suite probleme d'ouverture de fenetres!!!!!!

Le
chris
bonjour
j'ai ce log sur F Secure blacklight:
03/17/07 21:20:31 [Info]: BlackLight Engine 1.0.55 initialized
03/17/07 21:20:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/17/07 21:20:33 [Note]: 7019 4
03/17/07 21:20:33 [Note]: 7005 0
03/17/07 21:20:38 [Note]: 7006 0
03/17/07 21:20:38 [Note]: 7011 1136
03/17/07 21:20:39 [Note]: 7026 0
03/17/07 21:20:39 [Note]: 7026 0
03/17/07 21:20:39 [Note]: 7024 3
03/17/07 21:20:39 [Info]: Hidden process: C:windowssystem32mqobnaliyj.exe
03/17/07 21:20:47 [Note]: FSRAW library version 1.7.1021
03/17/07 21:22:49 [Info]: Hidden file: c:WINDOWSsystem32mqobnaliyj.dat
03/17/07 21:22:49 [Note]: 10002 1
03/17/07 21:22:50 [Info]: Hidden file: C:windowssystem32mqobnaliyj.exe
03/17/07 21:22:50 [Note]: 10002 1
03/17/07 21:22:50 [Info]: Hidden file:
c:WINDOWSsystem32mqobnaliyj_nav.dat
03/17/07 21:22:50 [Note]: 10002 1
03/17/07 21:22:51 [Info]: Hidden file:
c:WINDOWSsystem32mqobnaliyj_navps.dat
03/17/07 21:22:51 [Note]: 10002 1
03/17/07 21:25:13 [Note]: 7007 0


Les fichiers incriminés sont ils a supprimer manuellement?


Cordialement

Chris
Vidéos High-Tech et Jeu Vidéo
Téléchargements
Vos réponses
Gagnez chaque mois un abonnement Premium avec GNT : Inscrivez-vous !
Trier par : date / pertinence
f11bfv
Le #785724
hello,

as-tu fait ça?

Message-ID:

"chris" uNd$
bonjour
j'ai ce log sur F Secure blacklight:
03/17/07 21:20:31 [Info]: BlackLight Engine 1.0.55 initialized
03/17/07 21:20:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/17/07 21:20:33 [Note]: 7019 4
03/17/07 21:20:33 [Note]: 7005 0
03/17/07 21:20:38 [Note]: 7006 0
03/17/07 21:20:38 [Note]: 7011 1136
03/17/07 21:20:39 [Note]: 7026 0
03/17/07 21:20:39 [Note]: 7026 0
03/17/07 21:20:39 [Note]: 7024 3
03/17/07 21:20:39 [Info]: Hidden process:
C:windowssystem32mqobnaliyj.exe
03/17/07 21:20:47 [Note]: FSRAW library version 1.7.1021
03/17/07 21:22:49 [Info]: Hidden file: c:WINDOWSsystem32mqobnaliyj.dat
03/17/07 21:22:49 [Note]: 10002 1
03/17/07 21:22:50 [Info]: Hidden file: C:windowssystem32mqobnaliyj.exe
03/17/07 21:22:50 [Note]: 10002 1
03/17/07 21:22:50 [Info]: Hidden file:
c:WINDOWSsystem32mqobnaliyj_nav.dat
03/17/07 21:22:50 [Note]: 10002 1
03/17/07 21:22:51 [Info]: Hidden file:
c:WINDOWSsystem32mqobnaliyj_navps.dat
03/17/07 21:22:51 [Note]: 10002 1
03/17/07 21:25:13 [Note]: 7007 0


Les fichiers incriminés sont ils a supprimer manuellement?


Cordialement

Chris




j
Le #785723
Bon Dimanche à tous !

"chris" a écrit dans le message
news:uNd$

bonjour
j'ai ce log sur F Secure blacklight:
03/17/07 21:20:31 [Info]: BlackLight Engine 1.0.55 initialized
03/17/07 21:20:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
....[..]

Les fichiers incriminés sont ils a supprimer manuellement?


Non ....

Voici qq liens qui te démontrent la complexité du nettoyage pour ces saletés
de dernière génération --»

http://assiste.forum.free.fr/viewtopic.php?p–655&sidl02fc3e1092bd63d2014f364f01996a

http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/failles_de_securite/rootkits_detectes_par_fsecure_blacklight_-405230/messages-1.html

**Aussi je te propose d'essayer GMER qui, plus facile, réussit bien --»

http://www.toocharger.com/fiches/logiciels/gmer/17532.htm

cf résolu --»

http://groups.google.com/groups?threadm=uxwqieznhha.780%40tk2msftngp03.phx.gbl

et dis-ns :o)

--
« De la discussion, jaillit la lumière.. »
Cdlt@+ à tous
http://assiste.com.free.fr/la_manip.html

j
Le #785722
re'

"f11bfv" a écrit dans le message
news:45fcde63$0$25937$

hello,
as-tu fait ça?

Message-ID:

Je te conseille d'utiliser l'excellent vbs de l'ami MVP JFrançois pour
transmettre un lien vers le fil d'un NG ou vers un post en particulier --»

http://fspsa.free.fr/GRAM.html

Bon Dimanche !

--
« De la discussion , jaillit la lumière ...»
Cdlt@+
[ "une" MVP Windows- Shell /User ]
http://mvp.support.microsoft.com/mvpintro

chris
Le #742301
bonjour
je ne sais pas quoi faire après le scan, j'ai copié le texte complet.
GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-20 21:59:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT SystemRootSystem32vsdatant.sys
ZwConnectPort
SSDT SystemRootSystem32vsdatant.sys
ZwCreateFile
SSDT SystemRootSystem32vsdatant.sys
ZwCreateKey
SSDT SystemRootSystem32vsdatant.sys
ZwCreatePort
SSDT SystemRootSystem32vsdatant.sys
ZwCreateProcess
SSDT SystemRootSystem32vsdatant.sys
ZwCreateProcessEx
SSDT SystemRootSystem32vsdatant.sys
ZwCreateSection
SSDT 82125109
ZwCreateThread
SSDT SystemRootSystem32vsdatant.sys
ZwCreateWaitablePort
SSDT SystemRootSystem32vsdatant.sys
ZwDeleteFile
SSDT SystemRootSystem32vsdatant.sys
ZwDeleteKey
SSDT SystemRootSystem32vsdatant.sys
ZwDeleteValueKey
SSDT SystemRootSystem32vsdatant.sys
ZwDuplicateObject
SSDT SystemRootSystem32vsdatant.sys
ZwLoadKey
SSDT SystemRootSystem32vsdatant.sys
ZwOpenFile
SSDT SystemRootSystem32vsdatant.sys
ZwOpenProcess
SSDT SystemRootSystem32vsdatant.sys
ZwOpenThread
SSDT SystemRootSystem32vsdatant.sys
ZwReplaceKey
SSDT SystemRootSystem32vsdatant.sys
ZwRequestWaitReplyPort
SSDT SystemRootSystem32vsdatant.sys
ZwRestoreKey
SSDT SystemRootSystem32vsdatant.sys
ZwSecureConnectPort
SSDT SystemRootSystem32vsdatant.sys
ZwSetInformationFile
SSDT SystemRootSystem32vsdatant.sys
ZwSetValueKey
SSDT SystemRootSystem32vsdatant.sys
ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E4
805012B4 12 Bytes [ 60, 6C, 5A, F3, E0, CE, 5A, ... ]
? srescan.sys
Le fichier spécifié est introuvable.
.text ntkrnlpa.exe!ZwYieldExecution + 28BC
805012B4 12 Bytes [ 60, 6C, 5A, F3, E0, CE, 5A, ... ]

---- User code sections - GMER 1.0.12 ----

.text C:WINDOWSSOUNDMAN.EXE[228] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSSOUNDMAN.EXE[228] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSSOUNDMAN.EXE[228] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSSOUNDMAN.EXE[228] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32LVCOMSX.EXE[240] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0122200E
.text C:WINDOWSsystem32LVCOMSX.EXE[240] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 01221DAF
.text C:WINDOWSsystem32LVCOMSX.EXE[240] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 01221CF2
.text C:WINDOWSsystem32LVCOMSX.EXE[240]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0122191B
.text C:Program FilesLogitechVideoLogiTray.exe[352]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0445200E
.text C:Program FilesLogitechVideoLogiTray.exe[352]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 04451DAF
.text C:Program FilesLogitechVideoLogiTray.exe[352]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 04451CF2
.text C:Program FilesLogitechVideoLogiTray.exe[352]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0445191B
.text C:Program FilesJavajre1.5.0_10binjusched.exe[360]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesJavajre1.5.0_10binjusched.exe[360]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesJavajre1.5.0_10binjusched.exe[360]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesJavajre1.5.0_10binjusched.exe[360]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesNetwork AssociatesVirusScanshstat.exe[396]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesNetwork AssociatesVirusScanshstat.exe[396]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesNetwork AssociatesVirusScanshstat.exe[396]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesNetwork AssociatesVirusScanshstat.exe[396]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesNetwork AssociatesCommon
FrameworkUpdaterUI.exe[420] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesNetwork AssociatesCommon
FrameworkUpdaterUI.exe[420] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesNetwork AssociatesCommon
FrameworkUpdaterUI.exe[420] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesNetwork AssociatesCommon
FrameworkUpdaterUI.exe[420] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesFichiers communsNetwork
AssociatesTalkBackTBMon.exe[444] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesFichiers communsNetwork
AssociatesTalkBackTBMon.exe[444] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesFichiers communsNetwork
AssociatesTalkBackTBMon.exe[444] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesFichiers communsNetwork
AssociatesTalkBackTBMon.exe[444] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesQuickTimeqttask.exe[484] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesQuickTimeqttask.exe[484]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesQuickTimeqttask.exe[484]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesQuickTimeqttask.exe[484]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32mqobnaliyj.exe[532] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0281200E
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 02811DAF
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 02811CF2
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0281191B
.text C:WINDOWSsystem32csrss.exe[548] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32csrss.exe[548] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32csrss.exe[548] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32csrss.exe[548]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32services.exe[616] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32services.exe[616] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32services.exe[616]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32services.exe[616]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32services.exe[616] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32lsass.exe[628] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32ctfmon.exe[740] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32ctfmon.exe[740] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32ctfmon.exe[740] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32ctfmon.exe[740]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[776] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32svchost.exe[776] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32svchost.exe[776] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32svchost.exe[776]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[776] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[832] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32svchost.exe[896] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32svchost.exe[896] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32svchost.exe[896]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[896] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[948] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32svchost.exe[956] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32svchost.exe[956] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32svchost.exe[956]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[956] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1024] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesOutlook Expressmsimn.exe[1044]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesOutlook Expressmsimn.exe[1044]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesOutlook Expressmsimn.exe[1044]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesOutlook Expressmsimn.exe[1044]
WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesLogitechDesktop
Messenger8876480ProgramLogitechDesktopMessenger.exe[1100]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0399200E
.text C:Program FilesLogitechDesktop
Messenger8876480ProgramLogitechDesktopMessenger.exe[1100]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 03991DAF
.text C:Program FilesLogitechDesktop
Messenger8876480ProgramLogitechDesktopMessenger.exe[1100]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 03991CF2
.text C:Program FilesLogitechDesktop
Messenger8876480ProgramLogitechDesktopMessenger.exe[1100]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0399191B
.text C:WINDOWSsystem32spoolsv.exe[1220] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32spoolsv.exe[1220] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32spoolsv.exe[1220]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32spoolsv.exe[1220]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSexplorer.exe[1468] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 00D3200E
.text C:WINDOWSexplorer.exe[1468] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 00D31DAF
.text C:WINDOWSexplorer.exe[1468] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 00D31CF2
.text C:WINDOWSexplorer.exe[1468] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 00D3191B
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSexplorer.exe[1468] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program Filesewido anti-spyware 4.0guard.exe[1620]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 007E200E
.text C:Program Filesewido anti-spyware 4.0guard.exe[1620]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 007E1DAF
.text C:Program Filesewido anti-spyware 4.0guard.exe[1620]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 007E1CF2
.text C:Program Filesewido anti-spyware 4.0guard.exe[1620]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 007E191B
.text C:WINDOWSsystem32svchost.exe[1660] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32svchost.exe[1660] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32svchost.exe[1660]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32svchost.exe[1660]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[1660] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WININET.dll!InternetReadFile
016FABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WININET.dll!InternetOpenA
016FC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesCommon
FrameworkFrameworkService.exe[1700] WININET.dll!InternetOpenUrlA
017006CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesVirusScanMcshield.exe[1796]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:Program FilesNetwork AssociatesVirusScanMcshield.exe[1796]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:Program FilesNetwork AssociatesVirusScanMcshield.exe[1796]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:Program FilesNetwork AssociatesVirusScanMcshield.exe[1796]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesLogitechVideoFxSvr2.exe[1808]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0136200E
.text C:Program FilesLogitechVideoFxSvr2.exe[1808]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 01361DAF
.text C:Program FilesLogitechVideoFxSvr2.exe[1808]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 01361CF2
.text C:Program FilesLogitechVideoFxSvr2.exe[1808]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0136191B
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
WININET.dll!InternetReadFile
00E6ABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
WININET.dll!InternetOpenA
00E6C859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1NETWOR~1COMMON~1naPrdMgr.exe[1844]
WININET.dll!InternetOpenUrlA
00E706CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe[1856]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0073200E
.text C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe[1856]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 00731DAF
.text C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe[1856]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 00731CF2
.text C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe[1856]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0073191B
.text C:WINDOWSsystem32nvsvc32.exe[1928] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32nvsvc32.exe[1928] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32nvsvc32.exe[1928]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32nvsvc32.exe[1928]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:Program FilesPhoenix Technologies
LtdRecoverPro_XPvbptask.exe[1960] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 014B200E
.text C:Program FilesPhoenix Technologies
LtdRecoverPro_XPvbptask.exe[1960] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 014B1DAF
.text C:Program FilesPhoenix Technologies
LtdRecoverPro_XPvbptask.exe[1960] ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 014B1CF2
.text C:Program FilesPhoenix Technologies
LtdRecoverPro_XPvbptask.exe[1960] ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 014B191B
.text C:WINDOWSsystem32svchost.exe[2112] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 1000200E
.text C:WINDOWSsystem32svchost.exe[2112] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 10001DAF
.text C:WINDOWSsystem32svchost.exe[2112]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 10001CF2
.text C:WINDOWSsystem32svchost.exe[2112]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!ReadFile
7C80180E 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!VirtualProtectEx
7C801A5D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!VirtualProtect
7C801AD0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!LoadLibraryA
7C801D77 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!GetStartupInfoA
7C801EEE 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!GetProcAddress
7C80ADA0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!WriteFile
7C810D87 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!CreatePipe
7C81E0C7 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!PeekNamedPipe
7C85F90F 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] kernel32.dll!WinExec
7C86136D 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] ADVAPI32.dll!RegOpenKeyA
77DCC41B 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WS2_32.dll!select
719F2DC0 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WS2_32.dll!socket
719F3B91 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WS2_32.dll!bind
719F3E00 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WS2_32.dll!send
719F428A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WS2_32.dll!recv
719F615A 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WININET.dll!InternetReadFile
771CABAC 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WININET.dll!InternetOpenA
771CC859 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:WINDOWSsystem32svchost.exe[2112] WININET.dll!InternetOpenUrlA
771D06CD 5 Bytes CALL 37001160 C:WINDOWSsystem32EntApi.dll
.text C:PROGRA~1WinZipWINZIP32.EXE[2544] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0193200E
.text C:PROGRA~1WinZipWINZIP32.EXE[2544] ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 01931DAF
.text C:PROGRA~1WinZipWINZIP32.EXE[2544]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 01931CF2
.text C:PROGRA~1WinZipWINZIP32.EXE[2544]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 0193191B
.text C:DOCUME~1ChrisLOCALS~1Tempgmer.exe[2600]
ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 00DC200E
.text C:DOCUME~1ChrisLOCALS~1Tempgmer.exe[2600]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 00DC1DAF
.text C:DOCUME~1ChrisLOCALS~1Tempgmer.exe[2600]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 00DC1CF2
.text C:DOCUME~1ChrisLOCALS~1Tempgmer.exe[2600]
ntdll.dll!NtQuerySystemInformation
7C91E1AA 5 Bytes JMP 00DC191B

---- Devices - GMER 1.0.12 ----

Device DriverTcpip DeviceIp IRP_MJ_CREATE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIp IRP_MJ_CLOSE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIp IRP_MJ_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIp IRP_MJ_INTERNAL_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIp IRP_MJ_CLEANUP
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceTcp IRP_MJ_CREATE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceTcp IRP_MJ_CLOSE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceTcp IRP_MJ_CLEANUP
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceUdp IRP_MJ_CREATE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceUdp IRP_MJ_CLOSE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceUdp IRP_MJ_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceUdp IRP_MJ_INTERNAL_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceUdp IRP_MJ_CLEANUP
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceRawIp IRP_MJ_CREATE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceRawIp IRP_MJ_CLOSE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceRawIp IRP_MJ_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceRawIp IRP_MJ_INTERNAL_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceRawIp IRP_MJ_CLEANUP
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIPMULTICAST IRP_MJ_CREATE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIPMULTICAST IRP_MJ_CLOSE
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIPMULTICAST IRP_MJ_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL
[F35B82A0] vsdatant.sys
Device DriverTcpip DeviceIPMULTICAST IRP_MJ_CLEANUP
[F35B82A0] vsdatant.sys

---- Processes - GMER 1.0.12 ----

Process C:WINDOWSsystem32mqobnaliyj.exe (*** hidden *** )
532

---- Registry - GMER 1.0.12 ----

Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj
Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj

---- Files - GMER 1.0.12 ----

ADS C:Documents and SettingskristoufLocal SettingsApplication
@hotmail.frDFSRStagingCS{128DA191-68E3-FDF3-9FAD-68AA326136DF}113-{128DA191-68E3-FDF3-9FAD-68AA326136DF}-v1-{3BD041B1-5A9E-4960-A0AD-16E187F13F06}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:Documents and SettingskristoufLocal SettingsApplication
@hotmail.frDFSRStagingCS{43AD5616-55DB-1AC3-7CA5-A3980746BB88}111-{43AD5616-55DB-1AC3-7CA5-A3980746BB88}-v1-{3BD041B1-5A9E-4960-A0AD-16E187F13F06}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:Documents and SettingskristoufLocal SettingsApplication
@hotmail.comDFSRStagingCS{414AEEC4-7056-9AA5-F3A1-5389A98C5394}110-{414AEEC4-7056-9AA5-F3A1-5389A98C5394}-v1-{3BD041B1-5A9E-4960-A0AD-16E187F13F06}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:Documents and SettingskristoufMes documentsMes imagesMes
photos LogitechPhotos et
vidéoschoukette:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:Documents and SettingskristoufMes documentsMes imagesMes
photos LogitechPhotos et
vidéoschoukette2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
File C:WINDOWSPrefetchMQOBNALIYJ.EXE-304B2516.pf
File C:WINDOWSsystem32mqobnaliyj.dat
File C:WINDOWSsystem32mqobnaliyj.exe
File C:WINDOWSsystem32mqobnaliyj_nav.dat
File C:WINDOWSsystem32mqobnaliyj_navps.dat

---- EOF - GMER 1.0.12 ----

Cordialement

Chris
----- Original Message -----
From: "" Newsgroups: microsoft.public.fr.securite
Sent: Sunday, March 18, 2007 9:23 AM
Subject: Re: suite probleme d'ouverture de fenetres!!!!!!



