virus au secours!!!!!!
Forum Sécurité - Virus : virus au secours!!!!!!
Salut,
voici mon rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:56:46, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ELYES\Bureau\recherche virus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0220Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0220Cvw.dll
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuit [...] plugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
merci
Bonjour,
Quel est ton problème ?
Répondre à Angeldark
Salut,
Je suis mitraillé de pub ca ne s arrete pas dés que j ouvre une page boum des pud de fou
Salut,
personne peut m'aider???
Désolé du retard 
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Répondre à Angeldark
Salut,
j'ai cru qu'on m'avais oublier
GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-03-05 21:31:23
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xF755F0B0]
SSDT sptd.sys ZwEnumerateKey [0xF756484E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7564BEE]
SSDT sptd.sys ZwOpenKey [0xF755F090]
SSDT sptd.sys ZwQueryKey [0xF7564CC6]
SSDT sptd.sys ZwQueryValueKey [0xF7564B46]
SSDT sptd.sys ZwSetValueKey [0xF7564D58]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F6AAF62C 5 Bytes JMP 86D985E0
? System32\Drivers\agle08xa.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0175200E
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01751DAF
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01751CF2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[244] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0175191B
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D7200E
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D71DAF
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D71CF2
.text C:\Program Files\Paltalk Messenger\palstart.exe[304] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D7191B
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[536] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[564] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[580] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A5200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A51DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A51CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A5191B
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehRecvr.exe[656] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehSched.exe[672] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\dllhost.exe[868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[1064] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1532] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0129200E
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01291DAF
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01291CF2
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0129191B
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0D2C200E
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 0D2C1DAF
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 0D2C1CF2
.text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2124] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0D2C191B
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BC200E
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BC1DAF
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BC1CF2
.text C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe[2388] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BC191B
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00DA200E
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00DA1DAF
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00DA1CF2
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[2436] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00DA191B
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00EE200E
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00EE1DAF
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00EE1CF2
.text C:\Documents and Settings\ELYES\Bureau\recherche virus\gmer.exe[2772] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00EE191B
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E6200E
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E61DAF
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E61CF2
.text C:\Program Files\Microsoft Works\wkgdcach.exe[2784] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E6191B
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 02A3200E
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02A31DAF
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02A31CF2
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 02A3191B
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0174200E
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01741DAF
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01741CF2
.text C:\WINDOWS\ehome\ehtray.exe[3000] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0174191B
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0439200E
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 04391DAF
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 04391CF2
.text C:\WINDOWS\RTHDCPL.EXE[3020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0439191B
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\AGRSMMSG.exe[3084] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\eHome\ehmsas.exe[3092] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0110200E
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01101DAF
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01101CF2
.text C:\Program Files\Microsoft Works\WksWP.exe[3144] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0110191B
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0141200E
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01411DAF
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01411CF2
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3160] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0141191B
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00F5200E
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00F51DAF
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00F51CF2
.text C:\WINDOWS\system32\TPSMain.exe[3168] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00F5191B
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 011B200E
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 011B1DAF
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 011B1CF2
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3180] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 011B191B
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00DF200E
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00DF1DAF
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00DF1CF2
.text C:\Program Files\TOSHIBA\Tvs\TvsTray.exe[3192] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00DF191B
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00EE200E
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00EE1DAF
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00EE1CF2
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[3200] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00EE191B
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D1200E
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D11DAF
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D11CF2
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D1191B
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 010D200E
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 010D1DAF
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 010D1CF2
.text C:\Program Files\Microsoft Works\WkDStore.exe[3232] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 010D191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0173200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01731DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01731CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3260] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0173191B
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\system32\TPSBattM.exe[3268] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E5200E
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E51DAF
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E51CF2
.text C:\Program Files\DAEMON Tools\daemon.exe[3452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E5191B
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BF200E
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BF1DAF
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BF1CF2
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[3476] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BF191B
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0157200E
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01571DAF
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01571CF2
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0157191B
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00C6200E
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00C61DAF
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00C61CF2
.text C:\WINDOWS\V0220Mon.exe[3640] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00C6191B
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00C9200E
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00C91DAF
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00C91CF2
.text C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe[3668] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00C9191B
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[3744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00D1200E
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00D11DAF
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00D11CF2
.text C:\WINDOWS\system32\rundll32.exe[3836] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00D1191B
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E1200E
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E11DAF
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E11CF2
.text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E1191B
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[3908] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 033B200E
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 033B1DAF
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 033B1CF2
.text C:\Program Files\BitTorrent\bittorrent.exe[3948] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 033B191B
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Free Download Manager\FUM\fumoei.exe[3980] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0289200E
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02891DAF
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02891CF2
.text C:\documents and settings\elyes\local settings\application data\cafheaxow.exe[3988] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0289191B
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0133200E
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01331DAF
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01331CF2
.text C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe[4024] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0133191B
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E0200E
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E01DAF
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E01CF2
.text C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe[4044] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E0191B
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7573480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F757342C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F758DAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7573480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F755FABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F755FC00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F755FB82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F756072E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7560604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7572A9A] sptd.sys
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 86FCF1D8
AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)
Device \FileSystem\Udfs \UdfsCdRom 86C30980
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 86C30980
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 86D3E980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmConfig 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmPnP 86F5E1D8
Device \Driver\dmio \Device\DmControl\DmInfo 86F5E1D8
Device \Driver\usbuhci \Device\USBPDO-1 86D3E980
Device \Driver\usbuhci \Device\USBPDO-2 86D3E980
Device \Driver\usbuhci \Device\USBPDO-3 86D3E980
Device \Driver\usbehci \Device\USBPDO-4 86D88440
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\00000056 \Device\00000056 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5550DE2E-EE54-4A97-814C-2106DCFA2490} 86A231D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86FD01D8
Device \Driver\atapi \Device\Ide\IdePort0 86FD01D8
Device \Driver\atapi \Device\Ide\IdePort1 86FD01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86FD01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A231D8
Device \Driver\NetBT \Device\NetbiosSmb 86A231D8
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86D3E980
Device \Driver\usbuhci \Device\USBFDO-1 86D3E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BCC980
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-2 86D3E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BCC980
Device \Driver\usbuhci \Device\USBFDO-3 86D3E980
Device \Driver\usbehci \Device\USBFDO-4 86D88440
Device \Driver\Ftdisk \Device\FtControl 86FD11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{60323B07-6005-4F0C-9406-EAC51FD748D1} 86A231D8
Device \Driver\agle08xa \Device\Scsi\agle08xa1 86CDB980
Device \Driver\agle08xa \Device\Scsi\agle08xa1Port2Path0Target0Lun0 86CDB980
Device \FileSystem\Cdfs \Cdfs 86AA54D0
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.14 ----
Process C:\documents and settings\elyes\local settings\application data\cafheaxow.exe (*** hidden *** ) 3988
Library C:\documents and settings\elyes\local settings\application data\cafheaxow.exe (*** hidden *** ) @ C:\documents and settings\elyes\local settings\ap
Il y a 1053 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
