RootkitDetectiveReport.txt

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
ramiroros
Mensajes: 48
Registrado: 13 Sep 2007, 03:37

RootkitDetectiveReport.txt

Mensaje por ramiroros » 14 Ene 2008, 18:11

[code]Scan complete. Hidden registry keys/values: 13
McAfee(R) Rootkit Detective 1.1 scan report
On 14-01-2008 at 14:55:58
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAcceptConnectPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheck
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckAndAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByType
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeAndAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultList
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAddAtom
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAddBootEntry
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAdjustGroupsToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAdjustPrivilegesToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAllocateLocallyUniqueId
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAllocateUserPhysicalPages
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAllocateUuids
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAreMappedFilesTheSame
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwAssignProcessToJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCallbackReturn
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCancelDeviceWakeupRequest
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCancelIoFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCancelTimer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwClearEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCloseObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCompactKeys
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCompareTokens
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCompleteConnectPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCompressKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwContinue
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateDebugObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateDirectoryObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateIoCompletion
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateJobSet
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateMailslotFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateNamedPipeFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreatePagingFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreatePort
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProfile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSemaphore
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateTimer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateWaitablePort
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwDebugActiveProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDebugContinue
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDelayExecution
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDeleteAtom
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDeleteBootEntry
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDeleteFile
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwDeviceIoControlFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDisplayString
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwDuplicateObject
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwDuplicateToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwEnumerateBootEntries
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwEnumerateSystemEnvironmentValuesEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwExtendSection
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFilterToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFindAtom
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFlushBuffersFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFlushInstructionCache
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFlushKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFlushVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFlushWriteBuffer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFreeUserPhysicalPages
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwFsControlFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwGetContextThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwGetDevicePowerState
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwGetPlugPlayEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwGetWriteWatch
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwImpersonateClientOfPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwInitializeRegistry
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwInitiatePowerAction
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwIsProcessInJob
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwIsSystemResumeAutomatic
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwListenPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLoadKey2
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwLoadKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLockFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLockProductActivationKeys
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLockRegistryKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwLockVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwMakePermanentObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwMakeTemporaryObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPages
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwMapUserPhysicalPagesScatter
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwModifyBootEntry
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeDirectoryFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwNotifyChangeMultipleKeys
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenDirectoryObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenIoCompletion
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenMutant
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessTokenEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenSemaphore
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenSymbolicLinkObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenThread
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadTokenEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenTimer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPlugPlayControl
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPowerInformation
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPrivilegeCheck
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPrivilegeObjectAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPrivilegedServiceAuditAlarm
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwProtectVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwPulseEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryAttributesFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryBootEntryOrder
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryBootOptions
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryDebugFilterState
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultLocale
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryDefaultUILanguage
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryEaFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryFullAttributesFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationAtom
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryInstallUILanguage
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryIntervalProfile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryIoCompletion
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryMultipleValueKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryMutant
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryOpenSubKeys
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryPerformanceCounter
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryQuotaInformationFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySection
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySecurityObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySemaphore
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySymbolicLinkObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySystemEnvironmentValue
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySystemEnvironmentValueEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySystemInformation
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQuerySystemTime
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryTimer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryTimerResolution
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryVolumeInformationFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueueApcThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRaiseException
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRaiseHardError
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReadFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReadFileScatter
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReadRequestData
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReadVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRegisterThreadTerminatePort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReleaseMutant
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReleaseSemaphore
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRemoveIoCompletion
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRemoveProcessDebug
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRenameKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwReplyPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReceivePort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReceivePortEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReplyWaitReplyPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRequestDeviceWakeup
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRequestPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRequestWaitReplyPort
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwRequestWakeupLatency
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwResetEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwResetWriteWatch
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwResumeProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSaveKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSaveKeyEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSaveMergedKeys
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSecureConnectPort
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwSetBootEntryOrder
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetBootOptions
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetDebugFilterState
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetDefaultHardErrorPort
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetDefaultLocale
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetDefaultUILanguage
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetEaFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetEventBoostPriority
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetHighEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetHighWaitLowEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationDebugObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwSetInformationJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetInformationToken
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetIntervalProfile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetIoCompletion
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetLdtEntries
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetLowEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetLowWaitHighEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetQuotaInformationFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSecurityObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSystemEnvironmentValue
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSystemEnvironmentValueEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSystemInformation
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSystemPowerState
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetSystemTime
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetThreadExecutionState
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetTimer
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetTimerResolution
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetUuidSeed
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwSetVolumeInformationFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwShutdownSystem
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSignalAndWaitForSingleObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwStartProfile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwStopProfile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwSystemDebugControl
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwTerminateJobObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\WINDOWS\system32\vsdatant.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwTestAlert
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwTraceEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwTranslateFilePath
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnloadDriver
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnloadKey
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnloadKeyEx
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnlockFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnlockVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwVdmControl
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitForDebugEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitForMultipleObjects
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitForSingleObject
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitHighEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitLowEventPair
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWriteFile
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWriteFileGather
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWriteRequestData
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwYieldExecution
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwCreateKeyedEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwOpenKeyedEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwReleaseKeyedEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwWaitForKeyedEvent
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: SSDT-hook
Object-Name: ZwQueryPortInformationProcess
Object-Path: C:\WINDOWS\system32\KERNEL1.EXE

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CLEANUP
Object-Path: \SystemRoot\System32\vsdatant.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path: \SystemRoot\System32\vsdatant.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_DEVICE_CONTROL
Object-Path: \SystemRoot\System32\vsdatant.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CLOSE
Object-Path: \SystemRoot\System32\vsdatant.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CREATE
Object-Path: \SystemRoot\System32\vsdatant.sys

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: Security
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: Security
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: Security
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSSQL$SONY_MEDIAMGR\Security
Status: Hidden

Object-Type: Registry-key
Object-Name: DataEM\ControlSet003\Services\MSSQL$SONY_MEDIAMGR\Security
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 960
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 744
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 3720
Object-Path: C:\Archivos de programa\Mozilla Firefox\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: nod32krn.exe
Pid: 1180
Object-Path: C:\Archivos de programa\Eset\nod32krn.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1244
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 1368
Object-Path: C:\Archivos de programa\MSN Messenger\msnmsgr.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 440
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 688
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: zlclient.exe
Pid: 2024
Object-Path: C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 880
Object-Path: C:\Documents and Settings\Administrador\Escritorio\Utilidades SATINFO\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: GoogleUpdaterSe
Pid: 1160
Object-Path: C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 1780
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: SiteAdv.exe
Pid: 1936
Object-Path: C:\Archivos de programa\SiteAdvisor\6253\SiteAdv.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 200
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: vsmon.exe
Pid: 1812
Object-Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Status: Visible

Object-Type: Process
Object-Name: SAService.exe
Pid: 1224
Object-Path: C:\Archivos de programa\SiteAdvisor\6253\SAService.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1596
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: DSLMON.exe
Pid: 264
Object-Path: C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 452
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: GoogleToolbarNo
Pid: 208
Object-Path: C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 612
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 396
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1048
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 368
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: nod32kui.exe
Pid: 1980
Object-Path: C:\Archivos de programa\Eset\nod32kui.exe
Status: Visible

Object-Type: Process
Object-Name: SUPERAntiSpywar
Pid: 152
Object-Path: C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 308
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Scan complete. Hidden registry keys/values: 13 [/code]
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 14 Ene 2008, 19:00

Envianos estos ficheros para analizar:



C:\WINDOWS\system32\KERNEL1.EXE



->[b] Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334



saludos



ms, 14-1-2008





NOTA: Y por favor, no posteen logs sin explicar el problema que tienen !!! ms.
Arriba
ramiroros
Mensajes: 48
Registrado: 13 Sep 2007, 03:37

Mensaje por ramiroros » 15 Ene 2008, 00:34

ya envie el fichero
Arriba
ramiroros
Mensajes: 48
Registrado: 13 Sep 2007, 03:37

Mensaje por ramiroros » 15 Ene 2008, 03:17

he tenido otro problema

cuando estoy pasando el AD-Aware SE Personal o el Spybot- Search & Destroy me aparece la pantalla azul

diciendo "Windows se ha apagado para evitar daños al equipo"
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 15 Ene 2008, 06:27

Pues veremos si tiene algo que ver con el fichero cuando lo analicemos.



Aparte, revise los puntos que indicamos en:



https://foros.zonavirus.com/viewtopic.php?f=5&t=11159



y nos cuenta el resultado, gracias



saludos



ms, 15-1-2008
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 15 Ene 2008, 14:05

Pues no, el fichero es el NTOSKRNL.EXE del sistema, no es virus, lo que no sé es porqué lo tiene renombrado ???



Ya nos dirá si las pruebas que le indicabamos le han servido...



saludos



ms, 15-1-2008
Arriba
Responder

Volver a “Foro Virus - Cuentanos tu problema”