Tentatives d'intrusion sur mon PC depuis une récente infection [Résolu
Dernière réponse : dans Sécurité
Bonjour à tous,
Je sollicite votre aide car j'ai été infecté ce matin après avoir ouvert malencontreusement un exécutable qui s'est avéré être un malware.
Avast! s'en est rendu compte une fois le fichier lancé et a bloqué le programme que j'ai envoyé directement à la corbeille.
J'ai réalisé 2 scans avec Avast! (le premier ayant détecté des erreurs, le second plus une seule) et un coup de Spybot (on ne sait jamais, j'ai trouvé 2 fichiers troyens de surcroit).
Le comportement de mon pc a changé après cela : nouvelle fenêtre pour éteindre le pc, demande de mot de passe au démarrage en l'absence de mot de passe et de case d'écran d'accueil cochée et surtout... tentative d'intrusion répétée dès que j'ouvre Firefox. Avast! me bloque une entrée vers "jl.chura.pl/rc/".
Découvrant cela, je redémarre mon PC en mode sans échec, refait un scan avec Avast! qui trouve de nouveau des virus.
Que faire ?
Voici un rapport HijackThis. Merci d'avance de votre aide précieuse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:52, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD0027B-BA15-473F-A711-14444B61C887}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
--
End of file - 12385 bytes
Je sollicite votre aide car j'ai été infecté ce matin après avoir ouvert malencontreusement un exécutable qui s'est avéré être un malware.
Avast! s'en est rendu compte une fois le fichier lancé et a bloqué le programme que j'ai envoyé directement à la corbeille.
J'ai réalisé 2 scans avec Avast! (le premier ayant détecté des erreurs, le second plus une seule) et un coup de Spybot (on ne sait jamais, j'ai trouvé 2 fichiers troyens de surcroit).
Le comportement de mon pc a changé après cela : nouvelle fenêtre pour éteindre le pc, demande de mot de passe au démarrage en l'absence de mot de passe et de case d'écran d'accueil cochée et surtout... tentative d'intrusion répétée dès que j'ouvre Firefox. Avast! me bloque une entrée vers "jl.chura.pl/rc/".
Découvrant cela, je redémarre mon PC en mode sans échec, refait un scan avec Avast! qui trouve de nouveau des virus.
Que faire ?
Voici un rapport HijackThis. Merci d'avance de votre aide précieuse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:52, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD0027B-BA15-473F-A711-14444B61C887}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{2418AA0B-6B07-4D60-93A6-02595EDB3E68}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
--
End of file - 12385 bytes
Autres pages sur : tentatives intrusion recente infection resolu
Lassé par la pub ? Créez un compte
Bonjour,
Apparemment ok.
Télécharge Gmer. (Przemyslaw Gmerek)
Dézippe-le dans un dossier dédié ou sur ton Bureau.
Déconnecte toi d'Internet puis ferme tous les programmes.
Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet Rootkit.
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
Apparemment ok.
Télécharge Gmer. (Przemyslaw Gmerek)
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Voilà le scan.
GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-11 20:02:49
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
INT 0x62 ? 86B65BF8
INT 0x73 ? 860F6BF8
INT 0x74 ? 860F6BF8
INT 0x84 ? 860F6BF8
INT 0xA4 ? 86BD4BF8
INT 0xB4 ? 860F6BF8
---- Kernel code sections - GMER 1.0.15 ----
? spcu.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F66908AC 5 Bytes JMP 860F61D8
.text aru0a74l.SYS F64EC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aru0a74l.SYS F64EC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aru0a74l.SYS F64EC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aru0a74l.SYS F64EC3C9 1 Byte [2E]
.text aru0a74l.SYS F64EC3CB 9 Bytes [00, 00, 5A, 02, 00, 00, 00, ...] {ADD [EAX], AL; POP EDX; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF83FD0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF8405F
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF8406C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF84055
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF840AD
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73FF040] spcu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73FF13C] spcu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73FF0BE] spcu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73FF7FC] spcu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73FF6D2] spcu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F740F048] spcu.sys
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86BD31F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 8592C378
AttachedDevice \Driver\Tcpip \Device\Ip lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 860F31F8
Device \Driver\usbuhci \Device\USBPDO-1 860F31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86BD51F8
Device \Driver\dmio \Device\DmControl\DmConfig 86BD51F8
Device \Driver\dmio \Device\DmControl\DmPnP 86BD51F8
Device \Driver\dmio \Device\DmControl\DmInfo 86BD51F8
Device \Driver\usbuhci \Device\USBPDO-2 860F31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2418AA0B-6B07-4D60-93A6-02595EDB3E68} 858AD500
Device \Driver\usbuhci \Device\USBPDO-3 860F31F8
Device \Driver\usbehci \Device\USBPDO-4 85FDA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C17A5AF9-7947-4AF4-A3F2-5EDFF6739FED} 858AD500
AttachedDevice \Driver\Tcpip \Device\Tcp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86B661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86B661F8
Device \Driver\Cdrom \Device\CdRom0 860391F8
Device \Driver\Cdrom \Device\CdRom1 860391F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86B661F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858AD500
Device \Driver\NetBT \Device\NetbiosSmb 858AD500
Device \Driver\PCI_PNP2350 \Device\0000005c spcu.sys
AttachedDevice \Driver\Tcpip \Device\Udp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 860F31F8
Device \Driver\sptd \Device\3923771100 spcu.sys
Device \Driver\sptd \Device\3923771100 spcu.sys
Device \Driver\usbuhci \Device\USBFDO-1 860F31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8595C500
Device \Driver\usbuhci \Device\USBFDO-2 860F31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8595C500
Device \Driver\usbuhci \Device\USBFDO-3 860F31F8
Device \Driver\usbehci \Device\USBFDO-4 85FDA1F8
Device \Driver\Ftdisk \Device\FtControl 86B661F8
Device \Driver\aru0a74l \Device\Scsi\aru0a74l1 860361F8
Device \Driver\aru0a74l \Device\Scsi\aru0a74l1Port2Path0Target0Lun0 860361F8
Device \FileSystem\Fastfat \Fat 8592C378
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 85C62500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-11 20:02:49
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
INT 0x62 ? 86B65BF8
INT 0x73 ? 860F6BF8
INT 0x74 ? 860F6BF8
INT 0x84 ? 860F6BF8
INT 0xA4 ? 86BD4BF8
INT 0xB4 ? 860F6BF8
---- Kernel code sections - GMER 1.0.15 ----
? spcu.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F66908AC 5 Bytes JMP 860F61D8
.text aru0a74l.SYS F64EC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aru0a74l.SYS F64EC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aru0a74l.SYS F64EC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aru0a74l.SYS F64EC3C9 1 Byte [2E]
.text aru0a74l.SYS F64EC3CB 9 Bytes [00, 00, 5A, 02, 00, 00, 00, ...] {ADD [EAX], AL; POP EDX; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF83FD0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF8405F
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF8406C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF84055
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF840AD
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Wireless LAN Utility\SiWake.exe[696] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\spoolsv.exe[772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\msdtc.exe[868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehRecvr.exe[956] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehSched.exe[972] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Documents and Settings\Vincent\Bureau\Nouveau dossier (2)\gmer.exe[1112] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1184] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Java\jre6\bin\jqs.exe[1252] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\winlogon.exe[1412] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\services.exe[1456] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\lsass.exe[1468] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\ehome\mcrdsvc.exe[1864] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1984] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\mqsvc.exe[2116] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2212] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2284] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[2332] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\Pen_Tablet.exe[2568] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\ehome\ehtray.exe[2612] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2640] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\hkcmd.exe[2700] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2716] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\igfxpers.exe[2736] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2772] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\HP\QuickPlay\QPService.exe[2812] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FF93FD0
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FF9405F
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FF9406C
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FF94055
.text C:\WINDOWS\system32\dllhost.exe[2880] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FF940AD
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2896] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\eHome\ehmsas.exe[3316] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3360] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Java\jre6\bin\jusched.exe[3372] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3692] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3792] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\system32\mqtgsvc.exe[3868] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateFile 7C91D090 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcess 7C91D130 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtCreateProcessEx 7C91D140 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtOpenFile 7C91D580 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3920] ntdll.dll!NtQueryInformationProcess 7C91D7E0 5 Bytes CALL 7FFA40AD
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73FF040] spcu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73FF13C] spcu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73FF0BE] spcu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73FF7FC] spcu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73FF6D2] spcu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F740F048] spcu.sys
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\aru0a74l.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1456] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86BD31F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 8592C378
AttachedDevice \Driver\Tcpip \Device\Ip lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 860F31F8
Device \Driver\usbuhci \Device\USBPDO-1 860F31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86BD51F8
Device \Driver\dmio \Device\DmControl\DmConfig 86BD51F8
Device \Driver\dmio \Device\DmControl\DmPnP 86BD51F8
Device \Driver\dmio \Device\DmControl\DmInfo 86BD51F8
Device \Driver\usbuhci \Device\USBPDO-2 860F31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2418AA0B-6B07-4D60-93A6-02595EDB3E68} 858AD500
Device \Driver\usbuhci \Device\USBPDO-3 860F31F8
Device \Driver\usbehci \Device\USBPDO-4 85FDA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C17A5AF9-7947-4AF4-A3F2-5EDFF6739FED} 858AD500
AttachedDevice \Driver\Tcpip \Device\Tcp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86B661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86B661F8
Device \Driver\Cdrom \Device\CdRom0 860391F8
Device \Driver\Cdrom \Device\CdRom1 860391F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86B661F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858AD500
Device \Driver\NetBT \Device\NetbiosSmb 858AD500
Device \Driver\PCI_PNP2350 \Device\0000005c spcu.sys
AttachedDevice \Driver\Tcpip \Device\Udp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp lnsfw1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 860F31F8
Device \Driver\sptd \Device\3923771100 spcu.sys
Device \Driver\sptd \Device\3923771100 spcu.sys
Device \Driver\usbuhci \Device\USBFDO-1 860F31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8595C500
Device \Driver\usbuhci \Device\USBFDO-2 860F31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8595C500
Device \Driver\usbuhci \Device\USBFDO-3 860F31F8
Device \Driver\usbehci \Device\USBFDO-4 85FDA1F8
Device \Driver\Ftdisk \Device\FtControl 86B661F8
Device \Driver\aru0a74l \Device\Scsi\aru0a74l1 860361F8
Device \Driver\aru0a74l \Device\Scsi\aru0a74l1Port2Path0Target0Lun0 860361F8
Device \FileSystem\Fastfat \Fat 8592C378
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 85C62500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x6A 0xAF 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC5 0x5D 0xDF 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0xAD 0x8A 0x28 ...
