Hi,
Thanks a lot for your answer.
I'll try API Monitor to see if the returned informations are usefull in this case.
I must admit that I am not too comfortable with disassembler/debugger...i'll have to work on this !
Finally I tried other ways to collect informations :
- I virtualised the system and used GMER to detect abnormalities. This confirmed the dll was malicious and let me find a suspect driver.
- using the log on boot option of autoruns, i found that the dll was charged as a service which loaded the driver...
- analysis of these files will certainly give me more clues !
Have a nice day
Thierry
↧