meme virus Klif.sys
et je suis obliger de faire Explorer pour pouvoir enfin voir le contenu du disque C sinon impossible.
J'ai installé avira et il detecte ceci :

Dans le fichier 'C:\WINDOWS\system32\drivers\klif.sys'
un virus ou un programme indésirable 'RKIT/Agent.4160' [trojan] a été détecté.
Action exécutée : Refuser l'accès


j'ai donc fait un scan ici : http://webscanner.kaspersky.fr/ qui na rien detecté .


Apres quelques recherche sur le net j'ai installer Gmer

voici le rapport GMER :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-10 00:19:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F7CE33C4 ZwCreateThread
SSDT F7CE33B0 ZwOpenProcess
SSDT F7CE33B5 ZwOpenThread
SSDT F7CE33BF ZwTerminateProcess
SSDT F7CE33BA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\DOCUME~1\Ned\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\rundll32.exe[192] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[192] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[192] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + FFFF509F 71B51189 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + FFFF50B2 71B5119C 20 Bytes [ 38, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + FFFF50C8 71B511B2 9 Bytes [ 00, 00, 00, 00, 00, 00, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + FFFF50D2 71B511BC 14 Bytes [ 40, 00, 00, 00, 88, 02, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + FFFF50E1 71B511CB 6 Bytes [ 00, 88, 01, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCloseHandle + C 71B51F04 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCloseHandle + 18 71B51F10 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCloseHandle + 20 71B51F18 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCloseHandle + 24 71B51F1C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCloseHandle + 3C 71B51F34 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnect + 3D 71B538E6 30 Bytes [ 08, 00, 00, 00, 16, 00, 48, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnect + 5C 71B53905 4 Bytes [ 48, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnect + 61 71B5390A 18 Bytes [ 2A, 00, 08, 00, 30, 48, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnect + 76 71B5391F 27 Bytes [ 00, 00, 00, 08, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnect + 93 71B5393C 28 Bytes [ 00, 00, 24, 00, 08, 00, 44, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamFreeMemory + 2A 71B53A76 4 Bytes [ 08, 00, 00, 48 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamFreeMemory + 2F 71B53A7B 55 Bytes [ 00, 00, 00, 31, 00, 14, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupDomainInSamServer + 13 71B53AB3 16 Bytes [ 00, 00, 48, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupDomainInSamServer + 24 71B53AC4 15 Bytes [ 34, 00, 78, 00, 46, 08, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupDomainInSamServer + 36 71B53AD6 76 Bytes [ 16, 00, 0B, 01, 04, 00, 64, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupDomainInSamServer + 83 71B53B23 36 Bytes [ 00, 16, 00, 48, 00, 04, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenDomain + 20 71B53B48 19 Bytes [ 08, 00, 13, 21, 1C, 00, EC, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenDomain + 34 71B53B5C 19 Bytes [ 34, 00, 0C, 00, 30, 48, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenDomain + 48 71B53B70 36 Bytes [ 02, 00, 00, 00, 08, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenDomain + 6E 71B53B96 23 Bytes [ 24, 00, 08, 00, 46, 03, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenDomain + 86 71B53BAE 205 Bytes [ CA, 02, 70, 00, 08, 00, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateDomainsInSamServer + 50 71B53C7C 48 Bytes [ 40, 00, 46, 04, 08, 01, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateDomainsInSamServer + 81 71B53CAD 53 Bytes [ 00, 00, 00, 2A, 00, 08, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateDomainsInSamServer + B7 71B53CE3 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateDomainsInSamServer + BA 71B53CE6 1 Byte [ 2A ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateDomainsInSamServer + BC 71B53CE8 1 Byte [ 08 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupNamesInDomain + 20 71B53F2C 10 Bytes [ 0B, 5C, 02, 48, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupNamesInDomain + 2B 71B53F37 19 Bytes [ 00, 01, 00, 00, 00, 40, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupNamesInDomain + 3F 71B53F4B 39 Bytes [ 00, 50, 31, 00, 00, F1, A5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupNamesInDomain + 68 71B53F74 11 Bytes [ C1, 9B, 00, 00, 59, 98, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupNamesInDomain + 74 71B53F80 38 Bytes [ 09, 9A, 00, 00, 61, A5, 00, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenUser + 20 71B540A3 19 Bytes [ 00, 97, 33, 00, 00, AD, 33, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenUser + 34 71B540B7 39 Bytes [ 00, 0C, 34, 00, 00, 21, 34, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenUser + 5D 71B540E0 106 Bytes JMP 03000034