---- EOF - GMER 1.0.15 ----
Euh dans ce cas j'ai un gros gros soucis alors parce que dès que je fais quelque chose Avast! me le bloque, empêche des fichiers de s'éxecuter, sous Firefox continue de bloquer un accès à "jl.chura.pl/rc/" (alors que je ne fais rien du tout pour y accéder).
Dois-je faire une grosse sauvegarde et réinstaller Windows ?
Dois-je faire une grosse sauvegarde et réinstaller Windows ?
j ai le même pb avec un exe que je n' aurais jamais du charger (...), et qui fait ramer mon IE; il essaye de pointer vers jl.chura.pl/rc , et ca fait beugguer IE...à l aide!!!
ci après rapport gmer; merci !!!! :
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\SearchIndexer.exe[792] kernel32.dll!WriteFile 7C810D87 7 Bytes JMP 00D31B19 C:\WINNT\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\Explorer.EXE[3160] Explorer.EXE 0101A8EB 4 Bytes [FF, 15, 1C, 11]
.text C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is writeable [0x01001000, 0x44AD9, 0xE0000060]
.reloc C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE2000040]
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtOpenFile
ci après rapport gmer; merci !!!! :
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\VirusScan\vstskmgr.exe[164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[184] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[236] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[348] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[452] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[652] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\Pen_Tablet.exe[664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\RCSERV.EXE[700] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\UPHClean\uphclean.exe[732] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\SearchIndexer.exe[792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\SearchIndexer.exe[792] kernel32.dll!WriteFile 7C810D87 7 Bytes JMP 00D31B19 C:\WINNT\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\winlogon.exe[932] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\services.exe[976] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\lsass.exe[992] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\WINNT\system32\svchost.exe[1164] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1212] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1392] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1424] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\Common Framework\McTray.exe[1512] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\spoolsv.exe[1664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\SCardSvr.exe[1712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\e-buro.exe[1756] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[1816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\eTSrv.exe[1872] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text c:\tivoli\itm\FTIM.EXE[1904] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1944] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[1956] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe[1996] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF93FD0
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9405F
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF9406C
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94055
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2028] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF940AD
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\LVCOMSX.EXE[2144] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Logitech\Video\LogiTray.exe[2192] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\reader_s.exe[2216] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Progra~1\PrintScreen\PrintScreen.exe[2228] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\System32\svchost.exe[2232] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\ctfmon.exe[2448] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\PrintScreen\PrintScreen.exe[2460] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2492] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2556] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2688] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Citrix\ICA Client\ssonsvr.exe[2772] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Documents and Settings\avmi6292\reader_s.exe[2792] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2908] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\gcc.exe[3156] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\Explorer.EXE[3160] Explorer.EXE 0101A8EB 4 Bytes [FF, 15, 1C, 11]
.text C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is writeable [0x01001000, 0x44AD9, 0xE0000060]
.reloc C:\WINNT\Explorer.EXE[3160] C:\WINNT\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE2000040]
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\Explorer.EXE[3160] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\WTablet\Pen_TabletUser.exe[3536] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\Pen_Tablet.exe[3608] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\wscntfy.exe[3628] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\quickres.exe[3676] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\hkcmd.exe[3692] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\igfxpers.exe[3704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\stsystra.exe[3712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Dell\QuickSet\quickset.exe[3752] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\e-buroUI.exe[3760] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\svchost.exe[3768] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3776] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[3784] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\rundll32.exe[3836] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\eTCrtMng.exe[3852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\igfxsrvc.exe[3876] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\WINNT\system32\SearchProtocolHost.exe[5624] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4055
.text C:\Program Files\Logitech\Video\FxSvr2.exe[8716] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA40AD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA3FD0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA405F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA406C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[8876] ntdll.dll!NtOpenFile
Chacun son sujet merci !
Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (qui sera affiché)
ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.
ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)
Lassé par la pub ? Créez un compte
- Contenus similaires :
