Sujet Précédent Sujet Suivant

Virus boot.mbroot

Kevdu66pls -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Donc je vous présente mon problème : depuis quelques temps un virus s'est introduit sur mon ordinateur ( Un boot.mebroot d'aprés symantec ) car il n'y à que lui qui le trouve et sur n'importe quel fichier scanné, ceci est apparament un trojan trés difficile a supprimer et se situe dans la MBR mais bon j'ai pas vraiment envi de reparer l'ordinateur avec un fixmbr de peur de bloquer le démarrage.

De plus il m'est impossible d'installer certaines applications comme adobe reader à un moment de l'installation, il m'est impossible de lancer un anti-virus même si j'arrive à annalyser le pc avec antivir et faire des mises à jour (Bizard non ?), de plus je n'ai plus d'iconne sur certains fichiers, par exemple avec les extentions .doc alors que lorsque je clique dessus le fichier word se lance ou des .pdf mais là normal il me demande avec quel logiciel l'ouvrir mais vu que je n'arrive pas à installer adobe reader il m'est impossible de l'ouvrir.

Avez vous une solution à ce problème ? J'ai déja pu essayer bcp de solutions proposées sur le net mais sans succés.

Cordialement

Windows XP

PS: Voulez vous que je poste un rapport HijackThis ?
A voir également:

14 réponses

Réponse 1 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

c'est quoi le pc?

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
0
Réponse 2 / 14
Kevdu66pls
 
Merci de ta réponse.

Alors malheuresement je ne peux te donner plus de caracteristiques sur le pc étant donné que c'est le pc de mon tuteur de stage, à part que c'est un netbook.

Donc pour l'analyse ZHP je ne peux pas maintenant, je peux juste te poser un rapport HijackThis car j'ai fait un log de celui çi avant de partir sur cle usb.
0
Réponse 3 / 14
Kevdu66pls
 
UP
0
Réponse 4 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le mais hijackthis ne montrera pas l'infection ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Kevdu66pls
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:15, on 31/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OfferBox\OfferBox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\SOLICIEL\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ems6.net/r/?E=XTC-DY3X-R3902-DD-J8YD8-41A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad2.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad2.dll
O2 - BHO: Barre d'outils ALOT Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad2.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Barre d'outils ALOT - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.91/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
0
Réponse 6 / 14
Kevdu66pls
 
Up, une idée ?
0
Réponse 7 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faudrait un rapport ZHPDIAG

sinon tu as norton antivirus et antivir? il n'en faut qu'un sinon le pc va planter

tu as offerbox alors lance un rapport de nettoyage avec ad remover pour le virer
http://www.teamxscript.org/adremover.html

sinon ton infection en détail:
https://www.commentcamarche.net/faq/25171-infection-sinowal-mebroot-rootkit-mbr-bootkit
0
Réponse 8 / 14
Kevdu66pls
 
Ne tinquiete pas car comme je t'es dit aucun virus n'est activé, impossible de les lancer, seul l'annalyse et la MAJ reste possible.

Et je te remerci je vais suivre la methode a suivre sur CCM demain et je te tien au jus.
A+
0
Réponse 9 / 14
kevdu66pls
 
Alors voici le rapport avec ZHPDIAG

http://www.cijoint.fr/cjlink.php?file=cj201102/cijjIjp5Tl.txt
0
Réponse 10 / 14
Kevdu66pls Messages postés 34 Statut Membre 1
 
Up
0
Réponse 11 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

0/ un seul antivirus sur un ordi: vire antivir ou norton

1/
alors effectivement le MBR est touché alors faire comme indiqué dans le lien pour le nettoyer avec GMER et nous coller le rapport

si le pc est de marque il est conseillé de formater le pc et tout reinstaller

2/
tu as des Adware alors comme indiqué passe ad remover et colle un rapport de nettoyage
http://www.teamxscript.org/adremover.html

3/ il y a des infections par tes supports externes , branche les tous puis colle un rapport de nettoyage avec usbfix
0
Réponse 12 / 14
kevdu66pls
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-02 11:50:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 Hitachi_HTS543216L9A300 rev.FB2OC4DC
Running: bxvxuc15.exe; Driver: C:\DOCUME~1\SOLICIEL\LOCALS~1\Temp\fxtdypog.sys

---- System - GMER 1.0.15 ----

SSDT 86BC1BC0 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF737AE64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF735AEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF735B0E0]
SSDT A828AF94 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF737B652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF737B906]
SSDT A828AFB2 ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7379B64]
SSDT A828AF80 ZwOpenProcess
SSDT A828AF85 ZwOpenThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF737BD72]
SSDT A828AFBC ZwReplaceKey
SSDT A828AFB7 ZwRestoreKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF737B124]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF735AB5C]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\anftdird.sys Le fichier spécifié est introuvable. !
? System32\DRIVERS\KProcessCheck2.sys Le chemin d'accès spécifié est introuvable. !
? C:\DOCUME~1\SOLICIEL\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !
? C:\DOCUME~1\SOLICIEL\LOCALS~1\Temp\fxtdypoc.sys Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00DD000A
.text C:\WINDOWS\Explorer.EXE[1260] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00DA000C
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00E1000A
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00E2000A
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00E0000C
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0197000A
.text C:\WINDOWS\System32\svchost.exe[1452] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2868] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 010D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00E3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 03244BA0 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 03244D20 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 03244320 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 03244480 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2972] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3724] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 01EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0119000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 040B4BA0 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 040B4D20 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 040B4320 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3968] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 040B4480 C:\Program Files\Radio_Bar_1\tbRad2.dll (Conduit Toolbar/Conduit Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00D518FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [03EBBE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [03EE2DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [03EBBE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [03EBA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [03EBAA00] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [03EBB1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [03EE2DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [03EBA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [03EBB1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00D518FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [03EE2DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [03EBA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [03EE2DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [03EBC040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [03EBA1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [03EE2D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [03EBBB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [03EE2DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [03EE2DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [03EBC5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [03EBC4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [03EE2CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [03EE2E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [03EBB950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2972] @ C:\WINDOWS\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [03EBC3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)