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenUser + C8 71B5414B 36 Bytes [ 00, 60, 37, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationUser + 20 71B54170 5 Bytes [ 10, 00, 11, 00, 12 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationUser + 26 71B54176 3 Bytes [ 13, 00, 14 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationUser + 2A 71B5417A 9 Bytes [ 15, 00, 16, 00, 17, 00, 18, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationUser + 34 71B54184 1 Byte [ 1A ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationUser + 36 71B54186 104 Bytes [ 1B, 00, 1C, 00, 1D, 00, 1E, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetAliasMembership + 17 71B541EF 27 Bytes [ 53, 61, 6D, 41, 64, 64, 4D, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetAliasMembership + 33 71B5420B 161 Bytes [ 6C, 74, 69, 70, 6C, 65, 4D, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetGroupsForUser + 5 71B542AD 256 Bytes [ 72, 65, 61, 74, 65, 47, 72, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRidToSid + 5E 71B543AE 38 Bytes [ 61, 6D, 47, 65, 74, 43, 6F, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRidToSid + 85 71B543D5 159 Bytes [ 6D, 65, 72, 61, 74, 69, 6F, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQuerySecurityObject + 3F 71B54475 166 Bytes [ 53, 61, 6D, 4F, 70, 65, 6E, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQuerySecurityObject + E6 71B5451C 21 Bytes [ 61, 6D, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQuerySecurityObject + FC 71B54532 250 Bytes [ 53, 61, 6D, 52, 65, 6D, 6F, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetCompatibilityMode + B 71B5462D 41 Bytes [ 53, 61, 6D, 53, 65, 74, 53, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetCompatibilityMode + 35 71B54657 95 Bytes [ 53, 61, 6D, 54, 65, 73, 74, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryDisplayInformation + 4B 71B546B7 211 Bytes [ 53, 61, 6D, 69, 43, 68, 61, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryDisplayInformation + 120 71B5478C 22 Bytes [ B3, 01, 83, 65, E0, 00, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupIdsInDomain + 13 71B547A4 31 Bytes [ 4D, E0, 85, C9, 0F, 84, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupIdsInDomain + 33 71B547C4 26 Bytes [ 83, 4D, FC, FF, 84, DB, 74, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupIdsInDomain + 4E 71B547DF 1 Byte [ C2 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupIdsInDomain + 50 71B547E1 25 Bytes [ 00, 90, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamLookupIdsInDomain + 6A 71B547FB 27 Bytes [ 55, 8B, EC, 8B, 45, 10, 53, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationDomain + 3A 71B5490A 50 Bytes [ 33, C0, 8D, 7D, AC, AB, AB, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationDomain + 6D 71B5493D 138 Bytes [ F0, 89, 75, D8, 85, F6, 7C, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationDomain + F8 71B549C8 37 Bytes [ 45, DC, 8B, 4D, E0, 89, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationDomain + 11E 71B549EE 94 Bytes [ 90, 90, FF, FF, FF, FF, 1E, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationDomain + 17D 71B54A4D 2 Bytes [ FF, 55 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamTestPrivateFunctionsDomain + A 71B58E8C 63 Bytes [ 4A, 44, 00, 90, 47, 42, 47, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamTestPrivateFunctionsDomain + 4A 71B58ECC 5 Bytes [ 72, 00, 6F, 00, 6C ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamTestPrivateFunctionsDomain + 50 71B58ED2 29 Bytes [ 53, 00, 65, 00, 74, 00, 5C, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamTestPrivateFunctionsDomain + 70 71B58EF2 19 Bytes [ 90, 90, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamTestPrivateFunctionsDomain + 84 71B58F06 1 Byte [ 20 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser2 + 19 71B590E5 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser2 + 1F 71B590EB 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser2 + 27 71B590F3 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser2 + 2D 71B590F9 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser2 + 35 71B59101 4 Bytes [ 00, 20, 00, 20 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiOemChangePasswordUser2 + 3E 71B59327 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiOemChangePasswordUser2 + 4D 71B59336 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiOemChangePasswordUser2 + 56 71B5933F 23 Bytes [ 00, 00, 00, 00, 00, 04, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiOemChangePasswordUser2 + 6F 71B59358 65 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiOemChangePasswordUser2 + B1 71B5939A 40 Bytes [ 74, 0A, 8D, 45, FC, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetDSRMPassword + 14 71B59635 23 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetDSRMPasswordOWF + E 71B5964D 11 Bytes [ FF, 83, C4, 0C, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetDSRMPasswordOWF + 1B 71B5965A 22 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetSecurityObject + 14 71B59671 2 Bytes [ AB, A8 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetSecurityObject + 18 71B59675 6 Bytes [ 83, C4, 0C, 5D, C2, 0C ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetSecurityObject + 1F 71B5967C 38 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetSecurityObject + 46 71B596A3 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetSecurityObject + 4D 71B596AA 37 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamShutdownSamServer + 65 71B597AE 12 Bytes [ C4, 0C, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamShutdownSamServer + 72 71B597BB 38 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationDomain + 11 71B597E2 27 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationDomain + 2D 71B597FE 74 Bytes [ 5D, C2, 2C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationDomain + 78 71B59849 11 Bytes [ 83, C4, 0C, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationDomain + 84 71B59855 107 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateGroupInDomain + 68 71B598C1 43 Bytes [ 5D, C2, 20, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateGroupInDomain + 96 71B598EF 3 Bytes [ 90, 90, 8B ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateGroupInDomain + 9A 71B598F3 38 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateGroupInDomain + C1 71B5991A 1 Byte [ 55 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateGroupInDomain + C3 71B5991C 21 Bytes [ EC, 8D, 45, 04, 83, C0, 04, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateGroupsInDomain + 75 71B599B6 43 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateGroupsInDomain + A1 71B599E2 1 Byte [ 04 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateGroupsInDomain + A3 71B599E4 74 Bytes [ C0, 04, 50, 68, 3C, 2C, B5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUserInDomain + 27 71B59A30 72 Bytes [ 04, 83, C0, 04, 50, 68, A0, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUserInDomain + 70 71B59A79 32 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUserInDomain + 92 71B59A9B 194 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateUsersInDomain + 6D 71B59B5E 106 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateAliasInDomain + 8 71B59BC9 77 Bytes [ A5, 3B, 00, 00, 8B, F8, 85, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateAliasInDomain + 56 71B59C17 81 Bytes [ F8, 85, FF, 7C, 65, 8D, 9E, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateAliasInDomain + A8 71B59C69 4 Bytes CALL 71B55F95 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateAliasInDomain + AD 71B59C6E 27 Bytes [ FF, 56, 68, 04, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateAliasInDomain + C9 71B59C8A 2 Bytes [ 39, B2 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateAliasesInDomain + 29 71B59CD2 4 Bytes [ 00, 8B, F8, 85 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateAliasesInDomain + 2E 71B59CD7 29 Bytes [ 7C, 6A, 56, 8D, 45, EC, 50, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateAliasesInDomain + 4C 71B59CF5 63 Bytes [ 8B, 73, 04, 2B, F9, 8B, D1, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateAliasesInDomain + 8D 71B59D36 24 Bytes CALL C2B59D39
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamEnumerateAliasesInDomain + A6 71B59D4F 24 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetDisplayEnumerationIndex + 14 71B59D85 18 Bytes [ 00, 00, 85, C0, 7C, 28, 80, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetDisplayEnumerationIndex + 27 71B59D98 5 Bytes [ EC, 39, 00, 00, 85 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetDisplayEnumerationIndex + 2D 71B59D9E 5 Bytes [ 7C, 13, 80, 7D, 18 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetDisplayEnumerationIndex + 33 71B59DA4 51 Bytes CALL C2A1E336
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetDisplayEnumerationIndex + 67 71B59DD8 16 Bytes [ 55, 14, 53, 8B, 5D, 08, 56, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenGroup + 40 71B59E59 31 Bytes [ C0, 85, C9, 7C, 0F, 56, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenGroup + 60 71B59E79 21 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenGroup + 76 71B59E8F 6 Bytes [ 8B, FF, 55, 8B, EC, 83 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenGroup + 7D 71B59E96 2 Bytes [ 1C, 56 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenGroup + 80 71B59E99 18 Bytes [ 75, 08, 0F, B7, 06, 57, 33, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationGroup + 4F 71B59F48 25 Bytes [ FC, 17, 00, 00, C0, EB, 72, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationGroup + 69 71B59F62 123 Bytes [ E1, 03, F3, AA, 0F, B7, 06, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationGroup + E6 71B59FDF 52 Bytes [ 85, DB, 74, 1D, 0F, B7, 0E, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationGroup + 27 71B5A014 39 Bytes [ 7E, 00, 21, 00, 40, 00, 23, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationGroup + 4F 71B5A03C 26 Bytes [ 3B, 00, 22, 00, 27, 00, 3C, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationGroup + 6A 71B5A057 58 Bytes [ 55, 8B, EC, 51, 51, 57, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToGroup + 21 71B5A092 31 Bytes [ 7C, 2D, 66, 8B, 0F, 66, D1, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToGroup + 41 71B5A0B2 28 Bytes [ FC, 01, 74, 0B, F6, 07, 01, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToGroup + 5E 71B5A0CF 20 Bytes CALL 71B53EDC C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToGroup + 73 71B5A0E4 106 Bytes [ 00, C7, 45, A0, 24, 02, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteGroup + 56 71B5A14F 105 Bytes [ 89, 45, E0, 85, C0, 75, 0A, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromGroup + 30 71B5A1B9 72 Bytes CALL 71B593B3 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromGroup + 79 71B5A202 46 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInGroup + 20 71B5A231 19 Bytes CALL 71B5D7FD C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInGroup + 34 71B5A245 48 Bytes [ D4, 81, FE, 21, 07, 00, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInGroup + 65 71B5A276 26 Bytes [ F0, 83, 4D, FC, FF, 8B, 5D, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInGroup + 81 71B5A292 6 Bytes [ 83, 7D, E0, 00, 74, 08 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInGroup + 88 71B5A299 47 Bytes CALL 71B52EBE C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetMemberAttributesOfGroup + 1 71B5A2EA 1 Byte [ 28 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetMemberAttributesOfGroup + 4 71B5A2ED 1 Byte [ 94 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetMemberAttributesOfGroup + 9 71B5A2F2 1 Byte [ 9B ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetMemberAttributesOfGroup + C 71B5A2F5 33 Bytes [ 33, F6, 89, 75, E0, C7, 45, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetMemberAttributesOfGroup + 2E 71B5A317 73 Bytes [ 15, 40, 11, B5, 71, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenAlias + 32 71B5A3A3 28 Bytes [ 75, 0C, FF, 75, 08, FF, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenAlias + 4F 71B5A3C0 127 Bytes [ EB, 4B, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamOpenAlias + CF 71B5A440 33 Bytes [ 02, C0, 75, 07, C7, 45, E4, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationAlias + 11 71B5A462 18 Bytes [ FF, FF, C7, 93, B5, 71, DD, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationAlias + 24 71B5A475 83 Bytes [ EC, 83, EC, 18, A1, 04, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamQueryInformationAlias + 78 71B5A4C9 47 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationAlias + 20 71B5A4F9 129 Bytes [ 85, C0, 75, 0E, 85, C9, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteAlias + 1A 71B5A57B 5 Bytes [ 74, 48, 83, 65, FC ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteAlias + 20 71B5A581 25 Bytes [ 8D, 4D, D4, 51, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteAlias + 3C 71B5A59D 5 Bytes [ 90, 90, 8B, 45, EC ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteAlias + 43 71B5A5A4 12 Bytes [ 8B, 00, 89, 45, C0, 50, E8, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteAlias + 52 71B5A5B3 29 Bytes CALL 71761BB7
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToAlias + F 71B5A600 8 Bytes CALL 71B54EC7 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToAlias + 18 71B5A609 25 Bytes [ FF, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToAlias + 32 71B5A623 27 Bytes [ 55, 8B, EC, 6A, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToAlias + 4E 71B5A63F 10 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMemberToAlias + 59 71B5A64A 8 Bytes [ 75, 0C, FF, 75, 08, E8, 7E, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromAlias + C 71B5A685 2 Bytes [ 89, 7D ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromAlias + F 71B5A688 33 Bytes [ 8D, 45, E4, 50, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromAlias + 31 71B5A6AA 49 Bytes CALL 71B5488E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromAlias + 63 71B5A6DC 3 Bytes [ FF, 75, 0C ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromAlias + 67 71B5A6E0 5 Bytes [ 75, E0, E8, 03, ED ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromForeignDomain + C 71B5A70D 27 Bytes [ 75, DC, FF, 15, 68, 11, B5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromForeignDomain + 28 71B5A729 48 Bytes CALL 71B52E80 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMemberFromForeignDomain + 59 71B5A75A 66 Bytes CALL 71B5477E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInAlias + 14 71B5A79D 110 Bytes [ E0, FF, 15, 68, 11, B5, 71, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamGetMembersInAlias + 85 71B5A80E 61 Bytes [ 90, 90, 8B, 45, EC, 8B, 00, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMultipleMembersToAlias + B 71B5A84C 51 Bytes [ 10, 98, B5, 71, 26, 98, B5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMultipleMembersToAlias + 40 71B5A881 1 Byte [ E0 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMultipleMembersToAlias + 44 71B5A885 1 Byte [ 08 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMultipleMembersToAlias + 46 71B5A887 2 Bytes [ F5, 9E ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamAddMultipleMembersToAlias + 4A 71B5A88B 70 Bytes [ 84, C0, 75, 0A, B8, 08, 00, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 25 71B5A906 10 Bytes [ 7C, 0A, 8B, 45, D8, 8B, 4D, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 30 71B5A911 21 Bytes [ 09, 8D, 45, E4, 50, E8, 52, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 46 71B5A927 2 Bytes [ 55, 85 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 4A 71B5A92B 51 Bytes [ C2, 14, 00, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 7E 71B5A95F 9 Bytes [ 0A, B8, 0D, 00, 00, C0, E9, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteUser + C 71B5A98D 44 Bytes [ 75, 14, 8D, 45, E4, 50, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteUser + 3C 71B5A9BD 15 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteUser + 4C 71B5A9CD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteUser + 52 71B5A9D3 40 Bytes CALL 718E1FD7
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamDeleteUser + 7B 71B5A9FC 54 Bytes [ BE, 99, B5, 71, D4, 99, B5, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationUser 71B5AA82 17 Bytes [ 90, 90, 90, 8B, 45, EC, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationUser + 12 71B5AA94 24 Bytes [ 00, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationUser + 2B 71B5AAAD 40 Bytes [ 85, F6, 7C, 0A, 8B, 45, E0, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationUser + 54 71B5AAD6 61 Bytes [ FF, C2, 14, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamSetInformationUser + 92 71B5AB14 25 Bytes JMP 71B5ABA1 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiLmChangePasswordUser + 8 71B5B045 3 Bytes [ FF, 75, E0 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiLmChangePasswordUser + C 71B5B049 22 Bytes [ 15, 68, 11, B5, 71, 83, 4D, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiLmChangePasswordUser + 23 71B5B060 39 Bytes [ FF, FF, FF, FF, 2C, A0, B5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiLmChangePasswordUser + 4B 71B5B088 39 Bytes [ FF, 84, C0, 75, 07, B8, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiLmChangePasswordUser + 73 71B5B0B0 9 Bytes [ 8B, 45, EC, 8B, 00, 8B, 00, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser + 51 71B5B13A 46 Bytes [ 8B, 00, 89, 45, E0, 50, E8, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser + 81 71B5B16A 9 Bytes CALL 71B52E9F C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser + 8C 71B5B175 23 Bytes [ C2, 04, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser + A4 71B5B18D 8 Bytes CALL 71B53EDD C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangePasswordUser + AE 71B5B197 1 Byte [ E4 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser + 8E 71B5B3AF 115 Bytes [ 00, 00, 8D, 45, E4, 50, 33, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser + 102 71B5B423 13 Bytes [ 09, 8D, 45, E4, 50, E8, 40, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser + 110 71B5B431 17 Bytes CALL 71B52E9E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser + 122 71B5B443 30 Bytes [ FF, EB, A3, B5, 71, 01, A4, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser + 141 71B5B462 32 Bytes CALL 71B5477E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser3 + 2 71B5B9D7 20 Bytes [ 75, E0, FF, 15, 68, 11, B5, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser3 + 17 71B5B9EC 6 Bytes CALL 71B52F6C C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser3 + 1E 71B5B9F3 9 Bytes CALL 71B52EA0 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser3 + 28 71B5B9FD 116 Bytes [ C2, 04, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser3 + 9D 71B5BA72 2 Bytes [ 4A, 74 ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser2 + 26 71B5BAD5 44 Bytes [ FF, 84, C0, 75, 0C, B8, 08, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser2 + 53 71B5BB02 41 Bytes CALL D439CA0A
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser2 + 7D 71B5BB2C 34 Bytes [ A9, 00, 00, 00, 20, 0F, 84, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamChangePasswordUser2 + A0 71B5BB4F 31 Bytes [ FF, C6, 85, A7, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetBootKeyInformation + 18 71B5BB70 70 Bytes [ 10, 74, 0C, C7, 85, A0, FA, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetBootKeyInformation + 5F 71B5BBB7 25 Bytes [ 0D, 00, 00, C0, EB, 16, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiSetBootKeyInformation + 7A 71B5BBD2 25 Bytes [ 00, 80, A5, 5F, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiGetBootKeyInformation + B 71B5BBEC 20 Bytes JMP 71B5BD2E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiGetBootKeyInformation + 20 71B5BC01 6 Bytes [ 74, 12, 66, F7, 83, A8 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiGetBootKeyInformation + 27 71B5BC08 10 Bytes [ 00, 00, 80, 01, 74, 07, C6, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiGetBootKeyInformation + 32 71B5BC13 38 Bytes [ FF, 01, C6, 85, A7, FA, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiGetBootKeyInformation + 59 71B5BC3A 48 Bytes [ FF, 89, 85, 98, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangeKeys + 2 71B5BC6B 37 Bytes [ 89, 85, A0, FA, FF, FF, 80, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangeKeys + 28 71B5BC91 26 Bytes [ 56, FF, B5, 9C, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangeKeys + 43 71B5BCAC 21 Bytes [ B5, 84, FA, FF, FF, 33, C0, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangeKeys + 59 71B5BCC2 18 Bytes [ 74, 6E, 6A, 31, 59, 8B, F3, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiChangeKeys + 6C 71B5BCD5 24 Bytes [ FF, FF, 89, 85, 98, FA, FF, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamConnectWithCreds + 81 71B5BE9A 62 Bytes JMP 71B5BD93 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUser2InDomain + 29 71B5BED9 1 Byte [ FF ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUser2InDomain + 2B 71B5BEDB 28 Bytes JMP 71B5BF77 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUser2InDomain + 48 71B5BEF8 5 Bytes [ FF, 89, 85, A0, FA ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUser2InDomain + 4F 71B5BEFF 43 Bytes [ 83, 65, FC, 00, EB, 3D, 90, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamCreateUser2InDomain + 7C 71B5BF2C 16 Bytes [ FF, 15, 68, 11, B5, 71, 89, ... ]
.text ...
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + 13 71B5C0FD 24 Bytes [ 89, 45, E4, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + 2D 71B5C117 28 Bytes [ FF, 8B, 4D, 20, 89, 8D, 78, ... ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + 4A 71B5C134 11 Bytes JMP 71B5C2FB C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + 56 71B5C140 5 Bytes [ 51, 50, E8, 39, 86 ]
.text C:\WINDOWS\system32\rundll32.exe[192] SAMLIB.dll!SamiEncryptPasswords + 5D 71B5C147 6 Bytes [ 84, C0, 75, 0A, B8, 08 ]
.text ...
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlEnterCriticalSection 7C911000 5 Bytes [ 4D, 5A, 90, 00, 03 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlEnterCriticalSection + 7 7C911007 7 Bytes [ 00, 04, 00, 00, 00, FF, FF ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlEnterCriticalSection + F 7C91100F 18 Bytes [ 00, B8, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlEnterCriticalSection + 24 7C911024 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlEnterCriticalSection + 29 7C911029 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlLeaveCriticalSection 7C9110E0 28 Bytes [ 50, 45, 00, 00, 4C, 01, 04, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlLeaveCriticalSection + 1D 7C9110FD 8 Bytes [ A0, 07, 00, 00, 84, 03, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlLeaveCriticalSection + 28 7C911108 4 Bytes [ 28, 2C, 01, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlLeaveCriticalSection + 2D 7C91110D 1 Byte [ 10 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlLeaveCriticalSection + 30 7C911110 19 Bytes [ 00, 60, 07, 00, 00, 00, 91, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlTryEnterCriticalSection + C 7C911124 1 Byte [ 05 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlTryEnterCriticalSection + E 7C911126 10 Bytes [ 01, 00, 04, 00, 0A, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlTryEnterCriticalSection + 19 7C911131 10 Bytes [ 60, 0B, 00, 00, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlTryEnterCriticalSection + 24 7C91113C 3 Bytes [ 03, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlTryEnterCriticalSection + 2A 7C911142 2 Bytes [ 04, 00 ]
.text ...
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!LdrInitializeThunk 7C911166 14 Bytes [ 00, 00, 00, 00, 08, 00, C4, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!LdrInitializeThunk + F 7C911175 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!LdrInitializeThunk + 2D 7C911193 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlActivateActivationContextUnsafeFast + D 7C9111A5 15 Bytes [ 00, 00, 00, 70, F3, 04, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1E 7C9111B6 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlActivateActivationContextUnsafeFast + 26 7C9111BE 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2D 7C9111C5 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9111CB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C9111EC 6 Bytes [ 00, 04, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C9111F3 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C9111FF 8 Bytes [ 60, 2E, 64, 61, 74, 61, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C911209 20 Bytes [ 4A, 00, 00, 00, B0, 07, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!NtCurrentTeb 7C91121E 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!NtCurrentTeb + 6 7C911224 15 Bytes [ 40, 00, 00, C0, 2E, 72, 73, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitString + F 7C911234 20 Bytes [ 00, 00, 08, 00, 00, 22, 03, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitString + 25 7C91124A 18 Bytes [ 00, 00, 40, 00, 00, 40, 2E, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitAnsiString 7C91125D 11 Bytes [ 30, 0B, 00, 00, 30, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitAnsiString + F 7C91126C 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitAnsiString + 25 7C911282 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitAnsiString + 2C 7C911289 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitUnicodeString 7C911295 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitUnicodeString + F 7C9112A4 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitUnicodeString + 28 7C9112BD 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!RtlInitUnicodeString + 2F 7C9112C4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!_CIsin 7C9112D1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!_CIsin + B 7C9112DC 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!_CIsin + 10 7C9112E1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!sin + 9 7C9112EE 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!sin + 2D 7C911312 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[200] ntdll.dll!sin + 33 7C911318 2 Bytes [ 00, 00 ]
.text

Autres pages sur : probleme virus

10 Février 2009 16:43:56

Quelqun peut Aider ? :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS