RkUnhooker report generator v0.5c ============================================== Rootkit Unhooker kernel version: 3.20.130.384 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Processes Process: System Process Id: 4 EPROCESS Address: 0x81BCC7C0 Process: D:\PROGRA~1\Wanadoo\CnxMon.exe Process Id: 228 EPROCESS Address: 0xFF8D4610 Process: D:\Program Files\Rainlendar2\Rainlendar2.exe Process Id: 272 EPROCESS Address: 0x815A5DA0 Process: D:\PROGRA~1\Wanadoo\TaskBarIcon.exe Process Id: 276 EPROCESS Address: 0xFF68B990 Process: D:\WINDOWS\explorer.exe Process Id: 292 EPROCESS Address: 0x817BD3D8 Process: D:\WINDOWS\system32\LVCOMSX.EXE Process Id: 316 EPROCESS Address: 0xFF687DA0 Process: D:\Program Files\Logitech\Video\LogiTray.exe Process Id: 348 EPROCESS Address: 0xFF69B8C8 Process: D:\Program Files\LogProtect\LogProtect.exe Process Id: 480 EPROCESS Address: 0xFF683670 Process: D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe Process Id: 500 EPROCESS Address: 0xFF682328 Process: D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe Process Id: 508 EPROCESS Address: 0xFF666990 Process: D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe Process Id: 528 EPROCESS Address: 0xFF682738 Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe Process Id: 576 EPROCESS Address: 0x81A1A540 Process: D:\WINDOWS\system32\smss.exe Process Id: 704 EPROCESS Address: 0x818F1020 Process: D:\WINDOWS\system32\csrss.exe Process Id: 760 EPROCESS Address: 0x8153C220 Process: D:\WINDOWS\system32\winlogon.exe Process Id: 784 EPROCESS Address: 0x81A3AA48 Process: D:\WINDOWS\system32\services.exe Process Id: 828 EPROCESS Address: 0x814EE620 Process: D:\WINDOWS\system32\lsass.exe Process Id: 840 EPROCESS Address: 0x814EA390 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1004 EPROCESS Address: 0x814CABE0 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1056 EPROCESS Address: 0x817AF228 Process: D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe Process Id: 1120 EPROCESS Address: 0xFF6A79B0 Process: D:\Program Files\LogProtect\lpwchdg.exe Process Id: 1124 EPROCESS Address: 0x815D26E8 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1160 EPROCESS Address: 0x814D5C38 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1204 EPROCESS Address: 0x8151C2A0 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1220 EPROCESS Address: 0x818E0C78 Process: D:\WINDOWS\system32\spoolsv.exe Process Id: 1516 EPROCESS Address: 0x81567A60 Process: D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Process Id: 1664 EPROCESS Address: 0x81576DA0 Process: D:\Program Files\Alwil Software\Avast4\ashServ.exe Process Id: 1684 EPROCESS Address: 0x8152C3C0 Process: D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Process Id: 1708 EPROCESS Address: 0x815BE810 Process: D:\Program Files\Mozilla Firefox\firefox.exe Process Id: 1724 EPROCESS Address: 0xFEFF6020 Process: D:\WINDOWS\system32\nvsvc32.exe Process Id: 1764 EPROCESS Address: 0x814E37F8 Process: D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe Process Id: 1828 EPROCESS Address: 0xFF6B2580 Process: D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Process Id: 1840 EPROCESS Address: 0x817DC278 Process: D:\WINDOWS\system32\svchost.exe Process Id: 1856 EPROCESS Address: 0x814D3488 Process: D:\WINDOWS\system32\wdfmgr.exe Process Id: 1872 EPROCESS Address: 0x814E25D0 Process: D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Process Id: 1972 EPROCESS Address: 0xFF6A3DA0 Process: D:\Program Files\Logitech\Video\FxSvr2.exe Process Id: 2080 EPROCESS Address: 0x81B2C468 Process: D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe Process Id: 2180 EPROCESS Address: 0x812B7990 