---- Devices - GMER 1.0.15 ----

Device Ntfs.SYS (NT File System Driver/Microsoft Corporation)
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip anftdird.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp anftdird.sys

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 870A5AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 870A5AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 870A5AEA

AttachedDevice \Driver\Tcpip \Device\Udp
0
Réponse 13 / 14
kevdu66pls
 
Voici le rapport usbFix :
############################## | UsbFix 7.038 | [Recherche]

Utilisateur: SOLICIEL (Administrateur) # JPS10 [ ]
Mis à jour le 14/01/2011 par El Desaparecido / C_XX
Lancé à 13:24:24 | 02/02/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
CPU 2: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Antivirus: Symantec AntiVirus Corporate Edition 10.0.0.359 [Enabled | (!) Outdated]
Firewall: Symantec Client Firewall 8.6.0.80 [Enabled]
RAM -> 1014 Mo
C:\ (%systemdrive%) -> Disque fixe # 104 Go (53 Go libre(s) - 51%) [] # FAT32
D:\ -> Disque fixe # 30 Go (13 Go libre(s) - 43%) [LENOVO] # NTFS
E:\ -> Disque amovible # 964 Mo (130 Mo libre(s) - 13%) [] # FAT

################## | Éléments infectieux |

################## | Registre |

Présent! HKLM\software\microsoft\shared tools\msconfig\startupreg\userini

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{2fe11666-f90d-11de-a69a-00234ed733a2}
Shell\AutoRun\Command = nx.exe
Shell\open\Command = nx.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{2fe11667-f90d-11de-a69a-00234ed733a2}
Shell\AutoRun\Command = nx.exe
Shell\open\Command = nx.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{59de129f-5fff-11de-a621-00234ed733a2}
Shell\AutoRun\Command = 3n8awsyg.exe
Shell\open\Command = 3n8awsyg.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7e380591-1495-11df-a6a0-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8908e932-3f92-11de-a5f4-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8908e934-3f92-11de-a5f4-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8c4d613d-b270-11de-a657-00234ed733a2}
Shell\AutoRun\Command = F:\setupSNK.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{936adf70-590b-11dd-b5b7-806d6172696f}
Shell\AutoRun\Command = G:\setup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a476f3d1-72f4-11df-a6e9-00234ed733a2}
Shell\AutoRun\Command = G:\APPInst.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a7d015bd-3637-11df-a6b0-00234ed733a2}
Shell\AutoRun\Command = F:\setupSNK.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b060e2f6-7c4f-11de-a638-00234ed733a2}
Shell\AutoRun\Command = E:\yhh.bat
Shell\open\Command = E:\yhh.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{b060e2f7-7c4f-11de-a638-00234ed733a2}
Shell\AutoRun\Command = F:\yhh.bat
Shell\open\Command = F:\yhh.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{b10c4cde-de53-11de-a68b-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c2285528-5689-11de-a61e-00234ed733a2}
Shell\Auto\Command = AdobeR.exe e
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\.\.\.\.\Explorer\MountPoints2\{e284096a-9e0f-11df-a73d-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f1aa86c6-753d-11df-a6ef-00234ed733a2}
Shell\AutoRun\Command = n0qls.exe
Shell\open\Command = n0qls.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f360a7da-1ec0-11df-a6a7-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f360a7dc-1ec0-11df-a6a7-00234ed733a2}
Shell\AutoRun\Command = E:\AutoRun.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0
Réponse 14 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour usbfix il faut un rapport de nettoyage

et pour gmer faire ceci:

* Téléchargez mbr.exe de Gmer sur le Bureau : mbr.exe
http://www2.gmer.net/mbr/mbr.exe
* Désactivez vos protections et coupez la connexion.
* Sous Windows XP : double-cliquez sur mbr.exe / Sous Windows Vista ou Seven, faites un clic-droit sur mbr.exe et choisissez "Exécuter en temps qu'administrateur"
* Un rapport sera généré : mbr.log
* En cas d'infection, le message MBR rootkit code detected va apparaître dans le rapport. Si c'est le cas, cliquez sur le Menu démarrer --> Exécuter, et tapez la commande suivante :
o Sous XP : "%userprofile%\Bureau\mbr" -f
o Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f
* Dans le mbr.log cette ligne apparaîtra : original MBR restored successfully !
* Postez le rapport si cela vous a été demandé par un helpeur dans le Forum Virus / Sécurité.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses