RkUnhooker report generator v0.6 ============================================== Rootkit Unhooker kernel version: 3.30.150.400 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Processes Process: System Process Id: 4 EPROCESS Address: 0x8A2C6830 Process: C:\WINDOWS\explorer.exe Process Id: 344 EPROCESS Address: 0x89CD6DA0 Process: C:\WINDOWS\system32\dllhost.exe Process Id: 412 EPROCESS Address: 0x89E5ADA0 Process: C:\WINDOWS\system32\alg.exe Process Id: 432 EPROCESS Address: 0x89ED7900 Process: C:\WINDOWS\system32\smss.exe Process Id: 732 EPROCESS Address: 0x89F466C0 Process: C:\WINDOWS\system32\WgaTray.exe Process Id: 752 EPROCESS Address: 0x89EDAB58 Process: C:\WINDOWS\system32\csrss.exe Process Id: 816 EPROCESS Address: 0x89F57140 Process: C:\WINDOWS\system32\winlogon.exe Process Id: 840 EPROCESS Address: 0x89E2B790 Process: C:\WINDOWS\system32\services.exe Process Id: 884 EPROCESS Address: 0x89E5ED50 Process: C:\WINDOWS\system32\lsass.exe Process Id: 896 EPROCESS Address: 0x89E539B8 Process: C:\Program Files\ESET\nod32kui.exe Process Id: 928 EPROCESS Address: 0x89E4DB28 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1064 EPROCESS Address: 0x89DE4020 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1124 EPROCESS Address: 0x89DDC528 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1172 EPROCESS Address: 0x8A193790 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1212 EPROCESS Address: 0x89DE27A0 Process: C:\Program Files\Soft4Ever\looknstop\looknstop.exe Process Id: 1232 EPROCESS Address: 0x89EBBDA0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1272 EPROCESS Address: 0x89FB1880 Process: C:\WINDOWS\system32\spoolsv.exe Process Id: 1484 EPROCESS Address: 0x89E3CB28 Process: C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe Process Id: 1580 EPROCESS Address: 0x89E17870 Process: C:\WINDOWS\ehome\ehRecvr.exe Process Id: 1632 EPROCESS Address: 0x89DC3140 Process: C:\WINDOWS\ehome\ehSched.exe Process Id: 1644 EPROCESS Address: 0x89DF8B28 Process: C:\Program Files\ESET\nod32krn.exe Process Id: 1740 EPROCESS Address: 0x89E46898 Process: C:\WINDOWS\system32\HPZipm12.exe Process Id: 1788 EPROCESS Address: 0x89E15B50 Process: C:\WINDOWS\mixer.exe Process Id: 1796 EPROCESS Address: 0x891E8688 Process: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Process Id: 1808 EPROCESS Address: 0x88931B50 Process: C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe Process Id: 1848 EPROCESS Address: 0x89DB2648 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1888 EPROCESS Address: 0x89DA5D78 Process: C:\WINDOWS\system32\wuauclt.exe Process Id: 1976 EPROCESS Address: 0x89DB88D8 Process: C:\PROGRA~1\FASTDE~1\FAST2.EXE Process Id: 2076 EPROCESS Address: 0x891DBDA0 Process: C:\Program Files\Emoticons Mail\emomail.exe Process Id: 2148 EPROCESS Address: 0x891CC020 Process: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Process Id: 2260 EPROCESS Address: 0x891C4020 Process: C:\WINDOWS\system32\wuauclt.exe Process Id: 2464 EPROCESS Address: 0x89195768 Process: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe Process Id: 2584 EPROCESS Address: 0x888F2020 Process: C:\Program Files\Mozilla Firefox\firefox.exe Process Id: 2844 EPROCESS Address: 0x888D8020 Process: C:\RkUnhooker\Xo4gia.exe Process Id: 3036 EPROCESS Address: 0x891B96B0 ============================================== >Drivers Driver: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2181376 bytes Driver: \Driver\PnpManager Address: 0x804D7000 Size: 2181376 bytes Driver: \FileSystem\RAW Address: 0x804D7000 Size: 2181376 bytes Driver: \Driver\WMIxWDM Address: 0x804D7000 Size: 2181376 bytes Driver: \Driver\Win32k Address: 0xBF800000 Size: 1843200 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1843200 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys Address: 0xBA569000 Size: 1044480 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys Address: 0xBA4C1000 Size: 688128 bytes Driver: Ntfs.sys Address: 0xF7B52000 Size: 577536 bytes Driver: C:\WINDOWS\System32\ati3d1ag.dll Address: 0xBFA08000 Size: 552960 bytes Driver: C:\WINDOWS\system32\drivers\amon.sys Address: 0xADAA8000 Size: 503808 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xB1FE2000 Size: 454656 bytes Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Address: 0xBA7AC000 Size: 385024 bytes Driver: C:\WINDOWS\system32\DRIVERS\CamDrL21.sys Address: 0xB1F60000 Size: 368640 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xB21C2000 Size: 360448 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xAD94D000 Size: 335872 bytes Driver: C:\WINDOWS\system32\drivers\cmaudio.sys Address: 0xBA6E8000 Size: 282624 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xAD38D000 Size: 266240 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys Address: 0xBA668000 Size: 221184 bytes Driver: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF9D4000 Size: 212992 bytes Driver: timntr.sys Address: 0xF7863000 Size: 212992 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xBA37A000 Size: 212992 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xBA3AE000 Size: 200704 bytes Driver: ACPI.sys Address: 0xF75A7000 Size: 192512 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xADBEB000 Size: 184320 bytes Driver: NDIS.sys Address: 0xF7423000 Size: 184320 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xB2051000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xB2187000 Size: 163840 bytes Driver: dmio.sys Address: 0xF74B1000 Size: 155648 bytes Driver: C:\WINDOWS\system32\DRIVERS\el90xnd5.sys Address: 0xBA69E000 Size: 155648 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xBA6C4000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xBA72D000 Size: 143360 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xBA750000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB207C000 Size: 139264 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xB213E000 Size: 135168 bytes Driver: \Driver\ACPI_HAL Address: 0x806EC000 Size: 131968 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806EC000 Size: 131968 bytes Driver: fltMgr.sys Address: 0xF7479000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xF74D7000 Size: 126976 bytes Driver: Mup.sys Address: 0xF7848000 Size: 110592 bytes Driver: C:\WINDOWS\System32\Drivers\ALIEHCI.sys Address: 0xBA4A7000 Size: 106496 bytes Driver: C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys Address: 0xADA67000 Size: 102400 bytes Driver: atapi.sys Address: 0xF7499000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xF7450000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xBA490000 Size: 94208 bytes Driver: snapman.sys Address: 0xF740E000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xAD5C8000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xBA784000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xBA798000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xB221A000 Size: 77824 bytes Driver: C:\WINDOWS\System32\Drivers\lnsfw1.SYS Address: 0xB21AF000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C2000 Size: 73728 bytes Driver: sr.sys Address: 0xF7467000 Size: 73728 bytes Driver: pci.sys Address: 0xF7596000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xBA47F000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xBA773000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\alcaudsl.sys Address: 0xBAF38000 Size: 65536 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF7677000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF76E7000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF76D7000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xAD99F000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\usbaudio.sys Address: 0xBA45F000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBAFA8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF76A7000 Size: 57344 bytes Driver: VolSnap.sys Address: 0xF7617000 Size: 57344 bytes Driver: C:\WINDOWS\system32\DRIVERS\alcan5wn.sys Address: 0xF7687000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xF76C7000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7637000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\HPZid412.sys Address: 0xBA44F000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF76F7000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\lnsfw.sys Address: 0xF7546000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF7576000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\STREAM.SYS Address: 0xBA46F000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xF76B7000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xF7607000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF7586000 Size: 45056 bytes Driver: sisagp.sys Address: 0xF7647000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xF7697000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF7526000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF7556000 Size: 40960 bytes Driver: disk.sys Address: 0xF7627000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBAF58000 Size: 36864 bytes Driver: isapnp.sys Address: 0xF75F7000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF7566000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBAF68000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBAF78000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xF77C7000 Size: 32768 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF780F000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys Address: 0xF7797000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xF772F000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xF77A7000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF77AF000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7707000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys Address: 0xF774F000 Size: 28672 bytes Driver: C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS Address: 0xF779F000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\HPZius12.sys Address: 0xF775F000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF77B7000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBCAMD.SYS Address: 0xF7767000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF77FF000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xF77EF000 Size: 20480 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF7807000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xF770F000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF77DF000 Size: 20480 bytes Driver: PxHelp20.sys Address: 0xF7717000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF77E7000 Size: 20480 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv31.SYS Address: 0xF7777000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xF77D7000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xF77BF000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xF777F000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys Address: 0xB22B1000 Size: 16384 bytes Driver: C:\WINDOWS\system32\drivers\MODEMCSA.sys Address: 0xBAFD8000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBAED4000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xADE50000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBAF04000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbscan.sys Address: 0xB22B9000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7897000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB22A1000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys Address: 0xBAE51000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\itchfltr.sys Address: 0xBAF00000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Address: 0xADBD7000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBAEF0000 Size: 12288 bytes Driver: C:\WINDOWS\system32\drivers\pfc.sys Address: 0xBAEF8000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xBAF24000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys Address: 0xBAF10000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\alcawh.sys Address: 0xF79C5000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF79BB000 Size: 8192 bytes Driver: dmload.sys Address: 0xF798B000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79B9000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7987000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF79BD000 Size: 8192 bytes Driver: C:\WINDOWS\system32\drivers\nod32drv.sys Address: 0xF79C3000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xF79AF000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF79BF000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF79AD000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF79B3000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF7989000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\alcacr.sys Address: 0xBA80F000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\AliRtHub.sys Address: 0xBAE74000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA810000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7AB8000 Size: 4096 bytes Driver: giveio.sys Address: 0xF7A51000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7A9D000 Size: 4096 bytes Driver: pciide.sys Address: 0xF7A4F000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS Address: 0xF7AA2000 Size: 4096 bytes Driver: speedfan.sys Address: 0xF7A50000 Size: 4096 bytes ============================================== >Files Suspect File: C:\Config.Msi::$DATA Status: Hidden Suspect File: C:\Documents and Settings::$DATA Status: Hidden Suspect File: C:\Hijackthis::$DATA Status: Hidden Suspect File: C:\kav::$DATA Status: Hidden Suspect File: C:\Program Files::$DATA Status: Hidden Suspect File: C:\RECYCLER::$DATA Status: Hidden Suspect File: C:\RkUnhooker::$DATA Status: Hidden Suspect File: C:\SierraChart::$DATA Status: Hidden Suspect File: C:\VundoFix Backups::$DATA Status: Hidden Suspect File: C:\WINDOWS::$DATA Status: Hidden ============================================== >Hooks [752]WgaTray.exe-->wininet.dll-->InternetErrorDlg, Type: Inline - RelativeJump at address 0x77B1C34D hook handler located in [WgaTray.exe]