A voir également:
- Infection IP détéctée par malwarebytes !!!!!!
- Clé usb non détectée - Guide
- Ethernet n'a pas de configuration ip valide - Guide
- Télécharger malwarebytes - Télécharger - Antivirus & Antimalwares
- Télévision ip - Accueil - Streaming
- Comment connaître son adresse ip - Guide
17 réponses
malwarebytes me fait un message en bas comme quoi jais une infection Ip exemple 266.128.23.2, jais fait un scan avec mon antivirus avira et il n'a rien trouvé!!!
je suis infecté? aidez moi svp...
jais lus ca aussi qui a le même cas que moi ===> https://forums.commentcamarche.net/forum/affich-13785830-message-repetitif-infection-detecte
je suis infecté? aidez moi svp...
jais lus ca aussi qui a le même cas que moi ===> https://forums.commentcamarche.net/forum/affich-13785830-message-repetitif-infection-detecte
Utilisateur anonyme
19 août 2009 à 14:33
19 août 2009 à 14:33
Alors fais un hijackthis et signaler ce message au modérateur car moi jsui pa un PRO ^^
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
19 août 2009 à 14:35
19 août 2009 à 14:35
salut
demarrer / executer
tape regedit
puis entrée
ensuite , touche F3 et tape :
lredbooo
et ok puis supprime tout ce que tu trouveras sous ce nom
demarrer / executer
tape regedit
puis entrée
ensuite , touche F3 et tape :
lredbooo
et ok puis supprime tout ce que tu trouveras sous ce nom
Utilisateur anonyme
19 août 2009 à 14:40
19 août 2009 à 14:40
ah bon ben moi j ai supprimé ca et ca a marché
▶ Télécharge ZHPDiag (de Nicolas Coolman)
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Télécharge ZHPDiag (de Nicolas Coolman)
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Utilisateur anonyme
19 août 2009 à 14:54
19 août 2009 à 14:54
Télécharge SysProt (De Swatkat) sur ton bureau :
> ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !
> ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !
> Double clique sur SysProt.exe afin de le lancer.
> Clique sur l'onglet "log"
> Coche toutes les cases présentes dans l'encadré "Write to log" .
> Puis clique sur le bouton en bas à droite [Create Log] .
> Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)
> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .
> Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"
===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.
> ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !
> ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !
> Double clique sur SysProt.exe afin de le lancer.
> Clique sur l'onglet "log"
> Coche toutes les cases présentes dans l'encadré "Write to log" .
> Puis clique sur le bouton en bas à droite [Create Log] .
> Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)
> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .
> Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"
===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 488
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 580
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 612
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 672
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 692
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 876
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 932
Hidden: No
Window Visible: No
Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PID: 1000
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1032
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1276
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1512
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1560
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1596
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1612
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1716
Hidden: No
Window Visible: No
Name: C:\Program Files\Vista Drive Icon\DrvIcon.exe
PID: 2016
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2024
Hidden: No
Window Visible: No
Name: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PID: 832
Hidden: No
Window Visible: No
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 1452
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 2012
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2364
Hidden: No
Window Visible: No
Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2280
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 824
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2692
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Wolf\Mes documents\Téléchargements\SysProt.exe
PID: 2072
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Wolf\Mes documents\Téléchargements\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: ED907000
Module End: ED912000
Hidden: No
Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EDF00
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7996000
Module End: F7998000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78A6000
Module End: F78A9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7446000
Module End: F7475000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7998000
Module End: F799A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7435000
Module End: F7446000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7496000
Module End: F74A0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A5E000
Module End: F7A5F000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7716000
Module End: F771D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F799A000
Module End: F799C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74A6000
Module End: F74B1000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7416000
Module End: F7435000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F799C000
Module End: F799E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F73F0000
Module End: F7416000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F771E000
Module End: F7723000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74B6000
Module End: F74C4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73D8000
Module End: F73F0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74C6000
Module End: F74CF000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74D6000
Module End: F74E3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F73B8000
Module End: F73D8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F73A6000
Module End: F73B8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F738F000
Module End: F73A6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7302000
Module End: F738F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\inspect.sys
Service Name: Inspect
Module Base: F72EE000
Module End: F7302000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\NDIS.SYS
Service Name: NDIS
Module Base: F72C1000
Module End: F72EE000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7726000
Module End: F772B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F72A7000
Module End: F72C1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7536000
Module End: F7540000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F7248000
Module End: F725F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7234000
Module End: F7248000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F776E000
Module End: F7774000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7210000
Module End: F7234000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7776000
Module End: F777E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Service Name: rtl8139
Module Base: F7546000
Module End: F7552000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7556000
Module End: F7564000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F777E000
Module End: F7784000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7786000
Module End: F778D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7566000
Module End: F7576000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7576000
Module End: F7585000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F71ED000
Module End: F7210000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7586000
Module End: F7591000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\cmuda.sys
Service Name: cmuda
Module Base: F7126000
Module End: F71ED000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F7102000
Module End: F7126000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7596000
Module End: F75A5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F70DA000
Module End: F70EB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F7952000
Module End: F7956000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F70C6000
Module End: F70DA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: F7956000
Module End: F7959000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7ACB000
Module End: F7ACC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F75A6000
Module End: F75B3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F795A000
Module End: F795D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F7087000
Module End: F709E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F75B6000
Module End: F75C1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F75C6000
Module End: F75D2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F7076000
Module End: F7087000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F75D6000
Module End: F75DF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7796000
Module End: F779B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F779E000
Module End: F77A3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F7046000
Module End: F7076000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75E6000
Module End: F75F0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79A4000
Module End: F79A6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6FE8000
Module End: F7046000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7972000
Module End: F7976000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ialmkchw.sys
Service Name: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
Module Base: EEF54000
Module End: EEF68000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ialmsbw.sys
Service Name: {6080A529-897E-4629-A488-ABA0C29B635E}
Module Base: EEF38000
Module End: EEF54000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7606000
Module End: F7610000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7616000
Module End: F7625000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79A6000
Module End: F79A8000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: EEE51000
Module End: EEE70000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Service Name: SNPSTD3
Module Base: EE604000
Module End: EEE51000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: F7646000
Module End: F7653000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79AA000
Module End: F79AC000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7A78000
Module End: F7A79000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79AC000
Module End: F79AE000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77C6000
Module End: F77CC000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79AE000
Module End: F79B0000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79B0000
Module End: F79B2000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77CE000
Module End: F77D3000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77D6000
Module End: F77DE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F726B000
Module End: F726E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE5D1000
Module End: EE5E4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE578000
Module End: EE5D1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Service Name: cmdHlp
Module Base: F77DE000
Module End: F77E3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE528000
Module End: EE550000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE506000
Module End: EE528000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7656000
Module End: F765F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F77E6000
Module End: F77EC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE4DB000
Module End: EE506000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE46B000
Module End: EE4DB000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7666000
Module End: F7671000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: EE44F000
Module End: EE46B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE429000
Module End: EE44F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7686000
Module End: F768F000
Hidden: No
Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F79B4000
Module End: F79B6000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76A6000
Module End: F76B6000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE3E9000
Module End: EE401000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79BC000
Module End: F79BE000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EEE88000
Module End: EEE8B000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F77EE000
Module End: F77F3000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B7A000
Module End: F7B7B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: EE2BD000
Module End: EE2D1000
Hidden: No
Module Name: \??\C:\WINDOWS\system32\drivers\mbam.sys
Service Name: MBAMProtector
Module Base: EE331000
Module End: EE335000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EE295000
Module End: EE299000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EDF48000
Module End: EDF75000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EDEE3000
Module End: EDEF8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EE225000
Module End: EE234000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F79FC000
Module End: F79FE000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: ED896000
Module End: ED8D7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: ED77C000
Module End: ED7CE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: ED47C000
Module End: ED485000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: ED044000
Module End: ED06F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F778E000
Module End: F7795000
Hidden: No
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: EEE55F68
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwConnectPort
Address: EEE55472
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateFile
Address: EEE55B0C
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateKey
Address: F7A87F9E
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreatePort
Address: EEE55150
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSection
Address: EEE571F0
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSymbolicLinkObject
Address: EEE574C8
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateThread
Address: F7A87F94
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteKey
Address: F7A87FA3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteValueKey
Address: F7A87FAD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDuplicateObject
Address: EEE54A78
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwLoadDriver
Address: EEE56E72
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwLoadKey
Address: F7A87FB2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwMakeTemporaryObject
Address: EEE556F6
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenFile
Address: EEE55D50
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenProcess
Address: F7A87F80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenSection
Address: EEE55986
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenThread
Address: F7A87F85
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRenameKey
Address: EEE568AA
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwReplaceKey
Address: F7A87FBC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRequestWaitReplyPort
Address: EEE5526E
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwRestoreKey
Address: F7A87FB7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSecureConnectPort
Address: EEE56C0E
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSetSystemInformation
Address: EEE57020
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSetValueKey
Address: F7A87FA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwShutdownSystem
Address: EEE55690
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSystemDebugControl
Address: EEE5587A
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwTerminateProcess
Address: F7A87F8F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwTerminateThread
Address: EEE54EE8
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: 497150674B70456:3135
Remote Address: LOCALHOST:3134
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3134
Remote Address: LOCALHOST:3135
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3131
Remote Address: LOCALHOST:3130
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3130
Remote Address: LOCALHOST:3131
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:1102
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: 497150674B70456:31038
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
State: LISTENING
Local Address: 497150674B70456:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: 497150674B70456:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: 497150674B70456:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: 497150674B70456:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: 497150674B70456:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: 497150674B70456:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: 497150674B70456:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: D:\System Volume Information\tracking.log
Status: Access denied
Object: D:\System Volume Information\_restore{F0AB68E5-95FA-4510-B85B-679861309D79}
Status: Access denied
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{F0AB68E5-95FA-4510-B85B-679861309D79}
Status: Access denied
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 488
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 580
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 612
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 672
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 692
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 876
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 932
Hidden: No
Window Visible: No
Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PID: 1000
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1032
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1276
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1512
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1560
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1596
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1612
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1716
Hidden: No
Window Visible: No
Name: C:\Program Files\Vista Drive Icon\DrvIcon.exe
PID: 2016
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2024
Hidden: No
Window Visible: No
Name: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PID: 832
Hidden: No
Window Visible: No
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 1452
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 2012
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2364
Hidden: No
Window Visible: No
Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2280
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 824
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2692
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Wolf\Mes documents\Téléchargements\SysProt.exe
PID: 2072
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Wolf\Mes documents\Téléchargements\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: ED907000
Module End: ED912000
Hidden: No
Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EDF00
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7996000
Module End: F7998000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78A6000
Module End: F78A9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7446000
Module End: F7475000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7998000
Module End: F799A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7435000
Module End: F7446000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7496000
Module End: F74A0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A5E000
Module End: F7A5F000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7716000
Module End: F771D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F799A000
Module End: F799C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74A6000
Module End: F74B1000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7416000
Module End: F7435000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F799C000
Module End: F799E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F73F0000
Module End: F7416000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F771E000
Module End: F7723000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74B6000
Module End: F74C4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73D8000
Module End: F73F0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74C6000
Module End: F74CF000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74D6000
Module End: F74E3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F73B8000
Module End: F73D8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F73A6000
Module End: F73B8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F738F000
Module End: F73A6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7302000
Module End: F738F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\inspect.sys
Service Name: Inspect
Module Base: F72EE000
Module End: F7302000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\NDIS.SYS
Service Name: NDIS
Module Base: F72C1000
Module End: F72EE000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7726000
Module End: F772B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F72A7000
Module End: F72C1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7536000
Module End: F7540000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F7248000
Module End: F725F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7234000
Module End: F7248000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F776E000
Module End: F7774000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7210000
Module End: F7234000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7776000
Module End: F777E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Service Name: rtl8139
Module Base: F7546000
Module End: F7552000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7556000
Module End: F7564000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F777E000
Module End: F7784000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7786000
Module End: F778D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7566000
Module End: F7576000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7576000
Module End: F7585000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F71ED000
Module End: F7210000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7586000
Module End: F7591000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\cmuda.sys
Service Name: cmuda
Module Base: F7126000
Module End: F71ED000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F7102000
Module End: F7126000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7596000
Module End: F75A5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F70DA000
Module End: F70EB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F7952000
Module End: F7956000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F70C6000
Module End: F70DA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: F7956000
Module End: F7959000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7ACB000
Module End: F7ACC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F75A6000
Module End: F75B3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F795A000
Module End: F795D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F7087000
Module End: F709E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F75B6000
Module End: F75C1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F75C6000
Module End: F75D2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F7076000
Module End: F7087000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F75D6000
Module End: F75DF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7796000
Module End: F779B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F779E000
Module End: F77A3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F7046000
Module End: F7076000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75E6000
Module End: F75F0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79A4000
Module End: F79A6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6FE8000
Module End: F7046000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7972000
Module End: F7976000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ialmkchw.sys
Service Name: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
Module Base: EEF54000
Module End: EEF68000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ialmsbw.sys
Service Name: {6080A529-897E-4629-A488-ABA0C29B635E}
Module Base: EEF38000
Module End: EEF54000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7606000
Module End: F7610000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7616000
Module End: F7625000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79A6000
Module End: F79A8000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: EEE51000
Module End: EEE70000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Service Name: SNPSTD3
Module Base: EE604000
Module End: EEE51000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: F7646000
Module End: F7653000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79AA000
Module End: F79AC000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7A78000
Module End: F7A79000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79AC000
Module End: F79AE000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77C6000
Module End: F77CC000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79AE000
Module End: F79B0000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79B0000
Module End: F79B2000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77CE000
Module End: F77D3000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77D6000
Module End: F77DE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F726B000
Module End: F726E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE5D1000
Module End: EE5E4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE578000
Module End: EE5D1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Service Name: cmdHlp
Module Base: F77DE000
Module End: F77E3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE528000
Module End: EE550000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE506000
Module End: EE528000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7656000
Module End: F765F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F77E6000
Module End: F77EC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE4DB000
Module End: EE506000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE46B000
Module End: EE4DB000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7666000
Module End: F7671000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: EE44F000
Module End: EE46B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE429000
Module End: EE44F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7686000
Module End: F768F000
Hidden: No
Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F79B4000
Module End: F79B6000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76A6000
Module End: F76B6000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE3E9000
Module End: EE401000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79BC000
Module End: F79BE000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EEE88000
Module End: EEE8B000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F77EE000
Module End: F77F3000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B7A000
Module End: F7B7B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: EE2BD000
Module End: EE2D1000
Hidden: No
Module Name: \??\C:\WINDOWS\system32\drivers\mbam.sys
Service Name: MBAMProtector
Module Base: EE331000
Module End: EE335000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EE295000
Module End: EE299000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EDF48000
Module End: EDF75000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EDEE3000
Module End: EDEF8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EE225000
Module End: EE234000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F79FC000
Module End: F79FE000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: ED896000
Module End: ED8D7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: ED77C000
Module End: ED7CE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: ED47C000
Module End: ED485000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: ED044000
Module End: ED06F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F778E000
Module End: F7795000
Hidden: No
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: EEE55F68
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwConnectPort
Address: EEE55472
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateFile
Address: EEE55B0C
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateKey
Address: F7A87F9E
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreatePort
Address: EEE55150
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSection
Address: EEE571F0
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateSymbolicLinkObject
Address: EEE574C8
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwCreateThread
Address: F7A87F94
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteKey
Address: F7A87FA3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteValueKey
Address: F7A87FAD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDuplicateObject
Address: EEE54A78
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwLoadDriver
Address: EEE56E72
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwLoadKey
Address: F7A87FB2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwMakeTemporaryObject
Address: EEE556F6
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenFile
Address: EEE55D50
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenProcess
Address: F7A87F80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenSection
Address: EEE55986
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwOpenThread
Address: F7A87F85
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRenameKey
Address: EEE568AA
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwReplaceKey
Address: F7A87FBC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRequestWaitReplyPort
Address: EEE5526E
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwRestoreKey
Address: F7A87FB7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSecureConnectPort
Address: EEE56C0E
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSetSystemInformation
Address: EEE57020
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSetValueKey
Address: F7A87FA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwShutdownSystem
Address: EEE55690
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwSystemDebugControl
Address: EEE5587A
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
Function Name: ZwTerminateProcess
Address: F7A87F8F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwTerminateThread
Address: EEE54EE8
Driver Base: EEE51000
Driver End: EEE70000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: 497150674B70456:3135
Remote Address: LOCALHOST:3134
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3134
Remote Address: LOCALHOST:3135
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3131
Remote Address: LOCALHOST:3130
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:3130
Remote Address: LOCALHOST:3131
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: 497150674B70456:1102
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: 497150674B70456:31038
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
State: LISTENING
Local Address: 497150674B70456:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: 497150674B70456:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: 497150674B70456:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: 497150674B70456:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: 497150674B70456:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: 497150674B70456:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: 497150674B70456:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: D:\System Volume Information\tracking.log
Status: Access denied
Object: D:\System Volume Information\_restore{F0AB68E5-95FA-4510-B85B-679861309D79}
Status: Access denied
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{F0AB68E5-95FA-4510-B85B-679861309D79}
Status: Access denied