Bon Dimanche à tous !

"chris" a écrit dans le message
news:uNd$

bonjour
j'ai ce log sur F Secure blacklight:
03/17/07 21:20:31 [Info]: BlackLight Engine 1.0.55 initialized
03/17/07 21:20:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
....[..]

Les fichiers incriminés sont ils a supprimer manuellement?


Non ....

Voici qq liens qui te démontrent la complexité du nettoyage pour ces
saletés de dernière génération --»

http://assiste.forum.free.fr/viewtopic.php?p–655&sidl02fc3e1092bd63d2014f364f01996a

http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/failles_de_securite/rootkits_detectes_par_fsecure_blacklight_-405230/messages-1.html

**Aussi je te propose d'essayer GMER qui, plus facile, réussit bien --»

http://www.toocharger.com/fiches/logiciels/gmer/17532.htm

cf résolu --»

http://groups.google.com/groups?threadm=uxwqieznhha.780%40tk2msftngp03.phx.gbl

et dis-ns :o)

--
j
Le #742298
re'

"chris" a écrit dans le message
news:

bonjour
je ne sais pas quoi faire après le scan, j'ai copié le texte complet.


C'est simple --» ce rapport te montre où se trouvent ces fichus fichiers
...

donc ds chq paragraphe, tu les repères et ensuite tu vas les supprimer là où
ils sont !

Vite fait, j'en ai trouvé / trié 11 :
2 ds le Registre + 9 autres


******Cherche / sur l'onglet Processus / ces 9 *****

* Exemple :
File C:WINDOWSsystem32mqobnaliyj.exe


Surligne la puis clic / Kill process ( à droite ) etc etc pour les 9



---- User code sections - GMER 1.0.12 ----
............ couic ................................
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32mqobnaliyj.exe[532] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0281200E
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 02811DAF
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 02811CF2
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQuerySystemInformation



---- Files - GMER 1.0.12 ----

File C:WINDOWSPrefetchMQOBNALIYJ.EXE-304B2516.pf
File C:WINDOWSsystem32mqobnaliyj.dat
File C:WINDOWSsystem32mqobnaliyj.exe
File C:WINDOWSsystem32mqobnaliyj_nav.dat
File C:WINDOWSsystem32mqobnaliyj_navps.dat




*****Dans le Registre ********

sont sur l'onglet Autostart
ou ds Démarrer --» Executer --» tape regedit --» clic/ok

--» les 2 lignes à supprimer d'un clic droit sont là --»
ds HKLMSOFTWAREMicrosoft......

---- Registry - GMER 1.0.12 ----

Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj
Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj




***Fais TRES ATTENTION de bien vérifier la ligne que tu surlignes avant de
la supprimer ****

****Ne fais pas cela énervé ou à chaud ... faut être zen ... *****

= il n'y a pas d'urgence .. cool ... cool ... ok ?

*** Ensuite, il faudra redémarrer et refaire un autre ( ou + si besoin )
scan Gmer pour vérifier que tu as bien tout enlevé --»

prends ton temps ...
il faut de la patience et cela t'évitera une crise de formatite aiguë ;-)


NB /après il y aura une autre p'tite vérif' à faire ..ET

** je ne te dis pas de supprimer la Restauration système
aucazoù tu ferais une fausse manoeuvre ...
Ensuite *on* verra cela .. **

dis-ns :o)
--
« De la discussion, jaillit la lumière.. »
Cdlt@+ à tous
http://assiste.com.free.fr/la_manip.html

chris
Le #742297
bonsoir
Merci pour tout, j'ai seulement effacé la ligne en rouge (kill ) et tout est
bon , plus de fenetre ,pas trouvé les fichiers dans regedit et un nx scan
avec Gmer ou enfin plus de ligne rookit en rouge.

Cordialement

Chris
"" uzwD4X%
re'

"chris" a écrit dans le message
news:

bonjour
je ne sais pas quoi faire après le scan, j'ai copié le texte complet.


C'est simple --» ce rapport te montre où se trouvent ces fichus fichiers
...

donc ds chq paragraphe, tu les repères et ensuite tu vas les supprimer là

ils sont !

Vite fait, j'en ai trouvé / trié 11 :
2 ds le Registre + 9 autres


******Cherche / sur l'onglet Processus / ces 9 *****

* Exemple :
File C:WINDOWSsystem32mqobnaliyj.exe


Surligne la puis clic / Kill process ( à droite ) etc etc pour les 9



---- User code sections - GMER 1.0.12 ----
............ couic ................................
7C91E1AA 5 Bytes JMP 1000191B
.text C:WINDOWSsystem32mqobnaliyj.exe[532] ntdll.dll!NtEnumerateKey
7C91D94C 5 Bytes JMP 0281200E
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtEnumerateValueKey
7C91D976 5 Bytes JMP 02811DAF
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQueryDirectoryFile
7C91DF5E 5 Bytes JMP 02811CF2
.text C:WINDOWSsystem32mqobnaliyj.exe[532]
ntdll.dll!NtQuerySystemInformation



---- Files - GMER 1.0.12 ----

File C:WINDOWSPrefetchMQOBNALIYJ.EXE-304B2516.pf
File C:WINDOWSsystem32mqobnaliyj.dat
File C:WINDOWSsystem32mqobnaliyj.exe
File C:WINDOWSsystem32mqobnaliyj_nav.dat
File C:WINDOWSsystem32mqobnaliyj_navps.dat




*****Dans le Registre ********

sont sur l'onglet Autostart
ou ds Démarrer --» Executer --» tape regedit --» clic/ok

--» les 2 lignes à supprimer d'un clic droit sont là --»
ds HKLMSOFTWAREMicrosoft......

---- Registry - GMER 1.0.12 ----

Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj
Reg

c:windowssystem32mqobnaliyj.exe mqobnaliyj




***Fais TRES ATTENTION de bien vérifier la ligne que tu surlignes avant de
la supprimer ****

****Ne fais pas cela énervé ou à chaud ... faut être zen ... *****

= il n'y a pas d'urgence .. cool ... cool ... ok ?

*** Ensuite, il faudra redémarrer et refaire un autre ( ou + si besoin )
scan Gmer pour vérifier que tu as bien tout enlevé --»

prends ton temps ...
il faut de la patience et cela t'évitera une crise de formatite aiguë ;-)


NB /après il y aura une autre p'tite vérif' à faire ..ET

** je ne te dis pas de supprimer la Restauration système
aucazoù tu ferais une fausse manoeuvre ...
Ensuite *on* verra cela .. **

dis-ns :o)
--
« De la discussion, jaillit la lumière.. »
Cdlt@+ à tous
http://assiste.com.free.fr/la_manip.html




j
Le #742067
re'

"chris" a écrit dans le message
news:O2Q8kK$

bonsoir
Merci pour tout, j'ai seulement effacé la ligne en rouge (kill ) et tout
est bon , plus de fenetre ,pas trouvé les fichiers dans regedit et un nx
scan avec Gmer ou enfin plus de ligne rookit en rouge.


C'est parfait ...

et Merci du retour qui servira à d'autres :o)

Si demain, tout est encore ok --»

désactive ta restauration système pdt une minute !

--
« De la discussion , jaillit la lumière ...»
Cdlt@+
[ "une" MVP Windows- Shell /User ]
http://mvp.support.microsoft.com/mvpintro

Publicité
Poster une réponse
Anonyme