Process: D:\Program Files\Skype\Phone\Skype.exe Process Id: 2764 EPROCESS Address: 0x8159C020 Process: D:\Program Files\Alwil Software\Avast4\ashWebSv.exe Process Id: 3172 EPROCESS Address: 0x814C2DA0 Process: D:\Program Files\PC Connectivity Solution\ServiceLayer.exe Process Id: 3456 EPROCESS Address: 0x812A6020 Process: D:\WINDOWS\system32\msiexec.exe Process Id: 3504 EPROCESS Address: 0x8125A720 Process: D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe Process Id: 3572 EPROCESS Address: 0x8127B3A8 Process: D:\Program Files\Skype\Plugin Manager\skypePM.exe Process Id: 3596 EPROCESS Address: 0x81283580 Process: D:\WINDOWS\system32\alg.exe Process Id: 3708 EPROCESS Address: 0x81279B28 Process: D:\WINDOWS\system32\svchost.exe Process Id: 4004 EPROCESS Address: 0x81A8DC68 Process: D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Process Id: 1776 EPROCESS Address: 0xFF69B498 Process: D:\WINDOWS\system32\ZoneLabs\vsmon.exe Process Id: 1888 EPROCESS Address: 0x814EADA0 Process: C:\RkUnhooker\8BB787428BB.exe Process Id: 2800 EPROCESS Address: 0xFEF7A1C8 ============================================== >Drivers Driver: nv4_disp.dll Address: 0xBF9D4000 Size: 4325376 bytes Driver: ntoskrnl.exe Address: 0x804D7000 Size: 2181376 bytes Driver: PnpManager Address: 0x804D7000 Size: 2181376 bytes Driver: RAW Address: 0x804D7000 Size: 2181376 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2181376 bytes Driver: Win32k Address: 0xBF800000 Size: 1843200 bytes Driver: win32k.sys Address: 0xBF800000 Size: 1843200 bytes Driver: nv4_mini.sys Address: 0xF8C68000 Size: 1536000 bytes Driver: 00000043 Address: 0xF9939000 Size: 880640 bytes Driver: sptd.sys Address: 0xF9939000 Size: 880640 bytes Driver: Ntfs.sys Address: 0xF97C0000 Size: 577536 bytes Driver: smwdm.sys Address: 0xF8B65000 Size: 540672 bytes Driver: mrxsmb.sys Address: 0xF774C000 Size: 454656 bytes Driver: vsdatant.sys Address: 0xF7830000 Size: 389120 bytes Driver: tcpip.sys Address: 0xF78B7000 Size: 360448 bytes Driver: srv.sys Address: 0xF596A000 Size: 335872 bytes Driver: a8wf9flo.SYS Address: 0xF8AF7000 Size: 303104 bytes Driver: ATMFD.DLL Address: 0xBFFA0000 Size: 286720 bytes Driver: HTTP.sys Address: 0xF4FBB000 Size: 266240 bytes Driver: update.sys Address: 0xF8A6A000 Size: 212992 bytes Driver: rdpdr.sys Address: 0xF8A9E000 Size: 200704 bytes Driver: ACPI.sys Address: 0xF98E1000 Size: 192512 bytes Driver: mrxdav.sys Address: 0xF5C74000 Size: 184320 bytes Driver: NDIS.sys Address: 0xF9793000 Size: 184320 bytes Driver: kmixer.sys Address: 0xF509C000 Size: 176128 bytes Driver: rdbss.sys Address: 0xF77BB000 Size: 176128 bytes Driver: netbt.sys Address: 0xF788F000 Size: 163840 bytes Driver: dmio.sys Address: 0xF989C000 Size: 155648 bytes Driver: portcls.sys Address: 0xF8B41000 Size: 147456 bytes Driver: Fastfat.SYS Address: 0xF7708000 Size: 143360 bytes Driver: ks.sys Address: 0xF8BE9000 Size: 143360 bytes Driver: USBPORT.SYS Address: 0xF8C31000 Size: 143360 bytes Driver: afd.sys Address: 0xF77E6000 Size: 139264 bytes Driver: ipnat.sys Address: 0xF772B000 Size: 135168 bytes Driver: ACPI_HAL Address: 0x806EC000 Size: 131968 bytes Driver: hal.dll Address: 0x806EC000 Size: 131968 bytes Driver: fltmgr.sys Address: 0xF9864000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xF98C2000 Size: 126976 bytes Driver: adiusbaw.sys Address: 0xF76C2000 Size: 122880 bytes Driver: Mup.sys Address: 0xF9778000 Size: 110592 bytes Driver: atapi.sys Address: 0xF9884000 Size: 98304 bytes Driver: dump_atapi.sys Address: 0xF76AA000 Size: 98304 bytes Driver: SCSIPORT.SYS Address: 0xF9921000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xF984D000 Size: 94208 bytes Driver: ndiswan.sys Address: 0xF8AE0000 Size: 94208 bytes Driver: aswMon2.SYS Address: 0xF5C4C000 Size: 90112 bytes Driver: wdmaud.sys Address: 0xF5A07000 Size: 86016 bytes Driver: parport.sys Address: 0xF8C1D000 Size: 81920 bytes Driver: VIDEOPRT.SYS Address: 0xF8C54000 Size: 81920 bytes Driver: ipsec.sys Address: 0xF790F000 Size: 77824 bytes Driver: dxg.sys Address: 0xBF9C2000 Size: 73728 bytes Driver: SENTINEL.SYS Address: 0xF5C62000 Size: 73728 bytes Driver: pci.sys Address: 0xF9910000 Size: 69632 bytes Driver: psched.sys Address: 0xF8ACF000 Size: 69632 bytes Driver: serial.sys Address: 0xF8C0C000 Size: 69632 bytes Driver: Cdfs.SYS Address: 0xF5827000 Size: 65536 bytes Driver: drmk.sys Address: 0xF9C21000 Size: 61440 bytes Driver: redbook.sys Address: 0xF9BF1000 Size: 61440 bytes Driver: sysaudio.sys Address: 0xF5BA4000 Size: 61440 bytes Driver: usbhub.sys Address: 0xF8E5D000 Size: 61440 bytes Driver: i8042prt.sys Address: 0xF9BC1000 Size: 57344 bytes Driver: VolSnap.sys Address: 0xF9A51000 Size: 57344 bytes Driver: cdrom.sys Address: 0xF9BE1000 Size: 53248 bytes Driver: CLASSPNP.SYS Address: 0xF9A71000 Size: 53248 bytes Driver: rasl2tp.sys Address: 0xF9C81000 Size: 53248 bytes Driver: raspptp.sys Address: 0xF8EAD000 Size: 49152 bytes Driver: amdk7.sys Address: 0xF9BB1000 Size: 45056 bytes Driver: imapi.sys Address: 0xF9C01000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xF9A41000 Size: 45056 bytes Driver: raspppoe.sys Address: 0xF9C91000 Size: 45056 bytes Driver: srescan.sys Address: 0xF9A81000 Size: 45056 bytes Driver: NDProxy.SYS Address: 0xF8E7D000 Size: 40960 bytes Driver: termdd.sys Address: 0xF8E8D000 Size: 40960 bytes Driver: aswTdi.SYS Address: 0xF8E2D000 Size: 36864 bytes Driver: disk.sys Address: 0xF9A61000 Size: 36864 bytes Driver: Fips.SYS Address: 0xF9AB1000 Size: 36864 bytes Driver: isapnp.sys Address: 0xF9A31000 Size: 36864 bytes Driver: msgpc.sys Address: 0xF8E9D000 Size: 36864 bytes Driver: netbios.sys Address: 0xF8E1D000 Size: 36864 bytes Driver: wanarp.sys Address: 0xF9AC1000 Size: 36864 bytes Driver: Npfs.SYS Address: 0xF9D69000 Size: 32768 bytes Driver: viaagp1.sys Address: 0xF9CC9000 Size: 32768 bytes Driver: fdc.sys Address: 0xF9E19000 Size: 28672 bytes Driver: fetnd5.sys Address: 0xF9E31000 Size: 28672 bytes Driver: kbdclass.sys Address: 0xF9E21000 Size: 28672 bytes Driver: PCIIDEX.SYS Address: 0xF9CB1000 Size: 28672 bytes Driver: usbehci.sys Address: 0xF9E11000 Size: 28672 bytes Driver: USBSTOR.SYS Address: 0xF9DA1000 Size: 28672 bytes Driver: Aavmker4.SYS Address: 0xF9D79000 Size: 24576 bytes Driver: mouclass.sys Address: 0xF9E29000 Size: 24576 bytes Driver: rkhdrv31.SYS Address: 0xF9CE9000 Size: 24576 bytes Driver: RTL8139.SYS Address: 0xF9E01000 Size: 24576 bytes Driver: vga.sys Address: 0xF9D59000 Size: 24576 bytes Driver: flpydisk.sys Address: 0xF9D49000 Size: 20480 bytes Driver: Msfs.SYS Address: 0xF9D61000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xF9CB9000 Size: 20480 bytes Driver: ptilink.sys Address: 0xF9D29000 Size: 20480 bytes Driver: PxHelp20.sys Address: 0xF9CC1000 Size: 20480 bytes Driver: raspti.sys Address: 0xF9D31000 Size: 20480 bytes Driver: SNTNLUSB.SYS Address: 0xF9D89000 Size: 20480 bytes Driver: TDI.SYS Address: 0xF9D21000 Size: 20480 bytes Driver: usbuhci.sys Address: 0xF9E09000 Size: 20480 bytes Driver: watchdog.sys Address: 0xF9D11000 Size: 20480 bytes Driver: aswRdr.sys Address: 0xF5CC5000 Size: 16384 bytes Driver: mssmbios.sys Address: 0xF916B000 Size: 16384 bytes Driver: ndisuio.sys Address: 0xF66F1000 Size: 16384 bytes Driver: serenum.sys Address: 0xF9728000 Size: 16384 bytes Driver: BOOTVID.dll Address: 0xF9E41000 Size: 12288 bytes Driver: Dxapi.sys Address: 0xF76E8000 Size: 12288 bytes Driver: gameenum.sys Address: 0xF9724000 Size: 12288 bytes Driver: ndistapi.sys Address: 0xF9187000 Size: 12288 bytes Driver: rasacd.sys Address: 0xF9748000 Size: 12288 bytes Driver: aeaudio.sys Address: 0xF9F67000 Size: 8192 bytes Driver: Beep.SYS Address: 0xF9FA5000 Size: 8192 bytes Driver: dmload.sys Address: 0xF9F37000 Size: 8192 bytes Driver: dump_WMILIB.SYS Address: 0xF9F51000 Size: 8192 bytes Driver: enodpl.sys Address: 0xF9FE1000 Size: 8192 bytes Driver: Fs_Rec.SYS Address: 0xF9FA3000 Size: 8192 bytes Driver: KDCOM.DLL Address: 0xF9F31000 Size: 8192 bytes Driver: mnmdd.SYS Address: 0xF9FA7000 Size: 8192 bytes Driver: ParVdm.SYS Address: 0xF9FDD000 Size: 8192 bytes Driver: RDPCDD.sys Address: 0xF9FA9000 Size: 8192 bytes Driver: splitter.sys Address: 0xF9F3F000 Size: 8192 bytes Driver: swenum.sys Address: 0xF9F85000 Size: 8192 bytes Driver: tandpl.sys Address: 0xF9FED000 Size: 8192 bytes Driver: TBPanel.SYS Address: 0xF9FDF000 Size: 8192 bytes Driver: USBD.SYS Address: 0xF9F99000 Size: 8192 bytes Driver: viaidexp.sys Address: 0xF9F35000 Size: 8192 bytes Driver: WMILIB.SYS Address: 0xF9F33000 Size: 8192 bytes Driver: aslm75.sys Address: 0xFA044000 Size: 4096 bytes Driver: ATMhelpr.SYS Address: 0xF9FFE000 Size: 4096 bytes Driver: audstub.sys Address: 0xFA164000 Size: 4096 bytes Driver: AvgAsCln.sys Address: 0xF9FFC000 Size: 4096 bytes Driver: dxgthk.sys Address: 0xFA155000 Size: 4096 bytes Driver: guard.sys Address: 0xFA05B000 Size: 4096 bytes Driver: Null.SYS Address: 0xF9FFF000 Size: 4096 bytes Driver: SVKP.sys Address: 0xFA040000 Size: 4096 bytes Driver: ?_unknown_code_page_? Address: 0x81BDC1D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x81BDD1D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x819B41D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x815941D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x81B6E1D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x81A141D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x81BDE1D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x81A131D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x8184A1D8 Size: 3624 bytes Driver: ?_unknown_code_page_? Address: 0x819B1698 Size: 2408 bytes Driver: ?_unknown_code_page_? Address: 0x81558980 Size: 1664 bytes Driver: ?_unknown_code_page_? Address: 0x81729980 Size: 1664 bytes Driver: ?_unknown_code_page_? Address: 0x8179C980 Size: 1664 bytes ============================================== >Files Suspect File: D:\Documents and Settings::$DATA Status: Hidden Suspect File: D:\FTP Utiles::$DATA Status: Hidden Suspect File: D:\KPCMS::$DATA Status: Hidden Suspect File: D:\Mes téléchargements::$DATA Status: Hidden Suspect File: D:\NVIDIA::$DATA Status: Hidden Suspect File: D:\Program Files::$DATA Status: Hidden Suspect File: D:\PSFONTS::$DATA Status: Hidden Suspect File: D:\RECYCLER::$DATA Status: Hidden Suspect File: D:\Svg pst::$DATA Status: Hidden Suspect File: D:\teleir::$DATA Status: Hidden Suspect File: D:\Temp::$DATA Status: Hidden Suspect File: D:\WINDOWS::$DATA Status: Hidden Suspect File: D:\WUTemp::$DATA Status: Hidden ============================================== >Hooks tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xF78F5F28 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xF78F5F54 hook handler located in [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xF78F5F60 hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xF9AC6B4C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xF9AC6B1C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xF9AC6B3C hook handler located in [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xF9AC6B28 hook handler located in [vsdatant.sys]