Votre question

virus au secours!!!!!!

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Février 2008 09:59:15

Salut,

voici mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 09:56:46, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ELYES\Bureau\recherche virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0220Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0220Cvw.dll
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

merci

Autres pages sur : virus secours

a b 8 Sécurité
23 Février 2008 13:05:11

Bonjour,

Quel est ton problème ?
23 Février 2008 21:53:06

Salut,

Je suis mitraillé de pub ca ne s arrete pas dés que j ouvre une page boum des pud de fou
Contenus similaires
28 Février 2008 21:14:35

Salut,
personne peut m'aider???
a b 8 Sécurité
1 Mars 2008 18:33:36

Désolé du retard :/ 

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
5 Mars 2008 21:36:16

Salut,

j'ai cru qu'on m'avais oublier

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-03-05 21:31:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF755F0B0]
SSDT sptd.sys ZwEnumerateKey [0xF756484E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7564BEE]
SSDT sptd.sys ZwOpenKey [0xF755F090]
SSDT sptd.sys ZwQueryKey [0xF7564CC6]
SSDT sptd.sys ZwQueryValueKey [0xF7564B46]
SSDT sptd.sys ZwSetValueKey [0xF7564D58]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F6AAF62C 5 Bytes JMP 86D985E0
? System32\Drivers\agle08xa.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0175200E
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01751DAF
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01751CF2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0175191B
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D7200E
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D71DAF
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D71CF2
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D7191B
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A5200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A51DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A51CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A5191B
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0129200E
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01291DAF
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01291CF2
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0129191B
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0D2C200E
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 0D2C1DAF
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 0D2C1CF2
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0D2C191B
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BC200E
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BC1DAF
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BC1CF2
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BC191B
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00DA200E
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00DA1DAF
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00DA1CF2
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00DA191B
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00EE200E
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00EE1DAF
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00EE1CF2
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00EE191B
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E6200E
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E61DAF
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E61CF2
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E6191B
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 02A3200E
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02A31DAF
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02A31CF2
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 02A3191B
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0174200E
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01741DAF
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01741CF2
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0174191B
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0439200E
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 04391DAF
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 04391CF2
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0439191B
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0110200E
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01101DAF
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01101CF2
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0110191B
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0141200E
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01411DAF
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01411CF2
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0141191B
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00F5200E
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00F51DAF
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00F51CF2
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00F5191B
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 011B200E
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 011B1DAF
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 011B1CF2
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 011B191B
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00DF200E
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00DF1DAF
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00DF1CF2
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00DF191B
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00EE200E
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00EE1DAF
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00EE1CF2
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00EE191B
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D1200E
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D11DAF
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D11CF2
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D1191B
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 010D200E
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 010D1DAF
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 010D1CF2
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 010D191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0173200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01731DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01731CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0173191B
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E5200E
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E51DAF
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E51CF2
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E5191B
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BF200E
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BF1DAF
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BF1CF2
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BF191B
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0157200E
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01571DAF
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01571CF2
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0157191B
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00C6200E
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00C61DAF
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00C61CF2
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00C6191B
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00C9200E
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00C91DAF
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00C91CF2
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00C9191B
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D1200E
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D11DAF
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D11CF2
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D1191B
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 033B200E
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 033B1DAF
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 033B1CF2
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 033B191B
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0289200E
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02891DAF
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02891CF2
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0289191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0133200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01331DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01331CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0133191B
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E0200E
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E01DAF
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E01CF2
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E0191B

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7573480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F757342C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F758DAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7573480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F755FABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F755FC00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F755FB82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F756072E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7560604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7572A9A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86FCF1D8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Udfs \UdfsCdRom 86C30980
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 86C30980
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 86D3E980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmConfig 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmPnP 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmInfo 86F5E1D8
Device \Driver\usbuhci \Device\USBPDO-1 86D3E980
Device \Driver\usbuhci \Device\USBPDO-2 86D3E980
Device \Driver\usbuhci \Device\USBPDO-3 86D3E980
Device \Driver\usbehci \Device\USBPDO-4 86D88440
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\00000056 \Device\00000056 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5550DE2E-EE54-4A97-814C-2106DCFA2490} 86A231D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86FD01D8
Device \Driver\atapi \Device\Ide\IdePort0 86FD01D8
Device \Driver\atapi \Device\Ide\IdePort1 86FD01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86FD01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A231D8
Device \Driver\NetBT \Device\NetbiosSmb 86A231D8
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86D3E980
Device \Driver\usbuhci \Device\USBFDO-1 86D3E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BCC980
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-2 86D3E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BCC980
Device \Driver\usbuhci \Device\USBFDO-3 86D3E980
Device \Driver\usbehci \Device\USBFDO-4 86D88440
Device \Driver\Ftdisk \Device\FtControl 86FD11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{60323B07-6005-4F0C-9406-EAC51FD748D1} 86A231D8
Device \Driver\agle08xa \Device\Scsi\agle08xa1 86CDB980
Device \Driver\agle08xa \Device\Scsi\agle08xa1Port2Path0Target0Lun0 86CDB980
Device \FileSystem\Cdfs \Cdfs 86AA54D0
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Processes - GMER 1.0.14 ----

Process C:\documents and settings\elyes\local settings\application data\cafheaxow.exe (*** hidden *** ) 3988
Library C:\documents and settings\elyes\local settings\application data\cafheaxow.exe (*** hidden *** ) @ C:\documents and settings\elyes\local settings\ap
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS