Captainigloo

Merci, Mais je pouvais le faire. J'attendais une réponse à ma dernière question. Pas grave Merci à l'équipe ZEB. Trés efficace

MERCI Je pense effectivement que mon problème et résolu. Mais selon toi que c'est il passé ?? Merci TCHO A bientôt

Voici la suite [/img] Uploaded with ImageShack.us Et http://cjoint.com/?DAhkdgzvBwV Merci, à plus

Bonjour, rapport ZHPFix http://cjoint.com/?DAhjKCJlPVn _________________________ rapport SFTGC http://cjoint.com/?DAhjMe2Arqa __________________________ "Vérificateur des fichiers système pour résoudre les problèmes des fichiers système manquants ou endommagés sur Windows Vista ou Windows 7" Je m'occupe de la suite Merci PS/ Mon PC semble refonctionner correctement, avant même de le traiter avec ZHPFix ? Peut être pas de virus, mais un bug, un dysfonctionnement???? Quant à l'origine je ne comprends pas ???

Merci, C'est rapide comme réponse. "Et en mode sans échec, avez vous aux logicies?" OUI en mode sans échec tout semble bien fonctionner. Voici le lien pour le rapport "ZhpDiag" http://cjoint.com/?DAgwGzVzIzU A plus tard, merci.

Bonjour à l'équipe de Zeb. J'ai encore besoin de vous. Mon PC démarre, mais partiellement Je n'accéde plus à internet (icone dans zone de notification en parmanence en démarrage) Je n'accéde plus aux logiciels, pas de réaction suite à un double clic de souris Avast ne fonctionne plus correctement (icônes rectangle jaune et "!" à l'intérieur) Tout allez bien, jusqu'à mon dernier demarrage. Je vous écris par le biais de mon PC en mode sans echec. OUF je peux vous joindre Merci de votre aide

Non Si c'est bon pour toi, moi à priori pas de soucis Merci

Bonjour, Voici le rapport http://cjoint.com/?CIflg4HBCXR Merci

Bonjour pear, Bien voilà j'ai tout fait -1 http://cjoint.com/?CIevXIAWjAv AdwCleaner http://cjoint.com/?CIevYmb7JCt -2 http://cjoint.com/?CIevYPf1e79 Junkware Removal Tool -3 http://cjoint.com/?CIevZjx0PiM MBAM -4 http://cjoint.com/?CIev0jrXqtF Zhpdiag A plus tard, Merci

bonjour, Bon j'iamgine qu'il faut que je fasse le netoyage tout de suite derrière le scan sans avoir stopé AdwCleaner. J'ai bien fait le scan, mais une cououre de courant m'a empèché de faire le netoyage. Désolé Que dois je faire pour me remettre dans l'axe Merci

Désolé pour le dernier message. "NettoyageA faire sans délai Relancez AdwCleaner avec droits administrateur Cliquez sur Nettoyer et postez le rapport C:\AdwCleaner[s1].txt" Que veux tu dire par relancer. Je ferme Adware et je le relance. Mais j'ai ce message si je ferme. "En utilisant uniquement le scan, AdwCleaner n'a supprimé aucun élément. Pour procédé à la suppression des éléments trouvés, cliquez sur [Nettoyer] sauf si il vous a demandé de n'effectuer qu'un scan. Etes-vous sçur de vouloir quitter AdwCleaner" Peux tu me donner plus de précision Merci

Bonjour pear, Voici le lien demandé http://cjoint.com/?CIdmcsa0yok A l'installation de ZHPDiag, Il n'y avait pas sur le bureau le raccourci mbrcheck. Je l'ai mis manuellement. Merci, à plus tard

Message reçu Merci pour la rapidité et l'aide Je m'occupe de cela au plus vite

Bonjour, Cela fait longtemps que je n'ai pas fait appel à vous. je connais votre efficacité et votre disponibilité. C'est pourquoi je refais un appel; J'ai dernièrement eu un petit soucis sur mon nouveau PC. Malwarebyte semble l'avoir résolu. Cependant j'ai trouvé cela au démarrage "startertv_fr_5", Je ne vois pas et sur les forums ce n'est pas très clair. Serait-il possible d'avoir votre avis et faire si besoin une vérification de mon pc. Merci de votre soutien.

Merci Florinator, Il me reste un peu de désinstallation et ménage à faire. Merci de ton aide. Je vais mettre résolu sur mon premier post. Bon courage pour la suite MERCI

Bonjour florinator, Bien, j'ai téléchargé DAEMON TOOLS LITE, je l'ai Réinstallé car il n'était plus installé et OH MIRACLE plus de soucis de message de nouveau matériel ou autre ????. Par contre je suis tout de même surpris de voir apparaitre des dossiers sur mes disques durs, il me semble que se sont à la base des dossiers cachés ??? (ils ne le sont plus ????). J'ai supprimer le dossier immom.exe qui était dans mon dossier perso. et il n'est pas revenu au démarrage. Voilà les nouvelles Que dois je faire maintenant? A plus, Merci de ton aide, c'est rassurant d'avoir une équipe comme vous à mes cotés.

Bonjour Florinator, J'ai effectué ce que tu m'as demandé, sauf erreur de ma part pas de besoin de mise à jour. Sauf pour ma webcam mais c'est un driver qui fonctionne avec Windows 7 qui est proposé. Donc rien de neuf sauf que j'ai toujours ma fenêtre "détection de nouveau etc etc" et un soucis sur deamon Tools © CJoint.com, 2008 Il reste un .exe dans mon dossier © CJoint.com, 2008 Et des nouveaux dossiers dans mon disque dur externe © CJoint.com, 2008 Merci encore de ton aide A bientôt

Voici le log MBAM A Plus ____________________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 30/08/2010 23:56:02 mbam-log-2010-08-30 (23-56-02).txt Type d'examen: Examen complet (C:\|D:\|K:\|) Elément(s) analysé(s): 291916 Temps écoulé: 1 heure(s), 15 minute(s), 37 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonjour, Bien, un peu complexe le fonctionnement, stressant en tout cas. Je ne sais pas si j'ai bien suivi les recommandations, mon PC a redémarré, avec la fenêtre détection de nouveau matériel. Et j'ai eu du mal a me connecter sur le forum. En cliquant sur connexion j'obtenais une page avec des hiéroglyphe ??? Enfin bref, voici le log de combofix ______________________________________________________________________________________________________________________________ ComboFix 10-08-29.04 - Cyril 30/08/2010 19:02:37.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1888 [GMT 2:00] Lancé depuis: c:\users\Cyril\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081119-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 081119-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\hpe605C.dll c:\users\Cyril\saeji.exe c:\users\Cyril\usmon.exe c:\windows\system32\%appdata% c:\windows\system32\dumphive.exe c:\windows\system32\Process.exe c:\windows\system32\scrrnfr.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-28 au 2010-08-30 )))))))))))))))))))))))))))))))))))) . 2010-08-30 17:10 . 2010-08-30 17:12 -------- d-----w- c:\users\Cyril\AppData\Local\temp 2010-08-30 17:10 . 2010-08-30 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-29 11:24 . 2010-08-29 11:43 -------- d-----w- c:\program files\ZHPDiag 2010-08-27 19:02 . 2010-08-27 19:07 -------- d-----w- C:\HiJackThis 2010-08-26 20:31 . 2010-08-23 16:33 110592 ----a-w- c:\users\Cyril\immom.exe 2010-08-26 10:35 . 2010-08-26 10:35 -------- d-----w- C:\OutputFolder 2010-08-25 17:51 . 2010-08-25 17:53 -------- d-----w- c:\users\Cyril\AppData\Roaming\Broad Intelligence 2010-08-25 17:51 . 2010-08-25 17:53 -------- d-----w- c:\program files\MediaCoder iPod Edition 2010-08-25 12:25 . 2010-08-25 15:05 -------- d-----w- c:\program files\AVS4YOU 2010-08-25 11:50 . 2010-08-25 11:50 -------- d-----w- c:\users\Cyril\AppData\Roaming\Apowersoft 2010-08-25 11:50 . 2010-08-25 12:02 -------- d-----w- c:\program files\Apowersoft 2010-08-25 11:23 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll 2010-08-25 11:23 . 2005-03-04 08:25 823421 ----a-w- c:\windows\system32\WDataDVD.dll 2010-08-25 11:23 . 2005-03-04 08:25 811008 ----a-w- c:\windows\system32\WDataCD.dll 2010-08-25 11:23 . 2005-02-22 13:21 655360 ----a-w- c:\windows\system32\Waudio.dll 2010-08-25 11:23 . 1998-07-13 15:53 44544 ----a-w- c:\windows\system32\GIF89.DLL 2010-08-25 11:23 . 1998-07-12 18:00 28672 ----a-w- c:\windows\system32\CMCT3FR.DLL 2010-08-25 11:23 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll 2010-08-15 18:43 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2010-08-15 18:43 . 2010-08-15 18:44 -------- d-----w- c:\program files\PDFCreator 2010-08-15 18:43 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2010-08-14 22:02 . 2010-08-14 22:02 -------- d-----w- c:\users\Cyril\AppData\Roaming\EASYTools 2010-08-14 21:59 . 2002-11-27 11:12 4608 ----a-w- c:\windows\system32\W95INF32.DLL 2010-08-14 21:59 . 2002-11-27 11:12 2272 ----a-w- c:\windows\system32\W95INF16.DLL 2010-08-11 11:59 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-11 11:59 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-11 11:59 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 11:59 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-08-11 11:56 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-11 07:34 . 2010-08-12 22:55 -------- d-----w- c:\users\Cyril\AppData\Roaming\Media Player Classic 2010-08-11 06:50 . 2010-08-11 06:50 -------- d-----w- c:\program files\Combined Community Codec Pack 2010-08-10 20:23 . 2010-08-10 21:58 -------- d-----w- c:\users\Cyril\AppData\Roaming\DeepBurner 2010-08-10 07:50 . 2010-08-17 12:15 -------- d-----w- c:\program files\PowerCheck . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-30 17:06 . 2006-11-02 15:48 678804 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-30 17:06 . 2006-11-02 15:48 126420 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-30 10:38 . 2009-12-08 14:00 1 ----a-w- c:\users\Cyril\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-30 10:15 . 2009-05-09 21:11 -------- d-----w- c:\programdata\Spyware Terminator 2010-08-29 22:56 . 2008-09-25 20:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-29 22:44 . 2008-07-17 12:14 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-28 23:22 . 2009-05-09 21:11 -------- d-----w- c:\program files\Spyware Terminator 2010-08-28 06:26 . 2009-05-09 21:11 -------- d-----w- c:\users\Cyril\AppData\Roaming\Spyware Terminator 2010-08-25 15:03 . 2009-12-20 17:10 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-08-25 12:27 . 2009-12-20 17:11 -------- d-----w- c:\users\Cyril\AppData\Roaming\AVS4YOU 2010-08-25 10:17 . 2009-10-22 17:56 -------- d-----w- c:\users\Cyril\AppData\Roaming\XnView 2010-08-22 20:54 . 2009-09-06 08:02 -------- d-----w- c:\users\Cyril\AppData\Roaming\FileZilla 2010-08-21 21:21 . 2010-04-22 15:37 -------- d-----w- c:\program files\FairUse Wizard 2 2010-08-21 13:13 . 2008-10-11 08:32 -------- d-----w- c:\users\Cyril\AppData\Roaming\dvdcss 2010-08-18 20:05 . 2010-07-23 22:28 -------- d-----w- c:\users\Cyril\AppData\Roaming\vlc 2010-08-17 10:13 . 2010-05-09 08:46 -------- d-----w- c:\program files\FileZilla FTP Client 2010-08-15 10:08 . 2010-05-08 08:43 -------- d-----w- c:\program files\ERUNT 2010-08-14 21:53 . 2010-08-14 21:53 -------- d-----w- c:\program files\Micro Application 2010-08-14 21:53 . 2007-07-10 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-11 12:01 . 2007-07-10 13:14 -------- d-----w- c:\programdata\Microsoft Help 2010-08-11 12:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-31 11:12 . 2008-07-17 09:54 156352 ----a-w- c:\users\Cyril\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-31 09:54 . 2009-12-08 13:57 -------- d-----w- c:\program files\OpenOffice.org 3 2010-07-20 13:16 . 2009-06-06 19:31 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-07-20 13:16 . 2009-06-06 19:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-07-20 13:10 . 2010-07-20 13:10 0 ----a-w- c:\windows\ativpsrm.bin 2010-07-20 13:09 . 2010-07-20 13:09 -------- d-----w- c:\users\Cyril\AppData\Roaming\ATI 2010-07-20 13:09 . 2010-07-20 13:09 -------- d-----w- c:\programdata\ATI 2010-07-20 13:08 . 2010-07-20 13:04 -------- d-----w- c:\program files\ATI Technologies 2010-07-20 13:04 . 2010-07-20 13:04 10134 ----a-r- c:\users\Cyril\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe 2010-07-20 13:04 . 2010-07-20 13:04 -------- d-----w- c:\program files\ATI 2010-07-20 12:40 . 2008-07-19 19:56 -------- d-----w- c:\programdata\ma-config.com 2010-07-20 12:40 . 2008-07-19 19:56 -------- d-----w- c:\program files\ma-config.com 2010-07-20 12:38 . 2010-03-22 00:27 1356 ----a-w- c:\users\Cyril\AppData\Local\d3d9caps.dat 2010-07-16 21:50 . 2010-04-22 00:37 34901 ----a-w- c:\programdata\nvModes.dat 2010-07-09 18:56 . 2010-07-09 18:56 -------- d-----w- c:\program files\Common Files\Steam 2010-07-09 18:05 . 2010-07-09 18:05 -------- d-----w- c:\program files\Valve 2010-06-28 20:57 . 2010-07-09 16:59 38848 ----a-w- c:\windows\avastSS.scr 2010-06-28 20:57 . 2008-07-17 21:52 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2009-05-09 20:24 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2009-05-09 20:24 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2009-05-09 20:24 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2008-07-17 21:52 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-28 20:32 . 2009-05-09 20:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-26 06:02 . 2010-08-11 11:58 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-11 11:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-11 11:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-11 11:58 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-11 11:58 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-11 11:58 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-11 11:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-11 16:16 . 2010-08-11 11:58 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-11 16:15 . 2010-08-11 11:58 1248768 ----a-w- c:\windows\system32\msxml3.dll 2007-12-10 19:24 . 2007-12-10 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-26 3037696] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Steam"="c:\program files\Valve\Steam\Steam.exe" [2010-08-24 1242448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-10 2176512] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336] PowerCheck.lnk - c:\program files\PowerCheck\PowerCheck.exe [2003-6-20 979456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 07:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2007-05-11 00:08 2512392 ----a-w- c:\windows\System32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-06-20 08:56 4493312 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):9a,5e,93,12,df,4c,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684771895-3763166589-4040009352-1000] "EnableNotificationsRef"=dword:00000006 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-07-19 259440] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-22 691696] S1 aswSP;aswSP; [x] S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-05-09 142592] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] 2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contenu du dossier 'Tâches planifiées' 2010-08-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 14:01] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://fr.fr.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {C2B218E3-51B5-434A-8775-34E10D41BD45} = 208.67.222.222,212.27.53.252 FF - ProfilePath - c:\users\Cyril\AppData\Roaming\Mozilla\Firefox\Profiles\e3r8f633.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file) HKLM-Run-NPSStartup - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-30 19:11 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,83,50,b6,c1,5c,86,45,90,07,58,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,83,50,b6,c1,5c,86,45,90,07,58,\ [HKEY_USERS\.Default\Software\RapidSolution\RSconfig] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\*& à**H* à** *z*à**ø*o*à**e*p*o*s*i*t*i*o*n*\resvars] "HLISTOFFSET"="284.000000" [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SocialNews] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SoundEvents] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SoundEvents\MSNMSGR_NewAlert] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cf,46,74,95,5f,38,16,3d,b8,b3,bc,5c,db,e6,59,c0,81,1b,c0,45,57,ae,d5, 55,d5,47,7e,75,a6,18,57,d9,4a,e5,03,a0,82,4f,75,c6,f2,0d,72,ea,14,df,92,e5,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\W3i, LLC\Playalot Games] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer] @DACL=(02 0000) "1"="ATA<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax] @DACL=(02 0000) "CL1FCS"="2" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup] @DACL=(02 0000) "1"="ATH<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init] @DACL=(02 0000) "1"="AT<cr>" "2"="AT &F<cr>" "3"="AT V1E0S0=0&D2&C1<cr>" "4"="AT +CMEE=1<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor] @DACL=(02 0000) "1"="ATS0=0<cr>" "2"="None" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings] @DACL=(02 0000) "Compression_Off"="+DS=0;+DR=0;" "Compression_On"="+DS=3,0,2048,32;+DR=1;" "CompatibilityFlags"=hex:01,00,00,00 "CallSetupFailTimer"="S7=<#>;" "DialPrefix"="D" "DialSuffix"=";" "Prefix"="AT" "Terminator"="<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer] @DACL=(02 0000) "1"="ATA<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax] @DACL=(02 0000) "CL1FCS"="2" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup] @DACL=(02 0000) "1"="ATH<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init] @DACL=(02 0000) "1"="AT<cr>" "2"="AT &F<cr>" "3"="AT V1E0S0=0&D2&C1<cr>" "4"="AT +CMEE=1<cr>" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor] @DACL=(02 0000) "1"="ATS0=0<cr>" "2"="None" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings] @DACL=(02 0000) "Compression_Off"="+DS=0;+DR=0;" "Compression_On"="+DS=3,0,2048,32;+DR=1;" "CompatibilityFlags"=hex:01,00,00,00 "CallSetupFailTimer"="S7=<#>;" "DialPrefix"="D" "DialSuffix"=";" "Prefix"="AT" "Terminator"="<cr>" . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\conime.exe c:\program files\Alwil Software\Avast5\AvastUI.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\oodag.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Heure de fin: 2010-08-30 19:26:36 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-30 17:26 Avant-CF: 68 554 207 232 octets libres Après-CF: 68 364 525 568 octets libres Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 7CE3CB1BFA69AC6B7754670B727E3377

Salut, je n'ai pas pu suivre toute ta procédure #Clique alors sur le bouton "continu" puis "RebootNow" aprés "continu" il n'y a pas "rebootnow" # Copie-colle le rapport qui apparait et pas d'apparition de rapport Aprés le scan, j'ai eu ça © CJoint.com, 2008 En cliquant sur "continu", j'ai eu ça © CJoint.com, 2008 Autre Infos, il semble que mon navigateur "Mozilla" reste ouvert, alors que je le ferme, car ccleaner au cours du nettoyage me demande de le fermer ???? (Le nettoyage du cache de Firefox/Mozilla a été ignoré.) J'ai cependant un rapport a te donner par le chemin que tu m'as transmis, le voici A plus tard et merci ________________________________________________________________________________________________________________________ 2010/08/29 23:34:42.0441 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42 2010/08/29 23:34:42.0441 ================================================================================ 2010/08/29 23:34:42.0442 SystemInfo: 2010/08/29 23:34:42.0442 2010/08/29 23:34:42.0442 OS Version: 6.0.6002 ServicePack: 2.0 2010/08/29 23:34:42.0442 Product type: Workstation 2010/08/29 23:34:42.0442 ComputerName: PC-DE-CYRIL 2010/08/29 23:34:42.0442 UserName: Cyril 2010/08/29 23:34:42.0442 Windows directory: C:\Windows 2010/08/29 23:34:42.0442 System windows directory: C:\Windows 2010/08/29 23:34:42.0442 Processor architecture: Intel x86 2010/08/29 23:34:42.0442 Number of processors: 2 2010/08/29 23:34:42.0442 Page size: 0x1000 2010/08/29 23:34:42.0442 Boot type: Normal boot 2010/08/29 23:34:42.0442 ================================================================================ 2010/08/29 23:34:44.0866 Initialize success 2010/08/29 23:34:51.0677 ================================================================================ 2010/08/29 23:34:51.0678 Scan started 2010/08/29 23:34:51.0678 Mode: Manual; 2010/08/29 23:34:51.0678 ================================================================================ 2010/08/29 23:34:52.0066 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/08/29 23:34:52.0141 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/08/29 23:34:52.0214 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/08/29 23:34:52.0273 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/08/29 23:34:52.0320 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/08/29 23:34:52.0441 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/08/29 23:34:52.0677 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/08/29 23:34:52.0739 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/08/29 23:34:52.0802 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/08/29 23:34:52.0828 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/08/29 23:34:52.0886 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/08/29 23:34:52.0915 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/08/29 23:34:52.0995 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/08/29 23:34:53.0058 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/08/29 23:34:53.0117 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys 2010/08/29 23:34:53.0181 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys 2010/08/29 23:34:53.0223 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys 2010/08/29 23:34:53.0284 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys 2010/08/29 23:34:53.0326 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys 2010/08/29 23:34:53.0363 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys 2010/08/29 23:34:53.0422 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/08/29 23:34:53.0473 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/08/29 23:34:53.0694 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/08/29 23:34:53.0937 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/08/29 23:34:54.0050 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/08/29 23:34:54.0120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/08/29 23:34:54.0171 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/08/29 23:34:54.0314 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/08/29 23:34:54.0364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/08/29 23:34:54.0413 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/08/29 23:34:54.0463 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/08/29 23:34:54.0523 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/08/29 23:34:54.0597 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys 2010/08/29 23:34:54.0652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/08/29 23:34:54.0706 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/08/29 23:34:54.0765 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/08/29 23:34:54.0806 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/08/29 23:34:54.0906 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/08/29 23:34:54.0980 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2010/08/29 23:34:55.0048 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/08/29 23:34:55.0090 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/08/29 23:34:55.0210 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/08/29 23:34:55.0286 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/08/29 23:34:55.0408 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2010/08/29 23:34:55.0456 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/08/29 23:34:55.0510 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/08/29 23:34:55.0596 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2010/08/29 23:34:55.0720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/08/29 23:34:55.0794 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/08/29 23:34:55.0921 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/08/29 23:34:56.0007 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/08/29 23:34:56.0092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/08/29 23:34:56.0326 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/08/29 23:34:56.0392 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/08/29 23:34:56.0482 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/08/29 23:34:56.0542 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/08/29 23:34:56.0580 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/08/29 23:34:56.0639 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/08/29 23:34:56.0689 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/08/29 23:34:57.0069 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2010/08/29 23:34:57.0194 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/08/29 23:34:57.0254 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/08/29 23:34:57.0376 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys 2010/08/29 23:34:57.0460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2010/08/29 23:34:57.0542 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/08/29 23:34:57.0593 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/08/29 23:34:57.0654 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/08/29 23:34:57.0758 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/08/29 23:34:57.0830 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/08/29 23:34:57.0926 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/08/29 23:34:57.0997 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/08/29 23:34:58.0052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/08/29 23:34:58.0111 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/08/29 23:34:58.0231 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/08/29 23:34:58.0389 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 2010/08/29 23:34:59.0006 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys 2010/08/29 23:34:59.0483 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2010/08/29 23:34:59.0564 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/08/29 23:34:59.0648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/08/29 23:34:59.0738 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/08/29 23:34:59.0816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/08/29 23:34:59.0856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/08/29 23:34:59.0906 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/08/29 23:34:59.0956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/08/29 23:35:00.0039 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/08/29 23:35:00.0103 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/08/29 23:35:00.0168 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/08/29 23:35:00.0220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/08/29 23:35:00.0291 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/08/29 23:35:00.0521 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/08/29 23:35:00.0603 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/08/29 23:35:00.0651 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/08/29 23:35:00.0712 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/08/29 23:35:00.0773 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/08/29 23:35:00.0841 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/08/29 23:35:00.0901 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/08/29 23:35:00.0980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/08/29 23:35:01.0042 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/08/29 23:35:01.0104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/08/29 23:35:01.0169 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/08/29 23:35:01.0217 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/08/29 23:35:01.0295 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/08/29 23:35:01.0370 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/08/29 23:35:01.0414 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/08/29 23:35:01.0456 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/08/29 23:35:01.0484 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/08/29 23:35:01.0544 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/08/29 23:35:01.0581 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/08/29 23:35:01.0643 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/08/29 23:35:01.0721 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/08/29 23:35:01.0771 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/08/29 23:35:01.0835 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/08/29 23:35:01.0899 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/08/29 23:35:01.0943 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/08/29 23:35:01.0996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/08/29 23:35:02.0065 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/08/29 23:35:02.0108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/08/29 23:35:02.0138 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/08/29 23:35:02.0202 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/08/29 23:35:02.0269 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/08/29 23:35:02.0322 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/08/29 23:35:02.0370 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/08/29 23:35:02.0420 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/08/29 23:35:02.0476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/08/29 23:35:02.0577 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/08/29 23:35:02.0653 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/08/29 23:35:02.0728 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/08/29 23:35:02.0786 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/08/29 23:35:02.0845 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/08/29 23:35:02.0928 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/08/29 23:35:02.0994 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2010/08/29 23:35:03.0047 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/08/29 23:35:03.0089 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/08/29 23:35:03.0412 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/08/29 23:35:03.0721 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/08/29 23:35:03.0770 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/08/29 23:35:03.0827 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/08/29 23:35:03.0986 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/08/29 23:35:04.0092 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS 2010/08/29 23:35:04.0156 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2010/08/29 23:35:04.0228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/08/29 23:35:04.0269 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2010/08/29 23:35:04.0317 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/08/29 23:35:04.0383 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2010/08/29 23:35:04.0419 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/08/29 23:35:04.0537 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/08/29 23:35:04.0719 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys 2010/08/29 23:35:04.0799 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/08/29 23:35:04.0839 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/08/29 23:35:04.0904 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/08/29 23:35:04.0973 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys 2010/08/29 23:35:05.0037 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2010/08/29 23:35:05.0110 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/08/29 23:35:05.0209 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/08/29 23:35:05.0280 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/08/29 23:35:05.0331 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/08/29 23:35:05.0396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/08/29 23:35:05.0446 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/08/29 23:35:05.0484 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/08/29 23:35:05.0541 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/08/29 23:35:05.0590 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/08/29 23:35:05.0635 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/08/29 23:35:05.0689 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/08/29 23:35:05.0740 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/08/29 23:35:05.0883 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/08/29 23:35:05.0927 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2010/08/29 23:35:05.0990 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2010/08/29 23:35:06.0028 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2010/08/29 23:35:06.0098 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2010/08/29 23:35:06.0154 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2010/08/29 23:35:06.0195 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2010/08/29 23:35:06.0233 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2010/08/29 23:35:06.0283 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/08/29 23:35:06.0428 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys 2010/08/29 23:35:06.0468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/08/29 23:35:06.0531 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2010/08/29 23:35:06.0595 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/08/29 23:35:06.0653 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/08/29 23:35:06.0699 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/08/29 23:35:06.0800 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2010/08/29 23:35:06.0851 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2010/08/29 23:35:06.0897 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2010/08/29 23:35:06.0938 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/08/29 23:35:07.0018 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys 2010/08/29 23:35:07.0066 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys 2010/08/29 23:35:07.0124 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys 2010/08/29 23:35:07.0167 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/08/29 23:35:07.0213 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/08/29 23:35:07.0285 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/08/29 23:35:07.0544 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/08/29 23:35:07.0650 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/08/29 23:35:07.0651 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/08/29 23:35:07.0659 sptd - detected Locked file (1) 2010/08/29 23:35:07.0750 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys 2010/08/29 23:35:07.0819 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/08/29 23:35:07.0867 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/08/29 23:35:07.0925 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/08/29 23:35:08.0045 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/08/29 23:35:08.0141 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/08/29 23:35:08.0187 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/08/29 23:35:08.0240 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/08/29 23:35:08.0336 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys 2010/08/29 23:35:08.0418 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/08/29 23:35:08.0509 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/08/29 23:35:08.0631 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/08/29 23:35:08.0699 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/08/29 23:35:08.0736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/08/29 23:35:08.0799 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/08/29 23:35:08.0863 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/08/29 23:35:08.0939 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/08/29 23:35:08.0999 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/08/29 23:35:09.0049 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/08/29 23:35:09.0083 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 2010/08/29 23:35:09.0146 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/08/29 23:35:09.0234 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/08/29 23:35:09.0299 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/08/29 23:35:09.0361 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/08/29 23:35:09.0412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/08/29 23:35:09.0478 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/08/29 23:35:09.0574 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/08/29 23:35:09.0631 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/08/29 23:35:09.0671 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/08/29 23:35:09.0730 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/08/29 23:35:09.0790 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/08/29 23:35:09.0834 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2010/08/29 23:35:09.0887 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/08/29 23:35:09.0950 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2010/08/29 23:35:10.0013 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/08/29 23:35:10.0055 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/08/29 23:35:10.0124 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/08/29 23:35:10.0186 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/08/29 23:35:10.0233 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/08/29 23:35:10.0282 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/08/29 23:35:10.0331 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/08/29 23:35:10.0384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/08/29 23:35:10.0429 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/08/29 23:35:10.0482 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/08/29 23:35:10.0547 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/08/29 23:35:10.0672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/08/29 23:35:10.0732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:35:10.0766 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:35:10.0851 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/08/29 23:35:10.0959 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/08/29 23:35:11.0122 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/08/29 23:35:11.0216 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/08/29 23:35:11.0286 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/08/29 23:35:11.0398 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/08/29 23:35:11.0539 ================================================================================ 2010/08/29 23:35:11.0540 Scan finished 2010/08/29 23:35:11.0540 ================================================================================ 2010/08/29 23:35:11.0579 Detected object count: 1 2010/08/29 23:36:03.0796 Locked file(sptd) - User select action: Skip 2010/08/29 23:36:35.0375 ================================================================================ 2010/08/29 23:36:35.0375 Scan started 2010/08/29 23:36:35.0375 Mode: Manual; 2010/08/29 23:36:35.0375 ================================================================================ 2010/08/29 23:36:35.0695 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/08/29 23:36:35.0756 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/08/29 23:36:35.0818 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/08/29 23:36:35.0868 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/08/29 23:36:35.0915 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/08/29 23:36:36.0011 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/08/29 23:36:36.0064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/08/29 23:36:36.0110 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/08/29 23:36:36.0155 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/08/29 23:36:36.0190 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/08/29 23:36:36.0223 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/08/29 23:36:36.0252 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/08/29 23:36:36.0299 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/08/29 23:36:36.0362 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/08/29 23:36:36.0421 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys 2010/08/29 23:36:36.0468 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys 2010/08/29 23:36:36.0508 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys 2010/08/29 23:36:36.0554 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys 2010/08/29 23:36:36.0589 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys 2010/08/29 23:36:36.0620 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys 2010/08/29 23:36:36.0668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/08/29 23:36:36.0727 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/08/29 23:36:36.0957 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/08/29 23:36:37.0199 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/08/29 23:36:37.0329 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/08/29 23:36:37.0373 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/08/29 23:36:37.0417 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/08/29 23:36:37.0476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/08/29 23:36:37.0526 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/08/29 23:36:37.0575 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/08/29 23:36:37.0616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/08/29 23:36:37.0660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/08/29 23:36:37.0743 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys 2010/08/29 23:36:37.0788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/08/29 23:36:37.0844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/08/29 23:36:37.0902 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/08/29 23:36:37.0952 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/08/29 23:36:38.0010 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/08/29 23:36:38.0034 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2010/08/29 23:36:38.0076 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/08/29 23:36:38.0111 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/08/29 23:36:38.0222 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/08/29 23:36:38.0286 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/08/29 23:36:38.0362 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2010/08/29 23:36:38.0410 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/08/29 23:36:38.0439 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/08/29 23:36:38.0516 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2010/08/29 23:36:38.0582 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/08/29 23:36:38.0648 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/08/29 23:36:38.0714 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/08/29 23:36:38.0778 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/08/29 23:36:38.0862 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/08/29 23:36:38.0971 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/08/29 23:36:39.0046 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/08/29 23:36:39.0103 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/08/29 23:36:39.0167 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/08/29 23:36:39.0217 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/08/29 23:36:39.0276 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/08/29 23:36:39.0343 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/08/29 23:36:39.0431 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2010/08/29 23:36:39.0515 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/08/29 23:36:39.0583 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/08/29 23:36:39.0689 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys 2010/08/29 23:36:39.0763 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2010/08/29 23:36:39.0854 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/08/29 23:36:39.0923 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/08/29 23:36:39.0983 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/08/29 23:36:40.0029 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/08/29 23:36:40.0101 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/08/29 23:36:40.0188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/08/29 23:36:40.0218 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/08/29 23:36:40.0256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/08/29 23:36:40.0307 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/08/29 23:36:40.0369 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/08/29 23:36:40.0444 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 2010/08/29 23:36:40.0566 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys 2010/08/29 23:36:40.0621 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2010/08/29 23:36:40.0685 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/08/29 23:36:40.0753 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/08/29 23:36:40.0851 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/08/29 23:36:40.0904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/08/29 23:36:40.0952 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/08/29 23:36:40.0994 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/08/29 23:36:41.0077 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/08/29 23:36:41.0127 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/08/29 23:36:41.0175 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/08/29 23:36:41.0240 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/08/29 23:36:41.0283 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/08/29 23:36:41.0354 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/08/29 23:36:41.0466 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/08/29 23:36:41.0533 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/08/29 23:36:41.0597 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/08/29 23:36:41.0642 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/08/29 23:36:41.0703 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/08/29 23:36:41.0771 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/08/29 23:36:41.0848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/08/29 23:36:41.0926 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/08/29 23:36:41.0964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/08/29 23:36:42.0001 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/08/29 23:36:42.0057 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/08/29 23:36:42.0097 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/08/29 23:36:42.0149 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/08/29 23:36:42.0200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/08/29 23:36:42.0252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/08/29 23:36:42.0286 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/08/29 23:36:42.0312 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/08/29 23:36:42.0349 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/08/29 23:36:42.0403 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/08/29 23:36:42.0456 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/08/29 23:36:42.0559 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/08/29 23:36:42.0600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/08/29 23:36:42.0673 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/08/29 23:36:42.0704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/08/29 23:36:42.0773 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/08/29 23:36:42.0835 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/08/29 23:36:42.0903 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/08/29 23:36:42.0963 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/08/29 23:36:43.0018 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/08/29 23:36:43.0074 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/08/29 23:36:43.0141 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/08/29 23:36:43.0211 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/08/29 23:36:43.0259 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/08/29 23:36:43.0292 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/08/29 23:36:43.0357 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/08/29 23:36:43.0441 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/08/29 23:36:43.0483 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/08/29 23:36:43.0708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/08/29 23:36:43.0808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/08/29 23:36:43.0858 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/08/29 23:36:43.0942 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/08/29 23:36:43.0974 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2010/08/29 23:36:44.0010 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/08/29 23:36:44.0052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/08/29 23:36:44.0384 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/08/29 23:36:44.0660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/08/29 23:36:44.0725 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/08/29 23:36:44.0790 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/08/29 23:36:44.0966 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/08/29 23:36:45.0114 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS 2010/08/29 23:36:45.0211 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2010/08/29 23:36:45.0258 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/08/29 23:36:45.0307 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2010/08/29 23:36:45.0363 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/08/29 23:36:45.0463 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2010/08/29 23:36:45.0540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/08/29 23:36:45.0593 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/08/29 23:36:45.0732 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys 2010/08/29 23:36:45.0812 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/08/29 23:36:45.0877 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/08/29 23:36:45.0950 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/08/29 23:36:46.0002 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys 2010/08/29 23:36:46.0059 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2010/08/29 23:36:46.0132 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/08/29 23:36:46.0205 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/08/29 23:36:46.0268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/08/29 23:36:46.0320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/08/29 23:36:46.0384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/08/29 23:36:46.0426 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/08/29 23:36:46.0461 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/08/29 23:36:46.0529 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/08/29 23:36:46.0578 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/08/29 23:36:46.0640 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/08/29 23:36:46.0685 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/08/29 23:36:46.0736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/08/29 23:36:46.0813 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/08/29 23:36:46.0848 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2010/08/29 23:36:46.0887 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2010/08/29 23:36:46.0933 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2010/08/29 23:36:46.0986 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2010/08/29 23:36:47.0034 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2010/08/29 23:36:47.0083 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2010/08/29 23:36:47.0129 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2010/08/29 23:36:47.0205 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/08/29 23:36:47.0316 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys 2010/08/29 23:36:47.0356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/08/29 23:36:47.0419 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2010/08/29 23:36:47.0483 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/08/29 23:36:47.0533 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/08/29 23:36:47.0588 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/08/29 23:36:47.0672 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2010/08/29 23:36:47.0723 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2010/08/29 23:36:47.0768 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2010/08/29 23:36:47.0818 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/08/29 23:36:47.0888 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys 2010/08/29 23:36:47.0937 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys 2010/08/29 23:36:47.0996 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys 2010/08/29 23:36:48.0047 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/08/29 23:36:48.0093 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/08/29 23:36:48.0174 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/08/29 23:36:48.0274 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/08/29 23:36:48.0346 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/08/29 23:36:48.0346 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/08/29 23:36:48.0355 sptd - detected Locked file (1) 2010/08/29 23:36:48.0413 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys 2010/08/29 23:36:48.0465 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/08/29 23:36:48.0538 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/08/29 23:36:48.0605 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/08/29 23:36:48.0691 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/08/29 23:36:48.0746 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/08/29 23:36:48.0792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/08/29 23:36:48.0837 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/08/29 23:36:48.0933 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys 2010/08/29 23:36:49.0057 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/08/29 23:36:49.0123 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/08/29 23:36:49.0186 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/08/29 23:36:49.0229 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/08/29 23:36:49.0300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/08/29 23:36:49.0379 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/08/29 23:36:49.0418 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/08/29 23:36:49.0553 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/08/29 23:36:49.0629 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/08/29 23:36:49.0680 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/08/29 23:36:49.0730 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 2010/08/29 23:36:49.0792 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/08/29 23:36:49.0872 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/08/29 23:36:49.0930 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/08/29 23:36:49.0983 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/08/29 23:36:50.0034 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/08/29 23:36:50.0108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/08/29 23:36:50.0187 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/08/29 23:36:50.0228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/08/29 23:36:50.0277 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/08/29 23:36:50.0552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/08/29 23:36:50.0645 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/08/29 23:36:50.0697 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2010/08/29 23:36:50.0775 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/08/29 23:36:50.0830 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2010/08/29 23:36:50.0884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/08/29 23:36:50.0969 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/08/29 23:36:51.0021 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/08/29 23:36:51.0099 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/08/29 23:36:51.0146 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/08/29 23:36:51.0195 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/08/29 23:36:51.0252 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/08/29 23:36:51.0297 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/08/29 23:36:51.0343 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/08/29 23:36:51.0378 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/08/29 23:36:51.0425 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/08/29 23:36:51.0502 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/08/29 23:36:51.0571 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:36:51.0589 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:36:51.0656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/08/29 23:36:51.0730 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/08/29 23:36:51.0877 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/08/29 23:36:52.0004 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/08/29 23:36:52.0066 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/08/29 23:36:52.0153 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/08/29 23:36:52.0270 ================================================================================ 2010/08/29 23:36:52.0270 Scan finished 2010/08/29 23:36:52.0270 ================================================================================ 2010/08/29 23:36:52.0288 Detected object count: 1 2010/08/29 23:37:58.0369 Locked file(sptd) - User select action: Skip 2010/08/29 23:38:41.0518 ================================================================================ 2010/08/29 23:38:41.0518 Scan started 2010/08/29 23:38:41.0518 Mode: Manual; 2010/08/29 23:38:41.0518 ================================================================================ 2010/08/29 23:38:41.0828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/08/29 23:38:41.0890 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/08/29 23:38:41.0950 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/08/29 23:38:42.0001 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/08/29 23:38:42.0048 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/08/29 23:38:42.0138 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/08/29 23:38:42.0214 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/08/29 23:38:42.0268 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/08/29 23:38:42.0314 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/08/29 23:38:42.0357 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/08/29 23:38:42.0406 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/08/29 23:38:42.0452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/08/29 23:38:42.0540 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/08/29 23:38:42.0595 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/08/29 23:38:42.0654 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys 2010/08/29 23:38:42.0935 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys 2010/08/29 23:38:43.0007 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys 2010/08/29 23:38:43.0062 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys 2010/08/29 23:38:43.0096 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys 2010/08/29 23:38:43.0117 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys 2010/08/29 23:38:43.0176 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/08/29 23:38:43.0226 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/08/29 23:38:43.0429 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys 2010/08/29 23:38:43.0590 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/08/29 23:38:43.0695 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/08/29 23:38:43.0748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/08/29 23:38:43.0791 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/08/29 23:38:43.0842 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/08/29 23:38:43.0893 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/08/29 23:38:43.0942 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/08/29 23:38:44.0024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/08/29 23:38:44.0068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/08/29 23:38:44.0134 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys 2010/08/29 23:38:44.0188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/08/29 23:38:44.0235 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/08/29 23:38:44.0277 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/08/29 23:38:44.0318 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/08/29 23:38:44.0426 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/08/29 23:38:44.0467 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2010/08/29 23:38:44.0509 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/08/29 23:38:44.0560 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/08/29 23:38:44.0647 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/08/29 23:38:44.0712 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/08/29 23:38:44.0789 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2010/08/29 23:38:44.0868 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/08/29 23:38:44.0914 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/08/29 23:38:44.0991 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2010/08/29 23:38:45.0082 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/08/29 23:38:45.0148 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/08/29 23:38:45.0289 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/08/29 23:38:45.0377 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/08/29 23:38:45.0470 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/08/29 23:38:45.0579 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/08/29 23:38:45.0637 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/08/29 23:38:45.0711 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/08/29 23:38:45.0771 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/08/29 23:38:45.0817 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/08/29 23:38:45.0884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/08/29 23:38:45.0951 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/08/29 23:38:46.0039 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2010/08/29 23:38:46.0124 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/08/29 23:38:46.0166 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/08/29 23:38:46.0247 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys 2010/08/29 23:38:46.0306 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2010/08/29 23:38:46.0379 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/08/29 23:38:46.0422 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/08/29 23:38:46.0466 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/08/29 23:38:46.0520 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/08/29 23:38:46.0576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/08/29 23:38:46.0647 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/08/29 23:38:46.0709 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/08/29 23:38:46.0814 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/08/29 23:38:46.0865 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/08/29 23:38:46.0935 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/08/29 23:38:47.0027 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 2010/08/29 23:38:47.0174 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys 2010/08/29 23:38:47.0246 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2010/08/29 23:38:47.0318 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/08/29 23:38:47.0386 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/08/29 23:38:47.0509 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/08/29 23:38:47.0562 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/08/29 23:38:47.0610 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/08/29 23:38:47.0677 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/08/29 23:38:47.0744 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/08/29 23:38:47.0794 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/08/29 23:38:47.0850 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/08/29 23:38:47.0922 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/08/29 23:38:47.0991 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/08/29 23:38:48.0063 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/08/29 23:38:48.0148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/08/29 23:38:48.0224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/08/29 23:38:48.0289 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/08/29 23:38:48.0333 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/08/29 23:38:48.0394 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/08/29 23:38:48.0454 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/08/29 23:38:48.0522 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/08/29 23:38:48.0576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/08/29 23:38:48.0621 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/08/29 23:38:48.0684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/08/29 23:38:48.0724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/08/29 23:38:48.0755 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/08/29 23:38:48.0799 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/08/29 23:38:48.0883 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/08/29 23:38:48.0943 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/08/29 23:38:48.0994 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/08/29 23:38:49.0024 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/08/29 23:38:49.0081 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/08/29 23:38:49.0119 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/08/29 23:38:49.0172 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/08/29 23:38:49.0267 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/08/29 23:38:49.0300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/08/29 23:38:49.0414 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/08/29 23:38:49.0461 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/08/29 23:38:49.0514 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/08/29 23:38:49.0584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/08/29 23:38:49.0686 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/08/29 23:38:49.0738 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/08/29 23:38:49.0784 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/08/29 23:38:49.0840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/08/29 23:38:49.0890 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/08/29 23:38:49.0969 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/08/29 23:38:50.0017 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/08/29 23:38:50.0066 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/08/29 23:38:50.0131 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/08/29 23:38:50.0207 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/08/29 23:38:50.0266 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/08/29 23:38:50.0374 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/08/29 23:38:50.0424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/08/29 23:38:50.0516 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/08/29 23:38:50.0593 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/08/29 23:38:50.0632 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2010/08/29 23:38:50.0668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/08/29 23:38:50.0710 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/08/29 23:38:51.0007 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/08/29 23:38:51.0251 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/08/29 23:38:51.0358 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/08/29 23:38:51.0398 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/08/29 23:38:51.0557 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/08/29 23:38:51.0655 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS 2010/08/29 23:38:51.0690 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2010/08/29 23:38:51.0741 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/08/29 23:38:51.0774 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2010/08/29 23:38:51.0825 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/08/29 23:38:51.0863 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2010/08/29 23:38:51.0923 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/08/29 23:38:51.0990 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/08/29 23:38:52.0115 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys 2010/08/29 23:38:52.0187 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/08/29 23:38:52.0219 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/08/29 23:38:52.0284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/08/29 23:38:52.0352 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys 2010/08/29 23:38:52.0558 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2010/08/29 23:38:52.0639 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/08/29 23:38:52.0697 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/08/29 23:38:52.0751 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/08/29 23:38:52.0836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/08/29 23:38:52.0884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/08/29 23:38:52.0943 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/08/29 23:38:52.0977 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/08/29 23:38:53.0120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/08/29 23:38:53.0236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/08/29 23:38:53.0306 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/08/29 23:38:53.0368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/08/29 23:38:53.0453 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/08/29 23:38:53.0554 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/08/29 23:38:53.0615 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2010/08/29 23:38:53.0653 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2010/08/29 23:38:53.0708 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2010/08/29 23:38:53.0777 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2010/08/29 23:38:53.0825 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2010/08/29 23:38:53.0874 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2010/08/29 23:38:53.0920 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2010/08/29 23:38:53.0980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/08/29 23:38:54.0082 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys 2010/08/29 23:38:54.0122 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/08/29 23:38:54.0193 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2010/08/29 23:38:54.0258 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/08/29 23:38:54.0299 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/08/29 23:38:54.0346 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/08/29 23:38:54.0579 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2010/08/29 23:38:54.0614 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2010/08/29 23:38:54.0651 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2010/08/29 23:38:54.0701 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/08/29 23:38:54.0755 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys 2010/08/29 23:38:54.0793 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys 2010/08/29 23:38:54.0845 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys 2010/08/29 23:38:54.0880 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/08/29 23:38:54.0968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/08/29 23:38:55.0039 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/08/29 23:38:55.0165 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/08/29 23:38:55.0238 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/08/29 23:38:55.0238 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/08/29 23:38:55.0247 sptd - detected Locked file (1) 2010/08/29 23:38:55.0296 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys 2010/08/29 23:38:55.0372 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/08/29 23:38:55.0428 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/08/29 23:38:55.0488 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/08/29 23:38:55.0591 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/08/29 23:38:55.0662 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/08/29 23:38:55.0708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/08/29 23:38:55.0745 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/08/29 23:38:55.0824 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys 2010/08/29 23:38:55.0939 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/08/29 23:38:55.0997 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/08/29 23:38:56.0052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/08/29 23:38:56.0095 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/08/29 23:38:56.0157 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/08/29 23:38:56.0229 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/08/29 23:38:56.0267 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/08/29 23:38:56.0352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/08/29 23:38:56.0404 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/08/29 23:38:56.0454 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/08/29 23:38:56.0496 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 2010/08/29 23:38:56.0542 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/08/29 23:38:56.0638 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/08/29 23:38:56.0680 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/08/29 23:38:56.0716 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/08/29 23:38:56.0750 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/08/29 23:38:56.0808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/08/29 23:38:56.0920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2010/08/29 23:38:56.0969 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/08/29 23:38:57.0018 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/08/29 23:38:57.0068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/08/29 23:38:57.0128 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/08/29 23:38:57.0180 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2010/08/29 23:38:57.0233 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/08/29 23:38:57.0288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2010/08/29 23:38:57.0342 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/08/29 23:38:57.0393 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/08/29 23:38:57.0462 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/08/29 23:38:57.0516 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/08/29 23:38:57.0562 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/08/29 23:38:57.0620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/08/29 23:38:57.0652 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/08/29 23:38:57.0689 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/08/29 23:38:57.0735 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/08/29 23:38:57.0778 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/08/29 23:38:57.0841 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/08/29 23:38:57.0902 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/08/29 23:38:57.0945 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:38:57.0970 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/08/29 23:38:58.0030 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/08/29 23:38:58.0080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/08/29 23:38:58.0226 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/08/29 23:38:58.0329 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/08/29 23:38:58.0382 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/08/29 23:38:58.0503 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/08/29 23:38:58.0603 ================================================================================ 2010/08/29 23:38:58.0604 Scan finished 2010/08/29 23:38:58.0604 ================================================================================ 2010/08/29 23:38:58.0624 Detected object count: 1 2010/08/29 23:40:10.0219 Locked file(sptd) - User select action: Skip

Re Voici ce que tu m'as demandé, à plus tard. Merci de ton aide __________________________________________________________________________ Rapport de ZHPDiag v1.26.55 par Nicolas Coolman, Update du 24/08/2010 Run by Cyril at 29/08/2010 13:24:22 Web site : ZHPDiag Outil de diagnostic Contact : nicolascoolman@yahoo.fr ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18943 MFIE: Mozilla Firefox (3.6. ---\\ System Information Platform : Windows Vista Home Premium (6.0.6002) Service Pack 2 Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3070 MB (51% free) System drive C: has 64 GB (44%) free of 144 GB ---\\ Logged in mode Computer Name: PC-DE-CYRIL User Name: Cyril All Users Names: Cyril, Administrateur, Unselected Option: O1,O45,O61,O65,O82 Logged in as Administrator ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 144 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 114 Go of 144 Go) E:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Hard drive, Flash drive, Thumb drive (Free 191 Go of 233 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK ---\\ Processus lancés [MD5.CDA7716BDF23E87530AFF13E46331EEE] - (.Crawler.com - Spyware Terminator Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe [2176512] [MD5.38AE7A942FC3FAB1C6A27EB65DE8F827] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [MD5.4B7A840613734F1FE0D102346640E300] - (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3037696] [MD5.79CC43BE17E1D1AC58844574ABD58941] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe [490952] [MD5.B995BCBC001150974EDD1637295600BD] - (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe [1242448] [MD5.FC611A99647705BA397EEE01713E9C92] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PowerCheck\PowerCheck.exe [979456] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [MD5.4F779AD993A2975D945EE6985CAC0FEA] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE [397312] [MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [MD5.D449C2456FCFC8DDA896F1DD27D0A476] - (.Secunia - Secunia PSI.) -- C:\Program Files\Secunia\PSI\psi.exe [911920] [MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296] [MD5.642FA80C2C43EE609313746AA305DC86] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [14808] [MD5.2103C7D93D559817F293881C28F8062E] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [546816] ---\\ Plugins de navigateurs Opera/Firefox(P1/P2) P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.3.4".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.1] - (.the VideoLAN Team - Version 1.1.1, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Pas de propriétaire - Pas de description.) (No version) -- (.not file.) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} . (.RapidSolution Software - WebRip Plugin for Internet Explorer.) -- C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Inc. - WR_PopUp.) -- C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [spywareTerminator] . (.Crawler.com - Spyware Terminator Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [NPSStartup] Clé orpheline O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [spywareTerminatorUpdate] . (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe O4 - HKCU\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [spywareTerminatorUpdate] . (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Empowering Technology Launcher.lnk . (.Acer Inc. - Acer eAP Launch Tool.) -- C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: PowerCheck.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PowerCheck\PowerCheck.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\Windows\system32\GPhotos.scr O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252 O17 - HKLM\System\CS3\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252 ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FsUsbExService (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\Windows\system32\FsUsbExService.exe O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 197.4.) - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag (O&O Defrag) . (.O&O Software GmbH - O&O Defrag Agent (Win32).) - C:\Windows\system32\oodag.exe O23 - Service: PnkBstrA (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB (PnkBstrB) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrB.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) . (.Crawler.com - Spyware Terminator Realtime Shield Service.) - C:\Program Files\Spyware Terminator\sp_rsser.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Maintenance en 1 clic.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PCConfidential.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegPowerClean.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RPCReminder.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: PixiePack Codec Pack 1.0.100.0 - {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Macromedia, Inc. - Macromedia Flash Player 7.0 r19.) -- C:\Windows\system32\macromed\flash\Flash.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: Spyware Terminator Driver 2 (sp_rsdrv2) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\sp_rsdrv2.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95} O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394} O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23} O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E} O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {73B5D990-04EA-4751-B10F-5534770B91F2} O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B} O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {04AF207D-9A77-465A-8B76-991F6AB66245} O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078} O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_32e9033392a51340b32fdc6ad893ab7 O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {BF794769-8875-4E01-B7BE-E00104604F4A} O42 - Logiciel: Adobe Reader 9.3.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001} O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183} O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8} O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5} O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923} O42 - Logiciel: Assistant de connexion Windows Live ID - (.Microsoft Corporation.) [HKLM] -- {10A44844-4465-456E-8C97-80BDD4F68845} O42 - Logiciel: Autopano Giga - (.Kolor.) [HKLM] -- Autopano Giga O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA} O42 - Logiciel: Combined Community Codec Pack 2009-09-09 - (.CCCP Project.) [HKLM] -- Combined Community Codec Pack O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM] -- DivX Setup.divx.com O42 - Logiciel: Counter-Strike - (.Valve.) [HKLM] -- {DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} O42 - Logiciel: DIGIPILLS Miniphoto - (.Pas de propriétaire.) [HKLM] -- Miniphoto O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink O42 - Logiciel: ERUNT 1.1j - (.Lars Hederer.) [HKLM] -- ERUNT O42 - Logiciel: Enemy Territory - QUAKE Wars Demo 2 - (.Activision.) [HKLM] -- InstallShield_{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57} O42 - Logiciel: Enemy Territory - QUAKE Wars Demo 2 Lite Server - (.Activision.) [HKLM] -- InstallShield_{C96F54F5-6904-4B36-8422-F060F867C8A6} O42 - Logiciel: Eraser - (.Heidi Computers Ltd..) [HKLM] -- Eraser O42 - Logiciel: Eraser - (.Heidi Computers Ltd..) [HKLM] -- {F850707C-B6A0-4B56-8709-F89CF8F9AC6D} O42 - Logiciel: FairUse Wizard 2 - (.FairUse Wizard.) [HKLM] -- FairUse Wizard 2 O42 - Logiciel: FileZilla Client 3.3.4.1 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client O42 - Logiciel: Free Video to Mp3 Converter version 2.7 - (.DVD Video Soft Limited..) [HKLM] -- Free Video to Mp3 Converter O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities O42 - Logiciel: HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94} O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects O42 - Logiciel: HP Smart Web Printing 4.60 - (.HP.) [HKLM] -- HP Smart Web Printing O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {818ABC3C-635C-4651-8183-D0E9640B7DD1} O42 - Logiciel: Hercules Classic Link Webcam - (.Hercules.) [HKLM] -- {FD4FE0F7-91FC-43A2-9C3A-187553991FFF} O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31} O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF} O42 - Logiciel: Lame ACM MP3 Codec - (.Pas de propriétaire.) [HKLM] -- LameACM O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF} O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] -- {C523D256-313D-4866-B36A-F3DE528246EF} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {207BB01A-0163-43E0-8CE9-BE494505BE0F} O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Money - (.Microsoft.) [HKLM] -- Money2005b O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Live Add-in 1.4 - (.Microsoft Corporation.) [HKLM] -- {AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 - (.Microsoft Corporation.) [HKLM] -- {E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C} O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Mozilla Firefox (3.6. - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6. O42 - Logiciel: Mozilla Thunderbird (3.0.6) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (3.0.6) O42 - Logiciel: MySQL Connector/ODBC 3.51 - (.MySQL AB.) [HKLM] -- {0CB3C535-1171-4A20-B549-E2CB5DEB9723} O42 - Logiciel: NTI Backup NOW! 4.7 - (.NewTech Infosystems.) [HKLM] -- {67ADE9AF-5CD9-4089-8825-55DE4B366799} O42 - Logiciel: NTI CD & DVD-Maker - (.NewTech Infosystems.) [HKLM] -- InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036} O42 - Logiciel: O&O Defrag Professional Edition - (.O&O Software GmbH.) [HKLM] -- {53480330-E1D1-41CA-B8F8-7F78644F7F50} O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {BEFBEDDF-1417-4C8A-92FB-F003C0D41199} O42 - Logiciel: OpenOffice.org 3.2 Language Pack (French) - (.OpenOffice.org.) [HKLM] -- {EC0C8044-B973-4703-931D-DF45840A47AA} O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930} O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A} O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F O42 - Logiciel: Photomatix Pro version 3.1.3 - (.HDRsoft Sarl.) [HKLM] -- PhotomatixPro3 O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3 O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] -- {87441A59-5E64-4096-A170-14EFE67200C3} O42 - Logiciel: PixiePack Codec Pack - (.None.) [HKLM] -- {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} O42 - Logiciel: PowerCheck 4.2.3 - (.Pas de propriétaire.) [HKLM] -- PowerCheck O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Revo Uninstaller 1.89 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller O42 - Logiciel: Secunia PSI - (.Pas de propriétaire.) [HKLM] -- Secunia PSI O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2277947) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5857EE21-03D0-482E-9620-5A30B314A2AE} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982312) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982331) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E8766951-2B6C-4022-86E8-80D2D1762B76} O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060} O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB982308) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB980376) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{48113C06-9BA2-4D54-A731-D1D2C5B3144A} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB982124) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{289FA8BC-6A8E-4341-B194-EB26B49E9F5D} O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D} O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2251419) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7E9103DA-253F-41FF-9E83-7C83806C77DA} O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF} O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC} O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: Spyware Terminator - (.Crawler Inc..) [HKLM] -- Spyware Terminator O42 - Logiciel: Steam - (.Valve.) [HKLM] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3} O42 - Logiciel: Tunebite - (.RapidSolution Software AG.) [HKLM] -- {1442BD5B-64FC-434E-942C-F2310C720C8D} O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb2279264) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{01D475AB-57B1-44CC-8A8F-3A6B0FA4989F} O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421} O42 - Logiciel: VC80_CRT_x86 - (.kolor.) [HKLM] -- {AFC02C27-473F-4EC5-9372-30771EFFB35F} O42 - Logiciel: VLC media player 1.1.1 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1} O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} O42 - Logiciel: XnView 1.97.6 - (.Gougelet Pierre-e.) [HKLM] -- XnView O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5 ---\\ HKCU & HKLM Software Keys [HKCU\Software\AC3Filter] [HKCU\Software\ALWIL Software] [HKCU\Software\ATI Technologies Inc.] [HKCU\Software\ATI] [HKCU\Software\AVS4YOU] [HKCU\Software\AcerUtil] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Alex Feinman] [HKCU\Software\AppDataLow\Aurigma] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software\Yahoo] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\ArcSoft] [HKCU\Software\Binary Noise] [HKCU\Software\Blizzard Entertainment] [HKCU\Software\Bugsplat] [HKCU\Software\CESYAM] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CoreAAC] [HKCU\Software\CoyoteReplay] [HKCU\Software\CyberLink] [HKCU\Software\DT Soft] [HKCU\Software\DVD Decrypter] [HKCU\Software\DVD Shrink] [HKCU\Software\DVDVIDEOSOFT] [HKCU\Software\DivXNetworks] [HKCU\Software\DivX] [HKCU\Software\EPSON] [HKCU\Software\FUW] [HKCU\Software\FairUse Wizard 2] [HKCU\Software\FairUseW] [HKCU\Software\Freeware] [HKCU\Software\Fridgesoft] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\GameShadow] [HKCU\Software\Google] [HKCU\Software\HP] [HKCU\Software\Haali] [HKCU\Software\Heidi Computers Ltd] [HKCU\Software\Hercules] [HKCU\Software\Hewlett-Packard] [HKCU\Software\HookNetwork] [HKCU\Software\IE] [HKCU\Software\IGA] [HKCU\Software\IM Providers] [HKCU\Software\Illustrate] [HKCU\Software\ImageViewer] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Kolor] [HKCU\Software\Macromedia] [HKCU\Software\Magix] [HKCU\Software\Magnet] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MimarSinan] [HKCU\Software\Mozilla] [HKCU\Software\MultimediaPhoto] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\NewTech Infosystems] [HKCU\Software\Nikon] [HKCU\Software\O&O] [HKCU\Software\ODBC] [HKCU\Software\OpenOffice.org] [HKCU\Software\PDFCreator] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\RapidSolution] [HKCU\Software\RealNetworks] [HKCU\Software\Realtek] [HKCU\Software\Ripp-it] [HKCU\Software\RocketDock] [HKCU\Software\SIComponents] [HKCU\Software\Safer Networking Limited] [HKCU\Software\SecuROM] [HKCU\Software\Secunia] [HKCU\Software\Skyline] [HKCU\Software\Softonic] [HKCU\Software\Software] [HKCU\Software\Spyware Terminator] [HKCU\Software\Sysinternals] [HKCU\Software\Trolltech] [HKCU\Software\TuneUp] [HKCU\Software\Ubisoft] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\VSRevoGroup] [HKCU\Software\Valve] [HKCU\Software\VideoToMp3] [HKCU\Software\W3i, LLC] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\acer] [HKCU\Software\cybelsoft] [HKCU\Software\etoro] [HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB] [HKLM\Software\ALWIL Software] [HKLM\Software\AMD] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\AVS4YOU] [HKLM\Software\AVS] [HKLM\Software\Acer] [HKLM\Software\Adaptec] [HKLM\Software\Adobe] [HKLM\Software\Aladdin Knowledge Systems] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\ArcSoft] [HKLM\Software\Avg] [HKLM\Software\CDDB] [HKLM\Software\Caphyon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Combined-Community-Codec-Pack] [HKLM\Software\CyberLink] [HKLM\Software\DT Soft] [HKLM\Software\DVDVIDEOSOFT] [HKLM\Software\Dealio] [HKLM\Software\DivXNetworks] [HKLM\Software\DivX] [HKLM\Software\DivoGames] [HKLM\Software\EPSON] [HKLM\Software\Electronic Arts] [HKLM\Software\Even Balance] [HKLM\Software\FairUse Wizard] [HKLM\Software\FarStone] [HKLM\Software\FileZilla 3] [HKLM\Software\Freeze.com] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\GameHouse] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Hercules] [HKLM\Software\Hewlett-Packard] [HKLM\Software\Id] [HKLM\Software\ImInstaller] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\LightScribe] [HKLM\Software\MCCI] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\Magix] [HKLM\Software\MarkAny] [HKLM\Software\MimarSinan] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\MySQL AB] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Nero] [HKLM\Software\NewTech Infosystems] [HKLM\Software\Nikon] [HKLM\Software\O&O] [HKLM\Software\ODBC] [HKLM\Software\OpenOffice.org] [HKLM\Software\PDFCreator] [HKLM\Software\PixArt] [HKLM\Software\Policies] [HKLM\Software\PopCap] [HKLM\Software\Python] [HKLM\Software\RapidSolution] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Secunia] [HKLM\Software\Sierra] [HKLM\Software\Sonic] [HKLM\Software\Sun Microsystems] [HKLM\Software\SymNRT] [HKLM\Software\TrendMicro] [HKLM\Software\Trymedia Systems] [HKLM\Software\TuneUp] [HKLM\Software\Ubisoft] [HKLM\Software\Valve] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\Windows] [HKLM\Software\Xara] [HKLM\Software\Yahoo] [HKLM\Software\ZSMC] [HKLM\Software\ahead] [HKLM\Software\cybelsoft] [HKLM\Software\mozilla.org] [HKLM\Software\muvee Technologies] ---\\ Contenu des dossiers ProgramFiles/ProgramData (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Arcade Live O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\AGI O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software O43 - CFD:Common File Directory ----D- C:\Program Files\Apowersoft O43 - CFD:Common File Directory ----D- C:\Program Files\ATI O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Autopano Giga 2 O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5 O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink O43 - CFD:Common File Directory ----D- C:\Program Files\DVDVIDEOSOFT O43 - CFD:Common File Directory ----D- C:\Program Files\eMule O43 - CFD:Common File Directory ----D- C:\Program Files\Eraser O43 - CFD:Common File Directory ----D- C:\Program Files\ERUNT O43 - CFD:Common File Directory ----D- C:\Program Files\FairUse Wizard 2 O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\Hercules O43 - CFD:Common File Directory ----D- C:\Program Files\HP O43 - CFD:Common File Directory ----D- C:\Program Files\id Software O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\MediaCoder iPod Edition O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\Miniphoto O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Thunderbird O43 - CFD:Common File Directory ----D- C:\Program Files\mp3DirectCut O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems O43 - CFD:Common File Directory ----D- C:\Program Files\NOS O43 - CFD:Common File Directory ----D- C:\Program Files\NVIDIA Corporation O43 - CFD:Common File Directory ----D- C:\Program Files\OO Software O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3 O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator O43 - CFD:Common File Directory ----D- C:\Program Files\PhotomatixPro3 O43 - CFD:Common File Directory ----D- C:\Program Files\PixiePack Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\PowerCheck O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\RapidSolution O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\RegSeeker O43 - CFD:Common File Directory ----D- C:\Program Files\Secunia O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\Spyware Terminator O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\Valve O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\XnView O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DivX Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DVDVIDEOSOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Hewlett-Packard O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\HP O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MAGIX Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Steam O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno O43 - CFD:Common File Directory ----D- C:\ProgramData\Adobe O43 - CFD:Common File Directory ----D- C:\ProgramData\agi O43 - CFD:Common File Directory ----D- C:\ProgramData\Alwil Software O43 - CFD:Common File Directory ----D- C:\ProgramData\Apple Computer O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Application Data O43 - CFD:Common File Directory ----D- C:\ProgramData\ArcSoft O43 - CFD:Common File Directory ----D- C:\ProgramData\ATI O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Bureau O43 - CFD:Common File Directory ----D- C:\ProgramData\BVRP Software O43 - CFD:Common File Directory --H-D- C:\ProgramData\CanonBJ O43 - CFD:Common File Directory ----D- C:\ProgramData\CyberLink O43 - CFD:Common File Directory ----D- C:\ProgramData\DAEMON Tools Lite O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Desktop O43 - CFD:Common File Directory ----D- C:\ProgramData\DivX O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Documents O43 - CFD:Common File Directory ----D- C:\ProgramData\DVD Shrink O43 - CFD:Common File Directory ----D- C:\ProgramData\eMule O43 - CFD:Common File Directory ----D- C:\ProgramData\EnterNHelp O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favoris O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favorites O43 - CFD:Common File Directory ----D- C:\ProgramData\Google O43 - CFD:Common File Directory ----D- C:\ProgramData\Google Updater O43 - CFD:Common File Directory ----D- C:\ProgramData\HP O43 - CFD:Common File Directory ----D- C:\ProgramData\HP Product Assistant O43 - CFD:Common File Directory ----D- C:\ProgramData\HPSSUPPLY O43 - CFD:Common File Directory ----D- C:\ProgramData\LightScribe O43 - CFD:Common File Directory ----D- C:\ProgramData\ma-config.com O43 - CFD:Common File Directory ----D- C:\ProgramData\Malwarebytes O43 - CFD:Common File Directory ----D- C:\ProgramData\McAfee O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft Help O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Modèles O43 - CFD:Common File Directory ----D- C:\ProgramData\Nero O43 - CFD:Common File Directory ----D- C:\ProgramData\NOS O43 - CFD:Common File Directory ----D- C:\ProgramData\NtiDvdCopy O43 - CFD:Common File Directory ----D- C:\ProgramData\NVIDIA O43 - CFD:Common File Directory ----D- C:\ProgramData\PC Suite O43 - CFD:Common File Directory ----D- C:\ProgramData\RapidSolution O43 - CFD:Common File Directory ----D- C:\ProgramData\SiComponents O43 - CFD:Common File Directory ----D- C:\ProgramData\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\ProgramData\Spyware Terminator O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Start Menu O43 - CFD:Common File Directory ----D- C:\ProgramData\Sun O43 - CFD:Common File Directory ----D- C:\ProgramData\Temp O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Templates O43 - CFD:Common File Directory ----D- C:\ProgramData\Ultima_T15 O43 - CFD:Common File Directory ----D- C:\ProgramData\WEBREG O43 - CFD:Common File Directory ----D- C:\ProgramData\WindowsSearch O43 - CFD:Common File Directory ----D- C:\ProgramData\WLInstaller O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DivX Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DVDVIDEOSOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Hewlett-Packard O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\HP O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MAGIX Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Steam O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 29/08/2010 - 11:15:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1860876] O44 - LFC:[MD5.96FCD0D39185C757BA66A89D144B0730] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1495948] O44 - LFC:[MD5.ABD7C4D7E75C299683859F32AA1AA702] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [103872] O44 - LFC:[MD5.E13D61A645B48995AED7B33B63F1212D] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat [126420] O44 - LFC:[MD5.2E0124CA26280513EF98A4525A2112F3] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [595798] O44 - LFC:[MD5.B1D976C31501B124123F9416C476652A] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat [678804] O44 - LFC:[MD5.7166304C56D7254ED93059FDBFADFB98] - 29/08/2010 - 10:18:48 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.D59CD2EDB678E851203F87907A2DC00A] - 29/08/2010 - 10:18:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\oodbs.lor [517185] O44 - LFC:[MD5.3BBC89C606AD1D545F18F4483553C0BA] - 27/08/2010 - 15:13:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DPINST.LOG [121122] O44 - LFC:[MD5.C0DFA45133A61E81A7BB4D84EEB71D2E] - 25/08/2010 - 12:23:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\RUNNABLE.TLB [1308] O44 - LFC:[MD5.BB864A0B62B7AC010491C06AFDCF7C85] - 25/08/2010 - 12:23:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\shlctxmnu2.tlb [17804] O44 - LFC:[MD5.DC7A3BC0FC185CD68848DC6F7D7B026B] - 25/08/2010 - 12:23:58 ---A- . (.vbAccelerator - Subclassing and Timer Assistant, modified f.) -- C:\Windows\System32\SSubTmr6.dll [40960] O44 - LFC:[MD5.4EF7BF165DAB0359D6C17A36A8EC90FC] - 25/08/2010 - 12:23:57 ---A- . (.NCT - NCTAudioCDWriter2 ActiveX DLL.) -- C:\Windows\System32\Waudio.dll [655360] O44 - LFC:[MD5.941EC87930F0E6F04593909FC85442F6] - 25/08/2010 - 12:23:57 ---A- . (.Online Media Technologies Ltd. - NCTDataCDWriter2.dll.) -- C:\Windows\System32\WDataCD.dll [811008] O44 - LFC:[MD5.B80E32346C5629400E649AEC348601EF] - 25/08/2010 - 12:23:57 ---A- . (.Online Media Technologies Ltd. - NCTDataDVDWriter2.dll.) -- C:\Windows\System32\WDataDVD.dll [823421] O44 - LFC:[MD5.FB00273CF7CE639C136853F3FC04B10C] - 25/08/2010 - 12:23:57 ---A- . (.Pas de propriétaire - Gif89 Module.) -- C:\Windows\System32\GIF89.DLL [44544] O44 - LFC:[MD5.07934C956B971F10B7F73D55239AB976] - 25/08/2010 - 12:23:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ISHF_Ex.tlb [18728] O44 - LFC:[MD5.D34D1DB92FF97C4E477DC0EC8DE3CF96] - 25/08/2010 - 12:23:56 ---A- . (.NCT Company Ltd. - NCTWMAFile2 ActiveX DLL.) -- C:\Windows\System32\WMAFile.dll [348160] O44 - LFC:[MD5.1574DD9D409F2DC45CF82C22B99164A4] - 15/08/2010 - 19:43:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\pdfcmnnt.dll [116224] O44 - LFC:[MD5.8A98241E75F876050610EB60AE598A0C] - 14/08/2010 - 22:59:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FeAnim.ini [497] O44 - LFC:[MD5.C7B5C1D376542A1E5518A2BA1656D8B5] - 14/08/2010 - 22:59:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FeMakro.ini [571] O44 - LFC:[MD5.F8854BDCD55ECCF24F077981ADFE6B9A] - 14/08/2010 - 22:59:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\vbrun60.inf [1069] O44 - LFC:[MD5.A8D88F8F5B7ACD863C92C138B469D445] - 14/08/2010 - 22:53:58 ---A- . (.ELECO Software GmbH - o2c simple object construction module.) -- C:\Windows\System32\o2cAreas.OCX [933888] O44 - LFC:[MD5.B77E1AFD4A79C9847EE687537E2F0D2E] - 14/08/2010 - 22:53:58 ---A- . (.Eleco plc - O2C 3D objektai.) -- C:\Windows\System32\O2CPlayerAC.OCX [1209512] O44 - LFC:[MD5.609FCB19EEEE6EB1FF57EC14DDDE0D01] - 14/08/2010 - 22:53:58 ---A- . (.Pas de propriétaire - Infragistics Numeric Control.) -- C:\Windows\System32\PVNum.ocx [163840] O44 - LFC:[MD5.D5A05EB14FEA2A52A1CE8580B3FF7486] - 14/08/2010 - 22:53:57 ---A- . (.Infragistics, Inc. - ActiveThreed Controls.) -- C:\Windows\System32\IGThreed40.ocx [349840] O44 - LFC:[MD5.79C7F1AE292CC1C027058FFC856A7996] - 14/08/2010 - 22:53:57 ---A- . (.Infragistics, Inc. - ActiveToolBars Plus Control.) -- C:\Windows\System32\IGToolBars50.ocx [497288] O44 - LFC:[MD5.CF3003C6C8C1340AA0864FD2BBDC20AD] - 14/08/2010 - 22:53:56 ---A- . (.FlexCell Studio - XLS DLL.) -- C:\Windows\System32\xls.dll [110592] O44 - LFC:[MD5.49278B08E16800C3E7C59616FD779A45] - 14/08/2010 - 22:53:55 ---A- . (.Infragistics, Inc. - ActiveThreed Controls.) -- C:\Windows\System32\ssa3d30.ocx [349968] O44 - LFC:[MD5.049E80F4167A1156854A6062A86C1F43] - 14/08/2010 - 22:53:53 ---A- . (.Microsoft - MSFlexGrid.) -- C:\Windows\System32\msflxgrd.ocx [227600] O44 - LFC:[MD5.D4EF656D9C071154E0DFD6743F44FF3F] - 14/08/2010 - 22:53:53 ---A- . (.Mücke Software GmbH - mbctrl ActiveX Control Module.) -- C:\Windows\System32\Mbctrl.ocx [77312] O44 - LFC:[MD5.AF18A47087A012C469381B6759AAF6F3] - 14/08/2010 - 22:53:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\iobjsafe.tlb [1764] O44 - LFC:[MD5.8B1259955295F0610577C25D010891FF] - 14/08/2010 - 22:53:52 ---A- . (.FlexCell Studio - Pas de description.) -- C:\Windows\System32\FlexCell.ocx [1921024] O44 - LFC:[MD5.87A2ADF125BE51CDD5D8D3843E0F0B7E] - 14/08/2010 - 22:53:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\dao2535.tlb [73184] O44 - LFC:[MD5.C6C5F8144F37B4A3F24D5040A18CF6F4] - 12/08/2010 - 00:06:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NTIWVEDT.INI [783] O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 11/08/2010 - 21:07:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NeroDigital.ini [69] O44 - LFC:[MD5.EC2DE6B9D5C739C2005CC71FEBA8482B] - 11/08/2010 - 13:08:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [1877936] O44 - LFC:[MD5.3F337DD54339BEAF26917D3A0A32C1DE] - 11/08/2010 - 12:59:17 ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll [81920] ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{7ec758f3-4061-11de-bb25-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- M:\LaunchU3.exe -a (.not file.) O51 - MPSK:{86a55ce9-728a-11dd-a09f-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- L:\SETUP.EXE (.not file.) O51 - MPSK:{9eab1496-17e7-11df-9494-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\launcher.exe (.not file.) O51 - MPSK:{ec83ee85-a61c-11df-ba6b-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\setup.exe (.not file.) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"vidc.i420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\Windows\System32\i420vfw.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"msacm.voxacm160"="vct3216.acm" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\Windows\System32\scg726.acm O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm O52 - TDSD: \Drivers32\"msacm.ac3acm"="AC3ACM.acm" . (.fccHandler - AC-3 ACM Decompressor.) -- C:\Windows\System32\AC3ACM.acm O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll O52 - TDSD: \Drivers32\"vidc.xvid"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\LameACM.acm O52 - TDSD: \Drivers32\"vidc.ffds"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"vct3216.acm"="Voxware Compression Toolkit" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm O52 - TDSD: \drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm O52 - TDSD: \drivers.desc\"AC3ACM.acm"="AC-3 ACM Decompressor" . (.fccHandler - AC-3 ACM Decompressor.) -- C:\Windows\System32\AC3ACM.acm O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll O52 - TDSD: \drivers.desc\"xvidvfw.dll"="XviD MPEG-4 Video Codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll O52 - TDSD: \drivers.desc\"mpg4c32.dll"="MS MPEG-4 v1,2,3 driver 4.1.0.3927" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"LameACM.acm"="Lame ACM MP3 Codec" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\LameACM.acm O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\DivXUpdate [Key] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O53 - SMSR:HKLM\...\startupreg\NBKeyScan [Key] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O53 - SMSR:HKLM\...\startupreg\OODefragTray [Key] . (.O&O Software GmbH - O&O Defrag TrayIcon (Win32).) -- C:\Windows\system32\oodtray.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 02/11/2006 - 10:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 02/11/2006 - 10:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 02/11/2006 - 10:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys O58 - SDL:[MD5.90395B64600EBB4552E26E178C94B2E4] - 02/11/2006 - 10:49:20 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 02/11/2006 - 10:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 02/11/2006 - 10:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys O58 - SDL:[MD5.B979979AB8027F7F53FB16EC4229B7DB] - 10/09/1999 - 12:06:00 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\Windows\system32\drivers\Aspi32.sys O58 - SDL:[MD5.0C0B08847F2F24BAA7BD43D8F2C6C8B0] - 28/06/2010 - 21:32:33 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys O58 - SDL:[MD5.EFFC39A1EDF04E83A42279D9DAA696A7] - 28/06/2010 - 21:32:56 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys O58 - SDL:[MD5.F385FFD39165453FDA96736AA3EDFD9D] - 28/06/2010 - 21:33:13 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys O58 - SDL:[MD5.45ADEA26BF613A54FED64ECDD12E58A7] - 28/06/2010 - 21:37:30 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys O58 - SDL:[MD5.C4EE975C87176F1900662D2874233C7F] - 28/06/2010 - 21:37:52 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys O58 - SDL:[MD5.7DB96C2801A78513BDC133C25D07929E] - 11/02/2010 - 08:42:22 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys O58 - SDL:[MD5.5BC2E26075304E762FE442C78168B8AB] - 27/02/2008 - 14:27:38 ---A- . (.Guillemot Corporation - Filter Driver for the Hercules Webcams (MJPG).) -- C:\Windows\system32\drivers\camfilt2.sys O58 - SDL:[MD5.45201046C776FFDAF3FC8A0029C581C8] - 02/11/2006 - 10:49:28 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 02/11/2006 - 08:30:54 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G60I32.sys O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys O58 - SDL:[MD5.C1CC0C9742B881C42F1CC628E6F9EBD1] - 28/07/2005 - 07:18:40 ---A- . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) -- C:\Windows\system32\drivers\hardlock.sys O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 02/11/2006 - 10:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 02/11/2006 - 10:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 02/11/2006 - 10:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 02/11/2006 - 10:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 02/11/2006 - 10:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys O58 - SDL:[MD5.7F1C1F78D709C4A54CBB46EDE7E0B48D] - 10/07/2007 - 14:36:42 ---A- . (.NewTech Infosystems, Inc. - NTI CD-ROM Filter Driver.) -- C:\Windows\system32\drivers\NTIDrvr.sys O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys O58 - SDL:[MD5.C8CB6135884CBC2A10225C4C3CEF0F95] - 03/04/2010 - 21:55:32 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 197.45.) -- C:\Windows\system32\drivers\nvlddmkm.sys O58 - SDL:[MD5.E69E946F80C1C31C53003BFBF50CBB7C] - 02/11/2006 - 10:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 02/11/2006 - 10:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys O58 - SDL:[MD5.B2A8C9EAF4FF38CB29DBF06EEFA737D2] - 10/05/2007 - 22:19:26 ---A- . (.O&O Software GmbH - O&O TextMode Driver (Win32).) -- C:\Windows\system32\drivers\oobctm.sys O58 - SDL:[MD5.81A0921E2A3FDCF840E43AF64BF96EA2] - 10/09/2007 - 07:50:56 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\system32\drivers\PAC7302.SYS O58 - SDL:[MD5.5AABA5388B4F72B8BF72EA922D1CBD38] - 20/07/2010 - 14:16:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\PnkBstrK.sys O58 - SDL:[MD5.E801D5CC24E1CF18FA87D24D7074B876] - 25/04/2007 - 15:34:38 ---A- . (.HiTRUST - PSD Filter Driver.) -- C:\Windows\system32\drivers\psdfilter.sys O58 - SDL:[MD5.14E6FB92F1788982E2BBC81D915B1F02] - 28/05/2010 - 12:04:52 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\system32\drivers\psi_mf.sys O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 02/11/2006 - 10:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys O58 - SDL:[MD5.75334ECEEF6F39EEC569F2F445254EDA] - 22/06/2007 - 10:34:12 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys O58 - SDL:[MD5.59509AD6CBC28F2C73056268985B3E48] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 Driver.) -- C:\Windows\system32\drivers\s0016bus.sys O58 - SDL:[MD5.8C4A9024CF84D61D4BC07F06DDF7B2D1] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cm.sys O58 - SDL:[MD5.8C4A9024CF84D61D4BC07F06DDF7B2D1] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cmnt.sys O58 - SDL:[MD5.44D115C6BE5DF0F32338DA1032923644] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (WDM class reg.) -- C:\Windows\system32\drivers\s0016cr.sys O58 - SDL:[MD5.B98C3A6F91F4FBA285AF9606A240C6B4] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s0016mdfl.sys O58 - SDL:[MD5.8A83426F4FB7B5212825D9DE76368B1A] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s0016mdm.sys O58 - SDL:[MD5.7A78BBA97FEB5E6D24C49E93A3BF7287] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s0016mgmt.sys O58 - SDL:[MD5.34EF7B5F611957B73E7219DD5A222AD1] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (NDIS 5 Minipo.) -- C:\Windows\system32\drivers\s0016nd5.sys O58 - SDL:[MD5.36792935847143E4A3CDA0DC87248487] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s0016obex.sys O58 - SDL:[MD5.927208754FB27FC3E7A659E77500C5D1] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s0016unic.sys O58 - SDL:[MD5.DA9BB7BCBB5F3D4B4E9B1E767278259D] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016wh.sys O58 - SDL:[MD5.DA9BB7BCBB5F3D4B4E9B1E767278259D] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016whnt.sys O58 - SDL:[MD5.6C1BEC4E12B4ED714E5F8065F680E9C2] - 05/09/2006 - 18:58:26 ---A- . (.MCCI - Sony Ericsson Device 088 Driver.) -- C:\Windows\system32\drivers\se58bus.sys O58 - SDL:[MD5.D0CFFF25CCEA4B1F3C12F335F950EC93] - 05/09/2006 - 18:58:22 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\se58wh.sys O58 - SDL:[MD5.D0CFFF25CCEA4B1F3C12F335F950EC93] - 05/09/2006 - 18:58:22 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\se58whnt.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys O58 - SDL:[MD5.E5B56569A9F79B70314FEDE6C953641E] - 09/01/2008 - 10:28:34 ---A- . (.Sony Ericsson Mobile Communications - seehcri Driver.) -- C:\Windows\system32\drivers\seehcri.sys O58 - SDL:[MD5.DF1AF7F5F1EC7800B3AC398ACC06C754] - 24/01/2007 - 10:08:06 ---A- . (.Silicon Integrated Systems Corporation - SiS AGPv3.5 Filter.) -- C:\Windows\system32\drivers\SISAGPX.SYS O58 - SDL:[MD5.42C5DE6854F32E6FD399AC8F69FD5FA8] - 09/09/2008 - 11:15:26 ---A- . (.Silicon Integrated Systems Corp. - NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device.) -- C:\Windows\system32\drivers\SiSGB6.sys O58 - SDL:[MD5.4FBD2C53C1E04F8E35C96747984FDE13] - 05/06/2007 - 12:08:56 ---A- . (.Silicon Integrated Systems Corporation - SiS VGA Kernal Mode Vista Driver.) -- C:\Windows\system32\drivers\SISGRKMD.sys O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 02/11/2006 - 10:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 02/11/2006 - 10:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys O58 - SDL:[MD5.00000000000000000000000000000000] - 22/11/2009 - 02:50:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys O58 - SDL:[MD5.8831252BCF05FCFB5ABD116A22E552D8] - 09/05/2009 - 22:11:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sp_rsdrv2.sys O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 17/01/2010 - 15:38:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\StarOpen.sys O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys O58 - SDL:[MD5.63D3F89F4736A6DA5260177E38D5C26B] - 04/11/2008 - 09:37:28 ---A- . (.RapidSolution Software AG - Tunebite High-Speed Dubbing.) -- C:\Windows\system32\drivers\tbhsd.sys O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys O58 - SDL:[MD5.FD2E3175FCADA350C7AB4521DCA187EC] - 02/11/2006 - 10:49:30 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 02/11/2006 - 10:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\system32\drivers\vsmraid.sys O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys O58 - SDL:[MD5.790A4CA68F44BE35967B3DF61F3E4675] - 07/04/2009 - 09:39:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\FsUsbExDisk.Sys O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - Bing O69 - SBI: SearchScopes [HKCU] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com O69 - SBI: SearchScopes [HKCU] {4609763A-F40B-49A4-B012-D162E722DE2D} - (Yahoo! Search) - Yahoo! Search - Recherche Web O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Live Search) - Bing O69 - SBI: SearchScopes [HKCU] {ACEB429B-458F-4713-A206-F9D2C140FDCB} - (Dealio) - Online Coupon Codes, Discount Coupons, Proflowers Coupon, Coupon & Online Shopping Deals by Dealio O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - Bing O69 - SBI: SearchScopes [HKUS\.DEFAULT] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - Bing O69 - SBI: SearchScopes [HKUS\S-1-5-18] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover Run by Cyril at 29/08/2010 13:43:43 device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x861251F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x861251f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! Use "ZHPFix" command "MBRFix" to clear infection ! Message: Certains émulateurs de CD/DVD peuvent hooker le pilote atapi de façon légitime. Voici quelques émulateurs : Message: Alcohol xx%, CDSpace, Circle Virtual CD, CloneCD, Daemon Tools, Virtual CloneDrive, Virtual CD, VirtualDrive, WinCDEmu,... ---\\ Recherche des services démarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [24576] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [62976] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [247296] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [122880] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [576512] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [438784] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [315392] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\System32\rasmans.dll [262144] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [68608] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [47104] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [288256] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242688] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1929952] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [758784] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247296] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [19968] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [33280] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [111616] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [45056] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [153088] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [57344] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [162304] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [595456] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service de configuration des services Terminal Server.) -- C:\Windows\system32\sessenv.dll [84992] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [81920] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [68096] ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/02/2010 733184 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\system32\Ati2evxx.exe SR - | Auto 28/06/2010 40384 | avast! Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Demand 28/06/2010 40384 | avast! Mail Scanner (avast! Mail Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Demand 28/06/2010 40384 | avast! Web Scanner (avast! Web Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 28/02/2006 229376 | ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 03/07/2007 53248 | eRecovery Service (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe SS - | Demand 30/01/2010 654848 | FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SR - | Auto 07/04/2009 233472 | FsUsbExService (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe SS - | Auto 15/09/2009 194032 | Google Software Updater (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 04/04/2005 69632 | InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Auto 17/01/2007 61440 | LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 19/07/2010 259440 | Ma-Config Service (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SR - | Auto 08/08/2007 836904 | Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe SS - | Demand 03/08/2007 382248 | NMIndexingService (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe SR - | Auto 03/04/2010 129640 | NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 11/05/2007 1050120 | O&O Defrag (O&O Defrag) . (.O&O Software GmbH.) - C:\Windows\system32\oodag.exe SR - | Auto 03/08/2009 66872 | PnkBstrA (PnkBstrA) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 20/07/2010 103736 | PnkBstrB (PnkBstrB) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrB.exe SR - | Auto 26/01/2009 1153368 | SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe SS - | Demand 07/04/2008 430592 | ServiceLayer (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 10/04/2010 488960 | Spyware Terminator Realtime Shield Service (sp_rssrv) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\sp_rsser.exe SS - | Demand 09/07/2010 395048 | Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe End of the scan (1129 lines in 19mn 22s)(0)

Bonjour Florinator et merci de me donner du temps. Voici ce que tu m'as demandé. _______________________________________________________________________________________ GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-08-29 11:04:34 Windows 6.0.6002 Service Pack 2 Running: wsdzw059.exe; Driver: C:\Users\Cyril\AppData\Local\Temp\kwtdipob.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8FE8C88E] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8FE8C0EC] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8FE8BDCE] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8FE8D938] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8FE8BED8] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8FE8BFC2] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8FE8CBBC] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8FE8C3F4] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8FE8C526] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8FE8BBFC] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8FE8CB04] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8FE8C70C] INT 0x72 ? 85790BF8 INT 0x82 ? 85790BF8 INT 0x93 ? 87327F00 INT 0xA3 ? 87327F00 INT 0xB3 ? 87327F00 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8FF43B9C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8FF439C0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8FF43AFA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!MmIsDriverVerifying + 89F 82C9A200 60 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...] .text ntkrnlpa.exe!MmIsDriverVerifying + 8DC 82C9A23D 67 Bytes [4D, E0, 59, 74, 04, 85, C9, ...] .text ntkrnlpa.exe!MmIsDriverVerifying + 920 82C9A281 18 Bytes [45, F8, F6, 45, 10, 04, 0F, ...] .text ntkrnlpa.exe!MmIsDriverVerifying + 933 82C9A294 9 Bytes [00, 8B, C6, 25, 00, 04, 00, ...] .text ntkrnlpa.exe!MmIsDriverVerifying + 93D 82C9A29E 20 Bytes [89, 45, E0, 58, 74, 08, 85, ...] .text ... .text ntkrnlpa.exe!MmProbeAndLockPages + 24 82C9E07A 9 Bytes [89, B5, 60, FF, FF, FF, 83, ...] .text ntkrnlpa.exe!MmProbeAndLockPages + 2E 82C9E084 11 Bytes [8B, 4D, 08, BB, F8, FF, 7F, ...] {MOV ECX, [EBP+0x8]; MOV EBX, 0x7ffff8; LEA EAX, [ECX+0x1c]} .text ntkrnlpa.exe!MmProbeAndLockPages + 3A 82C9E090 2 Bytes [45, D8] .text ntkrnlpa.exe!MmProbeAndLockPages + 3D 82C9E093 16 Bytes [41, 10, 89, 45, 88, 8B, 79, ...] {INC ECX; ADC [ECX+0x798b8845], CL; SBB [EBX], AL; CLC ; MOV [EBP-0x30], EDI; MOV [EBP-0x74], EDI} .text ntkrnlpa.exe!MmProbeAndLockPages + 4E 82C9E0A4 19 Bytes [41, 14, 8D, 14, 38, 89, 55, ...] .text ... .text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 29 82C9F9AC 7 Bytes [01, 00, 00, 8B, 40, 14, 57] .text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 31 82C9F9B4 200 Bytes [F8, 81, E7, FF, 0F, 00, 00, ...] .text ntkrnlpa.exe!MmProbeAndLockSelectedPages + FA 82C9FA7D 96 Bytes [89, 5C, 24, 5C, 0F, 83, AE, ...] .text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 15C 82C9FADF 6 Bytes [8B, 47, 0C, 83, E1, 1F] {MOV EAX, [EDI+0xc]; AND ECX, 0x1f} .text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 163 82C9FAE6 79 Bytes [1C, 88, 6A, 11, 59, 8B, D3, ...] .text ... .text ntkrnlpa.exe!MmUnlockPages 82CA106A 24 Bytes [8B, FF, 55, 8B, EC, 83, E4, ...] .text ntkrnlpa.exe!MmUnlockPages + 19 82CA1083 17 Bytes [b7, 47, 06, A8, 01, 89, 44, ...] .text ntkrnlpa.exe!MmUnlockPages + 2B 82CA1095 43 Bytes [01, 00, 8B, 4F, 14, 8D, 47, ...] .text ntkrnlpa.exe!MmUnlockPages + 57 82CA10C1 1 Byte [44] .text ntkrnlpa.exe!MmUnlockPages + 57 82CA10C1 17 Bytes [44, 24, 1C, 00, 04, 89, 74, ...] {INC ESP; AND AL, 0x1c; ADD [ECX+ECX*4], AL; JZ 0x2c; ADC [ECX+0xf28245c], CL; TEST [EAX+0x1], CL} .text ... .text ntkrnlpa.exe!MmIsIoSpaceActive + 14 82CA268D 82 Bytes [4F, D4, FD, FF, 89, 45, FC, ...] .text ntkrnlpa.exe!MmIsIoSpaceActive + 68 82CA26E1 39 Bytes JMP 9F1AB3F2 .text ntkrnlpa.exe!MmIsIoSpaceActive + 90 82CA2709 25 Bytes [85, C0, 75, BE, FF, 05, 64, ...] .text ntkrnlpa.exe!MmIsIoSpaceActive + AA 82CA2723 56 Bytes [5F, 8B, C6, 5E, 5B, C9, C2, ...] .text ntkrnlpa.exe!MmIsIoSpaceActive + E3 82CA275C 22 Bytes [00, 8B, 48, 14, 8B, 70, 18, ...] .text ... .text ntkrnlpa.exe!MmAdvanceMdl + 1D 82CA2910 23 Bytes JMP 82CA3063 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!MmAdvanceMdl + 35 82CA2928 79 Bytes [23, C6, 8B, F9, 23, FE, 8D, ...] .text ntkrnlpa.exe!MmAdvanceMdl + 85 82CA2978 43 Bytes [00, 2B, C7, 89, 45, 0C, 8B, ...] .text ntkrnlpa.exe!MmAdvanceMdl + B1 82CA29A4 18 Bytes [2D, 00, 00, 00, 40, 89, 10, ...] .text ntkrnlpa.exe!MmAdvanceMdl + C6 82CA29B9 58 Bytes [8B, 55, 0C, 33, FF, 3B, D7, ...] .text ... .text ntkrnlpa.exe!MmAllocateContiguousMemorySpecifyCacheNode + 42 82CA32D1 149 Bytes [0B, C8, FD, FF, 8B, 0D, 74, ...] .text ntkrnlpa.exe!MmAllocateContiguousMemorySpecifyCache + 5A 82CA3369 47 Bytes [80, FF, 75, 24, 8B, CF, 56, ...] .text ntkrnlpa.exe!MmAllocateContiguousMemory + E 82CA3399 89 Bytes [43, C7, FD, FF, 8B, 0D, 74, ...] .text ntkrnlpa.exe!MmFreeContiguousMemory + 26 82CA33F3 18 Bytes [A1, 68, 18, D7, 82, 3B, D8, ...] .text ntkrnlpa.exe!MmFreeContiguousMemory + 39 82CA3406 1 Byte [3F] .text ntkrnlpa.exe!MmFreeContiguousMemory + 3C 82CA3409 14 Bytes [23, C1, 23, D1, 2B, D0, C1, ...] .text ntkrnlpa.exe!MmFreeContiguousMemory + 4B 82CA3418 19 Bytes [3C, 05, 74, 04, 3C, 07, 75, ...] .text ntkrnlpa.exe!MmFreeContiguousMemory + 5F 82CA342C 15 Bytes CALL 82CA2267 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 31 82CA364D 10 Bytes [40, 60, C0, 72, 19, 8B, 35, ...] .text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 3C 82CA3658 8 Bytes [C1, EE, 09, 81, E6, F8, FF, ...] .text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 45 82CA3661 58 Bytes [81, EE, 00, 00, 00, 40, 3B, ...] .text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 80 82CA369C 12 Bytes [75, 04, 33, C0, EB, 77, 8B, ...] .text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 8D 82CA36A9 16 Bytes [53, 56, 57, 8B, 78, 08, A1, ...] {PUSH EBX; PUSH ESI; PUSH EDI; MOV EDI, [EAX+0x8]; MOV EAX, [0x82d7184c]; MOV ESI, EAX; MOV EAX, [EAX+0x50]} .text ... .text ntkrnlpa.exe!MmMapLockedPages + 3F 82CA5CEE 21 Bytes [59, C3, CC, CC, CC, CC, CC, ...] .text ntkrnlpa.exe!MmMapLockedPages + 55 82CA5D04 3 Bytes [00, A0, 3F] .text ntkrnlpa.exe!MmMapLockedPages + 59 82CA5D08 210 Bytes [10, 8B, 48, 04, 8B, C2, 0F, ...] .text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + B6 82CA5DDB 88 Bytes [00, 00, 8D, 74, C8, F0, EB, ...] .text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 10F 82CA5E34 18 Bytes JMP A71EE739 .text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 122 82CA5E47 70 Bytes [01, 89, 54, 24, 2C, 75, 17, ...] .text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 16A 82CA5E8F 5 Bytes [66, 83, 7C, 24, 20] .text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 170 82CA5E95 29 Bytes [74, 31, 3B, 3D, 74, 18, D7, ...] .text ... .text ntkrnlpa.exe!MmUnmapReservedMapping + 1E 82CA6057 37 Bytes [40, 56, 8B, 70, F8, 81, E1, ...] .text ntkrnlpa.exe!MmUnmapReservedMapping + 44 82CA607D 41 Bytes [08, 68, 08, 01, 00, 00, 68, ...] .text ntkrnlpa.exe!MmUnmapReservedMapping + 6E 82CA60A7 18 Bytes [00, EB, D9, 8B, 75, 10, 8B, ...] .text ntkrnlpa.exe!MmUnmapReservedMapping + 82 82CA60BB 73 Bytes [8B, D9, 23, FE, 23, DE, 8D, ...] .text ntkrnlpa.exe!MmUnmapReservedMapping + CC 82CA6105 52 Bytes [6A, 00, 89, 4C, 24, 14, 59, ...] .text ... .text ntkrnlpa.exe!MmGetPhysicalAddress + 2A 82CA61EF 74 Bytes [F0, 23, F7, 33, DB, 3B, F7, ...] .text ntkrnlpa.exe!MmGetPhysicalAddress + 75 82CA623A 1 Byte [00] .text ntkrnlpa.exe!MmGetPhysicalAddress + 75 82CA623A 3 Bytes [00, 00, 6A] .text ntkrnlpa.exe!MmGetPhysicalAddress + 7A 82CA623F 21 Bytes [55, F8, 5A, 74, 0D, 85, D2, ...] .text ntkrnlpa.exe!MmGetPhysicalAddress + 9F 82CA6264 103 Bytes [40, 8B, 01, 8B, 49, 04, 8B, ...] .text ntkrnlpa.exe!MmSizeOfMdl + 1E 82CA62CD 35 Bytes CALL 8FB423DE \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) .text ntkrnlpa.exe!MmCreateMdl + 2 82CA62F1 32 Bytes [55, 8B, EC, 8B, 45, 08, 85, ...] .text ntkrnlpa.exe!MmCreateMdl + 23 82CA6312 11 Bytes CALL 82D27B41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!MmCreateMdl + 2F 82CA631E 10 Bytes [66, 83, 60, 06, 00, 53, BA, ...] .text ntkrnlpa.exe!MmCreateMdl + 3A 82CA6329 13 Bytes [8B, CE, 23, CA, 8B, DF, 23, ...] .text ntkrnlpa.exe!MmCreateMdl + 48 82CA6337 15 Bytes JMP C1DF8B0C .text ... .text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 12 82CA6381 8 Bytes [53, 8B, 5A, 14, 56, 8D, 42, ...] {PUSH EBX; MOV EBX, [EDX+0x14]; PUSH ESI; LEA EAX, [EDX+0x1c]} .text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 1B 82CA638A 1 Byte [44] .text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 1B 82CA638A 21 Bytes [44, 24, 0C, 8B, 42, 18, 57, ...] .text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 31 82CA63A0 48 Bytes [81, E1, FF, 0F, 00, 00, 8D, ...] .text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 63 82CA63D2 52 Bytes [40, 2D, 00, 00, A0, 3F, 8D, ...] .text ... .text ntkrnlpa.exe!MmProtectMdlSystemAddress + 53 82CA6541 9 Bytes CALL 82CE7BD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!MmProtectMdlSystemAddress + 5D 82CA654B 18 Bytes [89, 44, 24, 10, 0F, 84, ED, ...] {MOV [ESP+0x10], EAX; JZ 0x3f7; MOV ECX, EAX; SHR ECX, 0x3; CMP ECX, 0x2} .text ntkrnlpa.exe!MmProtectMdlSystemAddress + 71 82CA655F 2 Bytes [DF, 03] {FILD WORD [EBX]} .text ntkrnlpa.exe!MmProtectMdlSystemAddress + 75 82CA6563 29 Bytes [83, F9, 01, 0F, 84, D6, 03, ...] .text ntkrnlpa.exe!MmProtectMdlSystemAddress + 93 82CA6581 36 Bytes [00, 83, F8, 07, 0F, 84, B7, ...] .text ... .text ntkrnlpa.exe!MmMapIoSpace + 55 82CA6A5A 26 Bytes [82, 90, FD, FF, 8B, D8, 3B, ...] .text ntkrnlpa.exe!MmMapIoSpace + 70 82CA6A75 29 Bytes [85, C0, 75, 03, 40, EB, 12, ...] .text ntkrnlpa.exe!MmMapIoSpace + 8E 82CA6A93 12 Bytes [94, C1, 0F, B7, C9, 0F, BF, ...] .text ntkrnlpa.exe!MmMapIoSpace + 9B 82CA6AA0 29 Bytes [30, 74, 03, 6A, 06, 58, 8B, ...] .text ntkrnlpa.exe!MmMapIoSpace + B9 82CA6ABE 21 Bytes [1F, 00, 85, F8, 75, 3B, 85, ...] .text ... .text ntkrnlpa.exe!MmUnmapIoSpace + 13 82CA6EC8 98 Bytes [00, 23, D0, 8B, CB, 23, C8, ...] .text ntkrnlpa.exe!MmUnmapIoSpace + 77 82CA6F2C 31 Bytes [40, 8B, 0E, 8B, 46, 04, 0F, ...] .text ntkrnlpa.exe!MmUnmapIoSpace + 97 82CA6F4C 43 Bytes [85, C0, 74, 5E, 8B, D1, C1, ...] .text ntkrnlpa.exe!MmUnmapIoSpace + C3 82CA6F78 61 Bytes [00, 76, 0B, 6A, 01, 6A, 00, ...] .text ntkrnlpa.exe!MmUnmapIoSpace + 101 82CA6FB6 37 Bytes [EB, 51, 8B, 08, 8B, 40, 04, ...] .text ... .text ntkrnlpa.exe!MmGetVirtualForPhysical + 2 82CA72C7 36 Bytes [55, 8B, EC, 8B, 55, 0C, 56, ...] .text ntkrnlpa.exe!MmGetVirtualForPhysical + 27 82CA72EC 29 Bytes [00, C1, E0, 09, 03, C6, 5E, ...] .text ntkrnlpa.exe!MmGetVirtualForPhysical + 45 82CA730A 24 Bytes [17, D7, 82, 83, EC, 30, 53, ...] .text ntkrnlpa.exe!MmGetVirtualForPhysical + 5E 82CA7323 9 Bytes CALL 82C53269 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!MmGetVirtualForPhysical + 68 82CA732D 49 Bytes [00, 8B, 4D, 08, 3B, 0D, 74, ...] .text ... .text ntkrnlpa.exe!MmAllocatePagesForMdlEx + 24 82CA8CDF 539 Bytes [04, 33, C0, EB, 1E, FF, 75, ...] .text ntkrnlpa.exe!MmFreePagesFromMdl + 1EC 82CA8EFE 97 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!MmFreePagesFromMdl + 24E 82CA8F60 59 Bytes [A1, D4, 18, D7, 82, 0B, 05, ...] .text ntkrnlpa.exe!MmFreePagesFromMdl + 28A 82CA8F9C 1 Byte [00] .text ntkrnlpa.exe!MmFreePagesFromMdl + 28A 82CA8F9C 9 Bytes [00, 00, 8B, FE, 81, E7, FF, ...] .text ntkrnlpa.exe!MmFreePagesFromMdl + 294 82CA8FA6 61 Bytes [83, E0, C0, 89, 45, D4, 89, ...] .text ... .text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + C 82CABF93 4 Bytes [15, 5C, B1, C3] .text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 11 82CABF98 51 Bytes [8B, 4D, 08, 8B, 09, 85, C9, ...] .text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 45 82CABFCC 23 Bytes [CC, CC, CC, CC, CC, 90, 90, ...] .text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 5D 82CABFE4 35 Bytes [15, 5C, B1, C3, 82, 88, 45, ...] .text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 81 82CAC008 17 Bytes [00, 74, 3E, 8B, 35, 48, 1A, ...] .text ... .text ntkrnlpa.exe!MmFlushImageSection + 12 82CAE244 38 Bytes [8B, 55, 08, 33, DB, 39, 5D, ...] .text ntkrnlpa.exe!MmFlushImageSection + 39 82CAE26B 4 Bytes [05, 04, 1D, D5] .text ntkrnlpa.exe!MmFlushImageSection + 3E 82CAE270 11 Bytes [8A, 55, FC, 6A, 02, 59, FF, ...] .text ntkrnlpa.exe!MmFlushImageSection + 4A 82CAE27C 15 Bytes [8A, C3, EB, 24, 8A, 55, FC, ...] .text ntkrnlpa.exe!MmFlushImageSection + 5A 82CAE28C 23 Bytes [32, C0, EB, 14, 8B, 72, 08, ...] .text ... .text ntkrnlpa.exe!MmUnlockPagableImageSection + 21 82CB022C 56 Bytes [60, C0, BA, 81, 00, 00, 00, ...] .text ntkrnlpa.exe!MmUnlockPagableImageSection + 5A 82CB0265 7 Bytes [3C, 0B, 0F, 84, 08, 02, 00] .text ntkrnlpa.exe!MmUnlockPagableImageSection + 62 82CB026D 30 Bytes [8B, 56, 10, 8B, 7E, 18, 8D, ...] .text ntkrnlpa.exe!MmUnlockPagableImageSection + 81 82CB028C 1 Byte [7F] .text ntkrnlpa.exe!MmUnlockPagableImageSection + 81 82CB028C 11 Bytes JMP 09EBC109 .text ... .text ntkrnlpa.exe!MmIsAddressValid + D 82CB85A4 46 Bytes [5D, C2, 04, 00, CC, CC, CC, ...] .text ntkrnlpa.exe!MmIsAddressValid + 3C 82CB85D3 11 Bytes [00, 89, 5C, 24, 20, 81, 7D, ...] .text ntkrnlpa.exe!MmIsAddressValid + 48 82CB85DF 33 Bytes [8B, 46, 04, 89, 44, 24, 24, ...] .text ntkrnlpa.exe!MmIsAddressValid + 6A 82CB8601 41 Bytes [00, 00, 08, 74, 63, 8B, C6, ...] .text ntkrnlpa.exe!MmIsAddressValid + 94 82CB862B 70 Bytes [51, C1, E0, 09, 50, 68, 40, ...] .text ... .text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 3B 82CB9711 4 Bytes CALL 82CC51EA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 40 82CB9716 35 Bytes [00, 85, C0, 74, 0C, 57, E8, ...] .text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 64 82CB973A 5 Bytes [8A, 87, 20, 14, D5] .text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 6A 82CB9740 9 Bytes [3C, 01, 74, C8, 3C, 0B, 74, ...] .text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 74 82CB974A 39 Bytes [5F, 5E, 5B, 5D, C2, 04, 00, ...] .text ... .text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache 82CB97DD 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP} .text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + 4 82CB97E1 4 Bytes [EC, 83, E4, F8] {IN AL, DX ; AND ESP, -0x8} .text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + A 82CB97E7 1 Byte [3C] .text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + A 82CB97E7 30 Bytes [3C, 53, 8B, 5D, 08, 8B, 4B, ...] .text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + 29 82CB9806 4 Bytes JMP 82CB9C80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!MmUnmapLockedPages + 45 82CB9CD8 2 Bytes [8B, DA] {MOV EBX, EDX} .text ntkrnlpa.exe!MmUnmapLockedPages + 48 82CB9CDB 129 Bytes [EB, 09, C1, EF, 0C, C1, E8, ...] .text ntkrnlpa.exe!MmUnmapLockedPages + CB 82CB9D5E 85 Bytes [87, 44, 24, 10, A1, 80, 4A, ...] .text ntkrnlpa.exe!MmUnmapLockedPages + 121 82CB9DB4 211 Bytes [30, 89, 54, 24, 28, E8, 26, ...] .text ntkrnlpa.exe!MmUnmapLockedPages + 1F5 82CB9E88 20 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...] .text ... .text ntkrnlpa.exe!MmMapMemoryDumpMdl + 50 82CBA241 17 Bytes [83, 64, FE, 04, 00, 8B, C7, ...] .text ntkrnlpa.exe!MmMapMemoryDumpMdl + 62 82CBA253 101 Bytes [8B, 54, 24, 10, 8B, 12, 8B, ...] .text ntkrnlpa.exe!MmMapMemoryDumpMdl + C8 82CBA2B9 51 Bytes [E2, 0C, 83, E1, C0, 0B, D0, ...] .text ntkrnlpa.exe!MmMapMemoryDumpMdl + FC 82CBA2ED 28 Bytes [EB, 05, 89, 5E, 04, 89, 16, ...] .text ntkrnlpa.exe!MmMapMemoryDumpMdl + 119 82CBA30A 9 Bytes [FF, 5F, 5E, 5B, 8B, E5, 5D, ...] .text ... .text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 13 82CBD98E 61 Bytes [53, 56, 57, 75, 07, 33, C0, ...] .text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 51 82CBD9CC 6 Bytes [02, 74, EA, 64, 8B, 35] .text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 58 82CBD9D3 13 Bytes [01, 00, 00, 80, 7E, 4F, 00, ...] .text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 66 82CBD9E1 27 Bytes [00, 00, BB, 40, 28, D5, 82, ...] .text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 82 82CBD9FD 60 Bytes [00, 00, 66, 85, C0, 75, B5, ...] .text ... .text ntkrnlpa.exe!NtFreeVirtualMemory + 15 82CBEF74 4 Bytes [0F, 85, 33, 0B] .text ntkrnlpa.exe!NtFreeVirtualMemory + 1A 82CBEF79 28 Bytes [00, B8, 00, C0, 00, 00, 23, ...] .text ntkrnlpa.exe!NtFreeVirtualMemory + 37 82CBEF96 9 Bytes [8B, 53, 48, 89, 55, AC, 8A, ...] .text ntkrnlpa.exe!NtFreeVirtualMemory + 41 82CBEFA0 49 Bytes [00, 00, 88, 45, A4, 83, 65, ...] .text ntkrnlpa.exe!NtFreeVirtualMemory + 73 82CBEFD2 210 Bytes [8B, 45, 0C, 8B, 00, 89, 45, ...] .text ... .text ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 4 82CDC32C 17 Bytes [28, 29, 2C, 00, 07, 00, 00, ...] .text ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 17 82CDC33F 40 Bytes [00, 00, 00, 00, 00, 72, 17, ...] .text ntkrnlpa.exe!NtBuildLab + 20 82CDC368 2 Bytes [00, 00] {ADD [EAX], AL} .text ntkrnlpa.exe!NtBuildLab + 23 82CDC36B 30 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ntkrnlpa.exe!NtBuildLab + 42 82CDC38A 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ntkrnlpa.exe!NtBuildLab + 4D 82CDC395 6 Bytes [00, 00, 00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ntkrnlpa.exe!NtBuildLab + 56 82CDC39E 3 Bytes [00, 00, 00] .text ... .text ntkrnlpa.exe!NtBuildGUID + 27 82CDC52B 144 Bytes [00, 21, C0, 0B, 3C, A8, C8, ...] .text ntkrnlpa.exe!NtBuildGUID + B8 82CDC5BC 542 Bytes [25, 70, A2, B7, 69, E5, C2, ...] .text ntkrnlpa.exe!NtBuildGUID + 2D7 82CDC7DB 65 Bytes [2E, DD, 2D, B3, A5, 39, 7F, ...] .text ntkrnlpa.exe!NtBuildGUID + 319 82CDC81D 297 Bytes [8E, 13, BA, 50, E2, D7, 4A, ...] .text ntkrnlpa.exe!NtBuildGUID + 444 82CDC948 200 Bytes [00, 00, 00, 00, BD, C4, 07, ...] .text ... .text ntkrnlpa.exe!KeRemoveQueueEx + 2 82CE0005 143 Bytes [55, 8B, EC, 83, E4, F8, 83, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 92 82CE0095 17 Bytes [02, 00, EB, 02, F3, 90, A1, ...] {ADD AL, [EAX]; JMP 0x6; PAUSE ; MOV EAX, [0xffdf0018]; MOV ECX, [0xffdf0014]} .text ntkrnlpa.exe!KeRemoveQueueEx + A4 82CE00A7 107 Bytes [15, 1C, 00, DF, FF, 3B, C2, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 110 82CE0113 54 Bytes [75, C8, 2B, 4C, 24, 38, 1B, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 147 82CE014A 93 Bytes [41, 10, 89, 48, 10, 89, 43, ...] .text ... .text ntkrnlpa.exe!KefAcquireSpinLockAtDpcLevel + 1C 82CE09FC 54 Bytes CALL 82D006FB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeAcquireSpinLockAtDpcLevel + 1F 82CE0A33 29 Bytes [40, 74, 0C, 50, 51, 52, 50, ...] .text ntkrnlpa.exe!KeAcquireSpinLockAtDpcLevel + 3D 82CE0A51 54 Bytes [8D, A4, 24, 00, 00, 00, 00, ...] .text ntkrnlpa.exe!KiAcquireSpinLock + 8 82CE0A88 61 Bytes [33, C0, 40, 85, 05, 94, 1B, ...] .text ntkrnlpa.exe!KiReleaseSpinLock + 6 82CE0AC6 223 Bytes [49, 00, 8B, 54, 24, 04, 83, ...] .text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + E 82CE0BA6 176 Bytes [bA, F1, 01, 89, 48, 04, 75, ...] .text ntkrnlpa.exe!_CIsqrt + 37 82CE0C57 34 Bytes [00, 00, 80, 75, 1F, D9, FA, ...] .text ntkrnlpa.exe!_CIsqrt + 5B 82CE0C7B 63 Bytes [A9, 00, 00, F0, 7F, 75, 2C, ...] .text ntkrnlpa.exe!_CIsqrt + 9B 82CE0CBB 11 Bytes [83, 3D, 00, 4D, D3, 82, 00, ...] .text ntkrnlpa.exe!_CIsqrt + A7 82CE0CC7 11 Bytes [00, BA, 05, 00, 00, 00, 8D, ...] .text ntkrnlpa.exe!_CIsqrt + B3 82CE0CD3 24 Bytes CALL 82CFAC97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!_except_handler3 + 1C 82CE0EB4 20 Bytes [00, 00, 89, 45, F8, 8B, 45, ...] .text ntkrnlpa.exe!_except_handler3 + 31 82CE0EC9 79 Bytes CALL 82D238F7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!_except_handler3 + 81 82CE0F19 66 Bytes [00, 83, C4, 08, 8D, 0C, 76, ...] .text ntkrnlpa.exe!_except_handler3 + C4 82CE0F5C 24 Bytes [00, 00, 00, EB, 15, 55, 8D, ...] .text ntkrnlpa.exe!_except_handler3 + DD 82CE0F75 47 Bytes [00, 5D, 5F, 5E, 5B, 8B, E5, ...] .text ntkrnlpa.exe!_global_unwind2 + 5 82CE0FA5 10 Bytes [57, 55, 6A, 00, 6A, 00, 68, ...] .text ntkrnlpa.exe!_global_unwind2 + 10 82CE0FB0 29 Bytes CALL 82C75DBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!_global_unwind2 + 2E 82CE0FCE 52 Bytes [00, 00, 74, 32, 8B, 44, 24, ...] .text ntkrnlpa.exe!_global_unwind2 + 63 82CE1003 40 Bytes [00, C3, 53, 56, 57, 8B, 44, ...] .text ntkrnlpa.exe!_local_unwind2 + 27 82CE102C 100 Bytes [00, 00, 8B, 44, 24, 28, 8B, ...] .text ntkrnlpa.exe!_abnormal_termination + 8 82CE1091 55 Bytes [00, 81, 79, 04, C0, 0F, CE, ...] .text ntkrnlpa.exe!_abnormal_termination + 40 82CE10C9 85 Bytes [55, 51, 50, 58, 59, 5D, 59, ...] .text ntkrnlpa.exe!_abnormal_termination + 96 82CE111F 108 Bytes [b6, 47, 01, FF, 77, 14, C6, ...] .text ntkrnlpa.exe!_abnormal_termination + 103 82CE118C 174 Bytes [00, 39, 5E, 18, 7C, 0A, 8A, ...] .text ntkrnlpa.exe!_abnormal_termination + 1B2 82CE123B 156 Bytes [89, 5F, 01, 89, 5F, 05, 89, ...] .text ... .text ntkrnlpa.exe!KeWaitForMultipleObjects + 1F 82CE17A9 39 Bytes [89, 74, 24, 14, 89, 44, 24, ...] .text ntkrnlpa.exe!KeWaitForMultipleObjects + 47 82CE17D1 31 Bytes [00, 00, 89, 4D, 24, 8B, 47, ...] .text ntkrnlpa.exe!KeWaitForMultipleObjects + 67 82CE17F1 60 Bytes [14, B2, 89, 50, F8, 8A, 55, ...] .text ntkrnlpa.exe!KeWaitForMultipleObjects + A4 82CE182E 65 Bytes [00, 89, 41, 10, 89, 70, 10, ...] .text ntkrnlpa.exe!KeWaitForMultipleObjects + E6 82CE1870 2 Bytes [A1, 18] .text ... .text ntkrnlpa.exe!KiDispatchInterrupt + 8 82CE22B8 6 Bytes [F0, 80, A3, 38, 1B, 00] .text ntkrnlpa.exe!KiDispatchInterrupt + 10 82CE22C0 11 Bytes [FA, 8B, 83, 0C, 1B, 00, 00, ...] .text ntkrnlpa.exe!KiDispatchInterrupt + 1D 82CE22CD 5 Bytes [0B, 83, 48, 1B, 00] .text ntkrnlpa.exe!KiDispatchInterrupt + 23 82CE22D3 29 Bytes [0B, 83, D4, 1B, 00, 00, 74, ...] .text ntkrnlpa.exe!KiDispatchInterrupt + 41 82CE22F1 2 Bytes CALL 82CE457C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!memcpy + 18 82CE3038 7 Bytes [3B, F8, 0F, 82, 7C, 01, 00] .text ntkrnlpa.exe!memcpy + 20 82CE3040 3 Bytes [F7, C7, 03] .text ntkrnlpa.exe!memcpy + 25 82CE3045 58 Bytes JMP 86B0B34C .text ntkrnlpa.exe!memcpy + 60 82CE3080 11 Bytes [31, CE, 82, 90, 90, 30, CE, ...] {XOR ESI, ECX; ADC BYTE [EAX-0x7d31cf70], -0x44; XOR DH, CL} .text ntkrnlpa.exe!memcpy + 6C 82CE308C 3 Bytes [E0, 30, CE] {LOOPNZ 0x32; INTO } .text ... .text ntkrnlpa.exe!RtlCaptureContext 82CE34F4 3 Bytes [53, 8B, 5C] .text ntkrnlpa.exe!RtlCaptureContext + 4 82CE34F8 11 Bytes [08, 89, 83, B0, 00, 00, 00, ...] .text ntkrnlpa.exe!RtlCaptureContext + 10 82CE3504 4 Bytes [00, 89, 93, A8] .text ntkrnlpa.exe!RtlCaptureContext + 15 82CE3509 3 Bytes [00, 00, 8B] .text ntkrnlpa.exe!RtlCaptureContext + 19 82CE350D 6 Bytes [24, 89, 83, A4, 00, 00] .text ... .text ntkrnlpa.exe!KeDelayExecutionThread + 38 82CE35F4 1 Byte [89] .text ntkrnlpa.exe!KeDelayExecutionThread + 38 82CE35F4 19 Bytes [89, 44, 24, 24, 8B, 47, 68, ...] .text ntkrnlpa.exe!KeDelayExecutionThread + 4C 82CE3608 15 Bytes [00, 64, 8B, 0D, 20, 00, 00, ...] .text ntkrnlpa.exe!KeDelayExecutionThread + 5D 82CE3619 18 Bytes CALL 82CE0B99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeDelayExecutionThread + 70 82CE362C 31 Bytes [8D, 87, 00, 01, 00, 00, 89, ...] .text ... .text ntkrnlpa.exe!KeInsertQueueDpc + E 82CE438B 7 Bytes [FF, 00, FF, 15, 4C, B1, C3] .text ntkrnlpa.exe!KeInsertQueueDpc + 16 82CE4393 71 Bytes [64, 8B, 1D, 20, 00, 00, 00, ...] .text ntkrnlpa.exe!KeInsertQueueDpc + 5E 82CE43DB 33 Bytes [CC, 0F, B6, 43, 10, 89, 45, ...] .text ntkrnlpa.exe!KeInsertQueueDpc + 81 82CE43FE 12 Bytes [8D, 4E, 08, 89, 4D, EC, E8, ...] .text ntkrnlpa.exe!KeInsertQueueDpc + 8E 82CE440B 96 Bytes [0B, 00, 8B, CE, 8D, 57, 1C, ...] .text ... .text ntkrnlpa.exe!KiIpiServiceRoutine + A 82CE4F72 24 Bytes [33, DB, 87, 9E, A0, 19, 00, ...] .text ntkrnlpa.exe!KiIpiServiceRoutine + 24 82CE4F8C 11 Bytes [bF, 00, 00, 00, 00, 74, 06, ...] .text ntkrnlpa.exe!KiIpiServiceRoutine + 32 82CE4F9A 46 Bytes [C3, 14, 75, 58, B7, 01, 8B, ...] .text ntkrnlpa.exe!KiIpiServiceRoutine + 61 82CE4FC9 14 Bytes [00, FF, D0, B7, 01, F6, C3, ...] .text ntkrnlpa.exe!KiIpiServiceRoutine + 70 82CE4FD8 77 Bytes [FF, 15, 88, B0, C3, 82, F6, ...] .text ... .text ntkrnlpa.exe!_alloca_probe_8 82CE563E 3 Bytes [51, 8D, 4C] .text ntkrnlpa.exe!_alloca_probe_8 + 4 82CE5642 37 Bytes [08, 2B, C8, 83, E1, 07, 03, ...] .text ntkrnlpa.exe!_alloca_probe + 14 82CE5668 9 Bytes [3B, C8, 72, 0A, 8B, C1, 59, ...] .text ntkrnlpa.exe!_alloca_probe + 1E 82CE5672 141 Bytes [89, 04, 24, C3, 2D, 00, 10, ...] .text ntkrnlpa.exe!ExReleaseResourceLite + 7C 82CE5700 12 Bytes [00, 00, 8B, 56, 2C, 3B, D1, ...] {ADD [EAX], AL; MOV EDX, [ESI+0x2c]; CMP EDX, ECX; JZ 0x2f; XOR ECX, ECX; INC ECX} .text ntkrnlpa.exe!ExReleaseResourceLite + 89 82CE570D 49 Bytes [0F, 89, 4E, 1C, 89, 4E, 20, ...] .text ntkrnlpa.exe!ExReleaseResourceLite + BB 82CE573F 25 Bytes [00, 33, C9, 8D, 46, 18, 41, ...] .text ntkrnlpa.exe!ExReleaseResourceLite + D5 82CE5759 3 Bytes [89, 45, 08] {MOV [EBP+0x8], EAX} .text ntkrnlpa.exe!ExReleaseResourceLite + D9 82CE575D 23 Bytes [46, 08, 85, C0, 75, 10, 6A, ...] .text ... .text ntkrnlpa.exe!KeUpdateRunTime + 11 82CE5801 1 Byte [57] .text ntkrnlpa.exe!KeUpdateRunTime + 11 82CE5801 18 Bytes [57, 8B, 7E, 04, 3B, 7E, 0C, ...] {PUSH EDI; MOV EDI, [ESI+0x4]; CMP EDI, [ESI+0xc]; MOV EBX, EDX; MOV [EBP-0x8], ECX; JZ 0x3a; JMP 0x12; PAUSE } .text ntkrnlpa.exe!KeUpdateRunTime + 24 82CE5814 31 Bytes [47, 14, 8B, 4F, 10, 8B, 57, ...] .text ntkrnlpa.exe!KeUpdateRunTime + 44 82CE5834 11 Bytes [01, FF, 15, 88, B0, C3, 82, ...] .text ntkrnlpa.exe!KeUpdateRunTime + 50 82CE5840 6 Bytes [00, 8B, 86, 5C, 1A, 00] {ADD [EBX+0x1a5c86], CL} .text ... .text ntkrnlpa.exe!DbgBreakPointWithStatus + 1 82CE5AB5 65 Bytes [44, 24, 04, CC, C2, 04, 00, ...] .text ntkrnlpa.exe!KdPollBreakIn + 37 82CE5AF8 59 Bytes [0F, B6, C0, 8D, 34, 85, 00, ...] .text ntkrnlpa.exe!KdPollBreakIn + 73 82CE5B34 49 Bytes [01, 88, 1D, A4, C3, D6, 82, ...] .text ntkrnlpa.exe!KdPollBreakIn + A5 82CE5B66 32 Bytes CALL 82CE0A5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KdPollBreakIn + C6 82CE5B87 84 Bytes [E0, F2, 83, C8, 02, 81, FF, ...] .text ntkrnlpa.exe!KeSetTimer + 1B 82CE5BDC 5 Bytes [8B, E5, 5D, C2, 10] .text ntkrnlpa.exe!KeSetTimer + 21 82CE5BE2 53 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!KeSetTimerEx + 32 82CE5C19 119 Bytes [8B, CF, 83, E1, 1F, 8D, 9C, ...] .text ntkrnlpa.exe!KeSetTimerEx + AA 82CE5C91 41 Bytes [EB, 02, F3, 90, A1, 18, 00, ...] .text ntkrnlpa.exe!KeSetTimerEx + D4 82CE5CBB 3 Bytes [83, 66, 14] .text ntkrnlpa.exe!KeSetTimerEx + D8 82CE5CBF 15 Bytes [8B, C6, C6, 46, 02, 00, E8, ...] .text ntkrnlpa.exe!KeSetTimerEx + E8 82CE5CCF 21 Bytes [00, 00, 81, C1, 18, 04, 00, ...] .text ... .text ntkrnlpa.exe!KeInsertQueue + F 82CE6422 122 Bytes CALL 82CE6430 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeInsertQueue + 8A 82CE649D 78 Bytes [8D, 43, 01, 89, 46, 04, 8D, ...] .text ntkrnlpa.exe!KeInsertQueue + DA 82CE64ED 4 Bytes [75, 5B, B8, 7F] .text ntkrnlpa.exe!KeInsertQueue + E0 82CE64F3 128 Bytes [FF, 8B, CE, F0, 21, 01, 64, ...] .text ntkrnlpa.exe!KeInsertQueue + 161 82CE6574 68 Bytes CALL 82CE2034 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!ExQueueWorkItem + C 82CE66F9 30 Bytes [39, 38, 74, 12, 57, FF, 75, ...] .text ntkrnlpa.exe!ExQueueWorkItem + 2B 82CE6718 58 Bytes [77, 04, 57, 51, EB, E3, 8B, ...] .text ntkrnlpa.exe!ExQueueWorkItem + 66 82CE6753 10 Bytes CALL 82CE6763 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ExQueueWorkItem + 71 82CE675E 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!KeSetEvent + 22 82CE6785 6 Bytes [75, 07, 8B, C3, E9, B1] .text ntkrnlpa.exe!KeSetEvent + 2B 82CE678E 35 Bytes [33, C9, FF, 15, 68, B0, C3, ...] .text ntkrnlpa.exe!KeSetEvent + 4F 82CE67B2 53 Bytes [8B, 07, 75, 25, 38, 58, 16, ...] .text ntkrnlpa.exe!KeSetEvent + 85 82CE67E8 41 Bytes CALL 82CE159E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeSetEvent + B0 82CE6813 17 Bytes [8A, 4C, 24, 13, 83, 48, 68, ...] .text ... .text ntkrnlpa.exe!ZwCallbackReturn + 45 82CE7341 7 Bytes CALL 82CE7072 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ZwCallbackReturn + 51 82CE734D 52 Bytes [39, 81, FD, 23, 04, 00, C0, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 86 82CE7382 74 Bytes [58, 8B, 8B, 74, 01, 00, 00, ...] .text ntkrnlpa.exe!ZwCallbackReturn + D6 82CE73D2 16 Bytes [83, 8B, B3, 20, 01, 00, 00, ...] {OR DWORD [EBX+0x120b3], 0x0; MOV EDX, [ESI+0x18]; MOV [EDI+0x18], EDX; MOV EDX, [ESI+0x1c]} .text ntkrnlpa.exe!ZwCallbackReturn + E7 82CE73E3 2 Bytes [57, 1C] .text ... .text ntkrnlpa.exe!strstr + 32 82CE7472 38 Bytes [74, 0A, 84, C0, 75, F3, 5E, ...] .text ntkrnlpa.exe!strstr + 59 82CE7499 31 Bytes [bE, 8A, 41, 03, 84, C0, 74, ...] .text ntkrnlpa.exe!strstr + 79 82CE74B9 106 Bytes [8D, 47, FF, 5E, 5B, 5F, C3, ...] .text ntkrnlpa.exe!strchr + 14 82CE7524 75 Bytes [00, 00, 74, 15, 8A, 0A, 83, ...] .text ntkrnlpa.exe!strchr + 60 82CE7570 14 Bytes [01, 01, 81, 74, D3, 25, 00, ...] .text ntkrnlpa.exe!strchr + 71 82CE7581 9 Bytes [80, 75, C4, 5E, 5F, 5B, 33, ...] {XOR BYTE [EBP-0x3c], 0x5e; POP EDI; POP EBX; XOR EAX, EAX; RET } .text ntkrnlpa.exe!strchr + 7B 82CE758B 79 Bytes [42, FC, 3A, C3, 74, 36, 84, ...] .text ntkrnlpa.exe!KeUpdateSystemTime + B 82CE75DB 36 Bytes [DF, FF, 8B, 79, 14, 8B, 71, ...] .text ntkrnlpa.exe!KeUpdateSystemTime + 30 82CE7600 30 Bytes [89, 71, 10, 89, 79, 08, 89, ...] .text ntkrnlpa.exe!KeUpdateSystemTime + 4F 82CE761F 5 Bytes [01, 15, 0C, 4B, D3] .text ntkrnlpa.exe!KeUpdateSystemTime + 55 82CE7625 22 Bytes [8B, C8, 8B, 15, 04, 4B, D3, ...] .text ntkrnlpa.exe!KeUpdateSystemTime + 6C 82CE763C 86 Bytes [4B, D3, 82, 89, 15, 04, 4B, ...] .text ... .text ntkrnlpa.exe!KeProfileInterruptWithSource 82CE7708 9 Bytes [8B, 6C, 24, 04, 64, FF, 05, ...] .text ntkrnlpa.exe!KeProfileInterruptWithSource + B 82CE7713 34 Bytes [F7, 05, C4, 9C, D3, 82, 02, ...] .text ntkrnlpa.exe!KeProfileInterruptWithSource + 2E 82CE7736 8 Bytes [72, 10, 81, 7D, 68, 67, 88, ...] .text ntkrnlpa.exe!KeProfileInterruptWithSource + 37 82CE773F 14 Bytes CALL 82CE78D8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeProfileInterruptWithSource + 46 82CE774E 4 Bytes [03, 76, 05, E8] .text ... .text ntkrnlpa.exe!KiCheckForSListAddress + 30 82CE790C 17 Bytes [1A, D7, 82, 77, 03, 89, 41, ...] {SBB DL, BH; XOR BYTE [EDI+0x3], -0x77; INC ECX; PUSH 0x909090c3; NOP ; NOP ; MOV EDI, EDI; PUSH EBP} .text ntkrnlpa.exe!KiCheckForSListAddress + 42 82CE791E 26 Bytes [EC, 51, A0, 90, 1B, D7, 82, ...] .text ntkrnlpa.exe!KiCheckForSListAddress + 5D 82CE7939 38 Bytes [3C, 01, 0F, 8E, A5, 00, 00, ...] .text ntkrnlpa.exe!KiCheckForSListAddress + 84 82CE7960 38 Bytes [00, 64, A1, 24, 01, 00, 00, ...] .text ntkrnlpa.exe!KiCheckForSListAddress + AB 82CE7987 26 Bytes [88, 45, 0F, 33, FF, BE, 80, ...] .text ... .text ntkrnlpa.exe!FsRtlResetBaseMcb + 10 82CE7BD1 45 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!FsRtlResetBaseMcb + 3E 82CE7BFF 6 Bytes [EB, 11, 8B, C3, C1, E8] .text ntkrnlpa.exe!FsRtlResetBaseMcb + 45 82CE7C06 5 Bytes [83, E0, 0F, 74, DC] {AND EAX, 0xf; JZ 0xffffffffffffffe1} .text ntkrnlpa.exe!FsRtlResetBaseMcb + 4B 82CE7C0C 23 Bytes [bE, 88, AC, BC, CD, 82, 83, ...] .text ntkrnlpa.exe!FsRtlResetBaseMcb + 63 82CE7C24 67 Bytes [01, 74, 0F, 83, F9, 18, 74, ...] .text ... .text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 53 82CE7E7C 6 Bytes [33, C0, 40, 89, 77, 18] {XOR EAX, EAX; INC EAX; MOV [EDI+0x18], ESI} .text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 5A 82CE7E83 20 Bytes [47, 1C, 89, 47, 20, 66, 89, ...] .text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 6F 82CE7E98 10 Bytes [8A, C3, 5F, 5E, 5B, 8B, E5, ...] .text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 7A 82CE7EA3 52 Bytes [FF, 47, 1C, B3, 01, EB, E4, ...] .text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + AF 82CE7ED8 55 Bytes [8B, 44, 24, 10, 89, 6C, 24, ...] .text ... .text ntkrnlpa.exe!SeAccessCheck + 5B 82CE8040 20 Bytes [8B, 5D, 0C, 39, 33, 74, 11, ...] .text ntkrnlpa.exe!SeAccessCheck + 70 82CE8055 89 Bytes [C0, EB, E1, 39, 75, 14, 75, ...] .text ntkrnlpa.exe!SeAccessCheck + CA 82CE80AF 7 Bytes [75, 88, 53, E8, 28, EF, 17] .text ntkrnlpa.exe!SeAccessCheck + D2 82CE80B7 50 Bytes [EB, 80, FF, 75, 14, 8D, 75, ...] .text ntkrnlpa.exe!SeAccessCheck + 105 82CE80EA 20 Bytes [00, 00, 02, 74, 49, 84, C0, ...] .text ... .text ntkrnlpa.exe!KeReleaseMutant + 10 82CE8358 9 Bytes [33, C9, 33, DB, FF, 15, 68, ...] .text ntkrnlpa.exe!KeReleaseMutant + 1A 82CE8362 96 Bytes [8B, 75, 08, 8B, 56, 04, 33, ...] .text ntkrnlpa.exe!KeReleaseMutant + 7B 82CE83C3 173 Bytes [74, 08, FF, 75, 0C, E8, 55, ...] .text ntkrnlpa.exe!PsGetCurrentProcessId + C 82CE8471 72 Bytes [C3, 90, 90, 90, 90, 90, 85, ...] .text ntkrnlpa.exe!PsGetCurrentProcessId + 55 82CE84BA 13 Bytes [00, 83, F8, FF, 75, 03, 33, ...] .text ntkrnlpa.exe!PsGetCurrentProcessId + 63 82CE84C8 41 Bytes [00, 8D, 04, C1, C3, 90, 90, ...] .text ntkrnlpa.exe!RtlEqualSid + 20 82CE84F2 1 Byte [00] .text ntkrnlpa.exe!RtlEqualSid + 20 82CE84F2 57 Bytes [00, 00, F3, A6, 0F, 94, C0, ...] .text ntkrnlpa.exe!RtlEqualSid + 5A 82CE852C 109 Bytes [84, C0, 74, 3F, 8D, 7E, 10, ...] .text ntkrnlpa.exe!RtlEqualSid + C8 82CE859A 41 Bytes [00, C0, EB, 09, 8B, 45, 10, ...] .text ntkrnlpa.exe!RtlEqualSid + F2 82CE85C4 7 Bytes [8B, C3, 5F, 5B, 5D, C2, 0C] .text ... .text ntkrnlpa.exe!RtlSidHashLookup + 15 82CE87A2 9 Bytes [00, 8B, 5D, 0C, 85, DB, 0F, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 1F 82CE87AC 1 Byte [00] .text ntkrnlpa.exe!RtlSidHashLookup + 1F 82CE87AC 11 Bytes [00, 00, 0F, B6, 43, 01, 8D, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2B 82CE87B8 527 Bytes [00, 0F, B6, 44, 83, 04, 89, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23B 82CE89C8 101 Bytes [ED, 03, C7, 89, 44, 24, 18, ...] .text ... .text ntkrnlpa.exe!KeQueryDpcWatchdogInformation + F2 82CE96C7 121 Bytes [00, 89, 06, 8D, 45, F0, 50, ...] .text ntkrnlpa.exe!KeQueryDpcWatchdogInformation + 16C 82CE9741 51 Bytes CALL 82CE85CE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeCancelTimer + 1E 82CE9775 347 Bytes [4C, 64, A1, 20, 00, 00, 00, ...] .text ntkrnlpa.exe!KeCancelTimer + 17A 82CE98D1 32 Bytes [01, 00, 00, 00, 8B, 4D, 0C, ...] .text ntkrnlpa.exe!KeCancelTimer + 19B 82CE98F2 31 Bytes CALL 82CE0B99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeCancelTimer + 1BB 82CE9912 18 Bytes [64, 8B, 0D, 20, 00, 00, 00, ...] .text ntkrnlpa.exe!KeCancelTimer + 1CF 82CE9926 202 Bytes [00, 89, 5E, 48, 03, CF, E8, ...] .text ... .text ntkrnlpa.exe!ZwSetTimer + 71 82CE9C00 20 Bytes [C7, 45, FC, FE, FF, FF, FF, ...] .text ntkrnlpa.exe!ZwSetTimer + 86 82CE9C15 28 Bytes [89, 45, D4, 33, C0, 40, C3, ...] .text ntkrnlpa.exe!ZwSetTimer + A3 82CE9C32 32 Bytes [00, 8B, 45, 0C, 8B, 08, 89, ...] .text ntkrnlpa.exe!ZwSetTimer + C4 82CE9C53 31 Bytes CALL 82E67A5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ZwSetTimer + E4 82CE9C73 1 Byte [00] .text ... .text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + D7 82CE9F1D 335 Bytes [8D, 46, 55, 89, 45, D4, C6, ...] .text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + 227 82CEA06D 306 Bytes [0F, BE, C0, 8B, 4D, E0, 8B, ...] .text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + 35A 82CEA1A0 108 Bytes [5F, 5E, 5B, C9, C2, 08, 00, ...] .text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 61 82CEA20D 98 Bytes [C0, EB, 13, FF, 40, 04, 8B, ...] .text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + C4 82CEA270 135 Bytes [8B, 3D, 50, B1, C3, 82, C6, ...] .text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 14C 82CEA2F8 78 Bytes [20, 3D, F2, 00, 00, C0, 74, ...] .text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 19B 82CEA347 80 Bytes [00, 88, 44, 24, 14, 8B, 46, ...] .text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 1EC 82CEA398 428 Bytes [1A, 8D, 44, 24, 18, 50, 6A, ...] .text ... .text ntkrnlpa.exe!KeSetEventBoostPriority + 113 82CEA75C 227 Bytes CALL 82CE0B4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeSetEventBoostPriority + 1F7 82CEA840 5 Bytes [00, 8A, 8A, 31, 01] .text ntkrnlpa.exe!KeSetEventBoostPriority + 1FD 82CEA846 11 Bytes [00, 3A, C1, 7D, 02, 8A, C1, ...] {ADD [EDX], BH; SAR DWORD [EBP+0x2], 0x8a; ROL ESI, 0x82; XOR AL, [ECX]} .text ntkrnlpa.exe!KeSetEventBoostPriority + 209 82CEA852 1 Byte [00] .text ntkrnlpa.exe!KeSetEventBoostPriority + 209 82CEA852 22 Bytes [00, 00, 3A, C3, 74, 56, 88, ...] .text ... .text ntkrnlpa.exe!KePulseEvent + 21 82CEA9F2 108 Bytes [74, 0F, FF, 75, 0C, C7, 46, ...] .text ntkrnlpa.exe!KePulseEvent + 8E 82CEAA5F 139 Bytes [00, 8B, 0E, 33, D2, 3B, CA, ...] .text ntkrnlpa.exe!KePulseEvent + 11A 82CEAAEB 41 Bytes [24, 2C, EB, 50, 8D, 44, 24, ...] .text ntkrnlpa.exe!KePulseEvent + 144 82CEAB15 86 Bytes [24, 38, 8B, 7C, 24, 2C, 1B, ...] .text ntkrnlpa.exe!KePulseEvent + 19B 82CEAB6C 137 Bytes [85, D2, 77, 05, 83, F8, FF, ...] .text ... .text ntkrnlpa.exe!KeReleaseSemaphore + 32 82CEAE4E 9 Bytes [74, 08, FF, 75, 0C, E8, CA, ...] .text ntkrnlpa.exe!KeReleaseSemaphore + 3C 82CEAE58 3 Bytes [80, 7D, 14] .text ntkrnlpa.exe!KeReleaseSemaphore + 40 82CEAE5C 7 Bytes [74, 0F, 64, A1, 24, 01, 00] .text ntkrnlpa.exe!KeReleaseSemaphore + 48 82CEAE64 13 Bytes [83, 48, 68, 08, 88, 58, 5E, ...] .text ntkrnlpa.exe!KeReleaseSemaphore + 56 82CEAE72 1 Byte [00] .text ... .text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 10 82CEAEC8 3 Bytes [00, 00, 66] .text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 15 82CEAECD 2 Bytes [0F, B7] .text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 18 82CEAED0 25 Bytes [66, 85, C0, 75, 1C, 8D, 41, ...] .text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 32 82CEAEEA 25 Bytes JMP 82C5CCAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + D 82CEAF04 2 Bytes [88, 80] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 11 82CEAF08 3 Bytes [00, 6A, 01] {ADD [EDX+0x1], CH} .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 15 82CEAF0C 5 Bytes [75, 08, E8, 16, CF] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 1C 82CEAF13 4 Bytes [64, A1, 24, 01] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 21 82CEAF18 5 Bytes [00, 8B, 80, 70, 01] .text ... .text ntkrnlpa.exe!KeResetEvent + 2 82CEAF2A 7 Bytes [55, 8B, EC, 53, 56, 33, C9] {PUSH EBP; MOV EBP, ESP; PUSH EBX; PUSH ESI; XOR ECX, ECX} .text ntkrnlpa.exe!KeResetEvent + A 82CEAF32 9 Bytes [15, 68, B0, C3, 82, 64, 8B, ...] .text ntkrnlpa.exe!KeResetEvent + 16 82CEAF3E 16 Bytes [8A, D8, 8B, 45, 08, 8B, 70, ...] .text ntkrnlpa.exe!KeResetEvent + 28 82CEAF50 3 Bytes CALL 82CE0B9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeResetEvent + 2C 82CEAF54 25 Bytes CALL 82CE2031 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeEnterCriticalRegion + 6 82CEAF6F 72 Bytes [66, FF, 88, 80, 00, 00, 00, ...] .text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 3C 82CEAFB8 13 Bytes [00, 00, 8D, 4E, 34, 8D, 55, ...] .text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 4A 82CEAFC6 61 Bytes [8B, 76, 08, 85, F6, 74, 2E, ...] .text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 88 82CEB004 9 Bytes [8B, 45, 08, 5B, 5F, 5E, C9, ...] .text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 92 82CEB00E 9 Bytes [90, 90, 90, 90, 90, 64, A1, ...] .text ntkrnlpa.exe!IoGetCurrentProcess + 5 82CEB018 23 Bytes [00, 8B, 40, 48, C3, 90, 90, ...] .text ntkrnlpa.exe!IoGetCurrentProcess + 1D 82CEB030 12 Bytes [00, 00, 89, 7D, F8, 8D, 5E, ...] .text ntkrnlpa.exe!IoGetCurrentProcess + 2A 82CEB03D 7 Bytes [3B, C3, 0F, 84, 9F, 00, 00] .text ntkrnlpa.exe!IoGetCurrentProcess + 32 82CEB045 10 Bytes [80, 78, 16, 01, 8B, 48, 08, ...] .text ntkrnlpa.exe!IoGetCurrentProcess + 3D 82CEB050 43 Bytes [01, 00, 00, 75, 78, 0F, B7, ...] .text ... .text ntkrnlpa.exe!RtlSplay + 10 82CEB148 36 Bytes [56, 57, 8B, 10, 39, 42, 04, ...] .text ntkrnlpa.exe!RtlSplay + 37 82CEB16F 63 Bytes [39, 51, 04, 75, 3D, 8B, 70, ...] .text ntkrnlpa.exe!RtlSplay + 78 82CEB1B0 32 Bytes [00, 8B, 70, 04, 85, F6, 89, ...] .text ntkrnlpa.exe!RtlSplay + 99 82CEB1D1 30 Bytes [EB, 10, 89, 30, 8B, 31, 8D, ...] .text ntkrnlpa.exe!RtlSplay + B8 82CEB1F0 63 Bytes [00, 00, 3B, CA, 75, 15, 8B, ...] .text ... .text ntkrnlpa.exe!KeReleaseGuardedMutex + 7 82CEB2A4 45 Bytes [56, 33, D2, 57, 42, 8B, C1, ...] .text ntkrnlpa.exe!KeReleaseGuardedMutex + 35 82CEB2D2 5 Bytes [64, 8B, 0D, 24, 01] .text ntkrnlpa.exe!KeReleaseGuardedMutex + 3B 82CEB2D8 12 Bytes [00, 8D, 81, 82, 00, 00, 00, ...] .text ntkrnlpa.exe!KeReleaseGuardedMutex + 48 82CEB2E5 9 Bytes [66, 85, C0, 75, 0C, 8D, 41, ...] .text ntkrnlpa.exe!KeReleaseGuardedMutex + 52 82CEB2EF 34 Bytes CALL 82C5CCAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 13 82CEB312 7 Bytes [85, C0, 75, 0F, FF, 76, 20] {TEST EAX, EAX; JNZ 0x13; PUSH DWORD [ESI+0x20]} .text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 1B 82CEB31A 8 Bytes [46, 10, FF, 76, 24, FF, 76, ...] {INC ESI; ADC BH, BH; JBE 0x29; PUSH DWORD [ESI+0x1c]} .text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 24 82CEB323 24 Bytes [56, 28, 5E, 5D, C2, 04, 00, ...] .text ntkrnlpa.exe!KeAcquireGuardedMutex + D 82CEB33C 2 Bytes [8F, 82] .text ntkrnlpa.exe!KeAcquireGuardedMutex + 11 82CEB340 14 Bytes [00, 8B, F1, 8B, C6, F0, 0F, ...] .text ntkrnlpa.exe!KeAcquireGuardedMutex + 20 82CEB34F 34 Bytes [F9, FF, 89, 7E, 04, 5F, 5E, ...] .text ntkrnlpa.exe!ExFreeToPagedLookasideList + 16 82CEB372 17 Bytes [75, 0C, FF, 41, 18, FF, 51, ...] .text ntkrnlpa.exe!ExFreeToPagedLookasideList + 28 82CEB384 3 Bytes [5D, C2, 08] .text ntkrnlpa.exe!ExFreeToPagedLookasideList + 2C 82CEB388 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!ExIsResourceAcquiredExclusiveLite + 22 82CEB3AF 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!PsGetProcessImageFileName + C 82CEB3C0 4 Bytes [00, 5D, C2, 04] .text ntkrnlpa.exe!PsGetProcessImageFileName + 11 82CEB3C5 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!EtwEventEnabled + 14 82CEB3DE 19 Bytes [73, 57, 8B, 4D, 10, 8B, 79, ...] .text ntkrnlpa.exe!EtwEventEnabled + 28 82CEB3F2 77 Bytes [8B, 40, 08, 83, C0, 38, 83, ...] .text ntkrnlpa.exe!EtwEventEnabled + 76 82CEB440 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!PsGetProcessWin32Process + 12 82CEB457 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + B 82CEB467 4 Bytes [8B, 88, 0C, 02] .text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 11 82CEB46D 6 Bytes [8B, 55, 08, 89, 0A, 66] .text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 18 82CEB474 2 Bytes [88, 80] .text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 1C 82CEB478 5 Bytes [00, 8B, 80, 70, 01] .text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 23 82CEB47F 36 Bytes [5D, C2, 04, 00, 90, 90, 90, ...] .text ... .text ntkrnlpa.exe!RtlLookupElementGenericTableFull + 2 82CEB4DB 39 Bytes [55, 8B, EC, 56, 8B, 75, 10, ...] .text ntkrnlpa.exe!RtlLookupElementGenericTableFull + 2B 82CEB504 38 Bytes [89, 07, 8B, 06, 83, C0, 18, ...] .text ntkrnlpa.exe!RtlLookupElementGenericTable + 11 82CEB52B 6 Bytes [75, 08, E8, A7, FF, FF] .text ntkrnlpa.exe!RtlLookupElementGenericTable + 18 82CEB532 18 Bytes [5D, C2, 08, 00, 90, 90, 90, ...] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + B 82CEB546 6 Bytes [66, FF, 88, 80, 00, 00] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 12 82CEB54D 14 Bytes [6A, 01, FF, 75, 08, E8, 90, ...] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 22 82CEB55D 9 Bytes [8B, 80, 70, 01, 00, 00, 5D, ...] .text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 2C 82CEB567 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!RtlFindLeastSignificantBit + 2C 82CEB598 53 Bytes [00, FF, 00, 33, D2, 0B, CA, ...] .text ntkrnlpa.exe!RtlFindLeastSignificantBit + 62 82CEB5CE 49 Bytes [33, C9, 0B, CA, 74, 04, B3, ...] .text ntkrnlpa.exe!RtlFindLeastSignificantBit + 94 82CEB600 79 Bytes [90, 90, 90, 90, 90, 8B, 11, ...] .text ntkrnlpa.exe!ExfReleasePushLock + 4B 82CEB650 126 Bytes [7E, 0C, 83, CE, FF, F0, 0F, ...] .text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 31 82CEB6D0 13 Bytes [00, 8D, 44, 24, 1C, 50, E8, ...] .text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 41 82CEB6E0 146 Bytes [F6, C1, 02, 6A, 03, 5A, 89, ...] .text ntkrnlpa.exe!ExfAcquirePushLockExclusive + D4 82CEB773 2 Bytes [b9, D3] .text ntkrnlpa.exe!ExfAcquirePushLockExclusive + D7 82CEB776 70 Bytes [3B, C3, C6, 44, 24, 20, 07, ...] .text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 11F 82CEB7BE 24 Bytes [33, DB, 8B, 37, 8B, CE, E9, ...] .text ... .text ntkrnlpa.exe!RtlFindClearBits + 33 82CEB96E 38 Bytes CALL 8F5C8BA6 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) .text ntkrnlpa.exe!RtlFindClearBits + 5B 82CEB996 131 Bytes [8B, DA, 2B, 5D, 0C, 33, F6, ...] .text ntkrnlpa.exe!RtlFindClearBits + E1 82CEBA1C 17 Bytes [8B, 55, 0C, 2B, D6, 8B, F2, ...] .text ntkrnlpa.exe!RtlFindClearBits + F3 82CEBA2E 33 Bytes [75, B9, 83, C0, 04, 3B, C6, ...] .text ntkrnlpa.exe!RtlFindClearBits + 115 82CEBA50 35 Bytes [00, 33, F6, 39, 75, EC, 0F, ...] .text ... .text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 17 82CEBC2D 26 Bytes [74, 07, 83, 65, FC, 00, 83, ...] .text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 32 82CEBC48 11 Bytes [00, 89, 45, 08, 77, 0E, 3B, ...] .text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 3E 82CEBC54 14 Bytes [74, 06, 83, 45, 0C, 04, EB, ...] {JZ 0x8; ADD DWORD [EBP+0xc], 0x4; JMP 0xe; MOVZX EBX, BL; SUB EBX, 0x8} .text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 4D 82CEBC63 10 Bytes [75, 10, FF, 75, 0C, 53, E8, ...] .text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 58 82CEBC6E 5 Bytes [8B, F0, 66, F7, C6] .text ... .text ntkrnlpa.exe!KeUnstackDetachProcess + 15 82CEBD40 7 Bytes [53, 56, 64, 8B, 35, 24, 01] .text ntkrnlpa.exe!KeUnstackDetachProcess + 1D 82CEBD48 7 Bytes [00, 57, 8B, 3D, 64, B0, C3] .text ntkrnlpa.exe!KeUnstackDetachProcess + 25 82CEBD50 3 Bytes [C6, 45, FF] .text ntkrnlpa.exe!KeUnstackDetachProcess + 29 82CEBD54 9 Bytes [8D, 5E, 54, EB, 19, 66, 83, ...] .text ntkrnlpa.exe!KeUnstackDetachProcess + 35 82CEBD60 23 Bytes [00, 75, 1C, 80, 7D, F8, 01, ...] .text ... .text ntkrnlpa.exe!KeStackAttachProcess + F 82CEBED8 6 Bytes [00, 66, 64, A1, 3A, 1B] .text ntkrnlpa.exe!KeStackAttachProcess + 17 82CEBEE0 11 Bytes [66, 85, C0, 57, 74, 25, 66, ...] .text ntkrnlpa.exe!KeStackAttachProcess + 24 82CEBEED 47 Bytes [66, F7, D8, 1B, C0, F7, D8, ...] .text ntkrnlpa.exe!KeStackAttachProcess + 54 82CEBF1D 18 Bytes [EB, 52, 8D, 4E, 54, 8D, 55, ...] .text ntkrnlpa.exe!KeStackAttachProcess + 67 82CEBF30 6 Bytes [00, 00, 81, C1, 18, 04] .text ... .text ntkrnlpa.exe!PsChargeProcessPoolQuota + 2 82CEC2E2 33 Bytes [55, 8B, EC, 51, 8B, 45, 08, ...] .text ntkrnlpa.exe!PsChargeProcessPoolQuota + 24 82CEC304 3 Bytes [b0, 18, 01] .text ntkrnlpa.exe!PsChargeProcessPoolQuota + 28 82CEC308 17 Bytes CALL 82CEBF7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!PsChargeProcessPoolQuota + 3A 82CEC31A 7 Bytes [55, 8B, EC, 51, 53, 56, 57] {PUSH EBP; MOV EBP, ESP; PUSH ECX; PUSH EBX; PUSH ESI; PUSH EDI} .text ntkrnlpa.exe!PsChargeProcessPoolQuota + 42 82CEC322 4 Bytes [15, 74, B0, C3] .text ... .text ntkrnlpa.exe!IoGetAttachedDevice + 35 82CEC628 15 Bytes CALL 82D07B6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!IoGetAttachedDevice + 45 82CEC638 45 Bytes [00, 8A, 46, 27, 33, D2, 33, ...] .text ntkrnlpa.exe!IoGetAttachedDevice + 73 82CEC666 61 Bytes JMP 82CEC6EC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!IoGetAttachedDevice + B2 82CEC6A5 4 Bytes [66, 8B, 5F, 04] {MOV BX, [EDI+0x4]} .text ntkrnlpa.exe!IoGetAttachedDevice + B7 82CEC6AA 8 Bytes [47, 14, 66, 3B, 5F, 08, 72, ...] {INC EDI; ADC AL, 0x66; CMP EBX, [EDI+0x8]; JB 0x26} .text ... .text ntkrnlpa.exe!IoFreeIrp + 2 82CEC6FA 9 Bytes JMP 1B8425FF .text ntkrnlpa.exe!IoFreeIrp + C 82CEC704 6 Bytes [90, 90, 90, 90, 90, 8B] .text ntkrnlpa.exe!IoFreeIrp + 13 82CEC70B 20 Bytes [55, 8B, EC, 85, D2, 8B, 4D, ...] .text ntkrnlpa.exe!IoFreeIrp + 28 82CEC720 20 Bytes [00, 89, 10, 8B, 51, 2C, 89, ...] .text ntkrnlpa.exe!IoFreeIrp + 3D 82CEC735 14 Bytes [8B, 89, 74, 01, 00, 00, F6, ...] .text ... .text ntkrnlpa.exe!RtlSetBits + 2D 82CEC94A 17 Bytes [8B, C8, D2, E2, 08, 16, EB, ...] .text ntkrnlpa.exe!RtlSetBits + 3F 82CEC95C 7 Bytes [08, 06, 46, 8D, 79, F8, 83] .text ntkrnlpa.exe!RtlSetBits + 47 82CEC964 31 Bytes [08, 76, 1B, 53, 8B, DF, C1, ...] .text ntkrnlpa.exe!RtlSetBits + 67 82CEC984 7 Bytes [76, 08, 8A, 87, 28, B4, CD] .text ntkrnlpa.exe!RtlSetBits + 6F 82CEC98C 7 Bytes [08, 06, 5E, 5F, 5D, C2, 0C] .text ... .text ntkrnlpa.exe!IoAllocateIrp + 2 82CEC99B 16 Bytes JMP 1B8025FF .text ntkrnlpa.exe!IoAllocateIrp + 13 82CEC9AC 11 Bytes [55, 8B, EC, 83, E4, F8, 8B, ...] .text ntkrnlpa.exe!IoAllocateIrp + 1F 82CEC9B8 10 Bytes [8B, C1, 56, C1, E0, 05, 05, ...] .text ntkrnlpa.exe!IoAllocateIrp + 2A 82CEC9C3 6 Bytes [57, 8B, 7D, 10, BE, FF] .text ntkrnlpa.exe!IoAllocateIrp + 32 82CEC9CB 20 Bytes [1F, 74, 23, 8B, D7, C1, EA, ...] .text ... .text ntkrnlpa.exe!ExiReleaseFastMutex + 36 82CECA5C 10 Bytes [8A, CB, 5F, 5E, 5B, FF, 25, ...] .text ntkrnlpa.exe!ExiReleaseFastMutex + 41 82CECA67 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!ExiAcquireFastMutex + E 82CECA7A 21 Bytes [8A, D8, 8B, C6, F0, 0F, BA, ...] .text ntkrnlpa.exe!ExiAcquireFastMutex + 24 82CECA90 18 Bytes [89, 46, 04, 0F, B6, C3, 89, ...] .text ntkrnlpa.exe!IoGetRelatedDeviceObject + 2 82CECAA3 59 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...] .text ntkrnlpa.exe!IoGetRelatedDeviceObject + 3E 82CECADF 5 Bytes [74, 31, 83, 78, 7C] .text ntkrnlpa.exe!IoGetRelatedDeviceObject + 44 82CECAE5 10 Bytes [74, 23, 6A, 01, 33, D2, E8, ...] .text ntkrnlpa.exe!IoGetRelatedDeviceObject + 4F 82CECAF0 67 Bytes [85, C0, 74, 16, 8B, 30, 85, ...] .text ntkrnlpa.exe!IoWithinStackLimits + 15 82CECB34 11 Bytes [00, 84, C0, 56, 57, 74, 2F, ...] .text ntkrnlpa.exe!IoWithinStackLimits + 21 82CECB40 29 Bytes [00, 3B, 58, 0C, 74, 24, 8B, ...] .text ntkrnlpa.exe!IoWithinStackLimits + 3F 82CECB5E 21 Bytes [D0, FF, FF, 3B, D0, 72, 3A, ...] .text ntkrnlpa.exe!IoWithinStackLimits + 55 82CECB74 67 Bytes [FF, 8B, D0, 85, D2, 74, 24, ...] .text ntkrnlpa.exe!IoGetTopLevelIrp + B 82CECBB8 63 Bytes [00, C3, 90, 90, 90, 90, 90, ...] .text ntkrnlpa.exe!KeEnterGuardedRegion + 5 82CECBF8 2 Bytes [00, 66] .text ntkrnlpa.exe!KeEnterGuardedRegion + 8 82CECBFB 2 Bytes [88, 82] .text ntkrnlpa.exe!KeEnterGuardedRegion + D 82CECC00 11 Bytes [C3, 90, 90, 90, 90, 90, 64, ...] .text ntkrnlpa.exe!KeLeaveGuardedRegion + 7 82CECC0D 8 Bytes [8D, 81, 82, 00, 00, 00, 66, ...] .text ntkrnlpa.exe!KeLeaveGuardedRegion + 10 82CECC16 17 Bytes [0F, B7, 00, 66, 85, C0, 75, ...] .text ntkrnlpa.exe!KeLeaveGuardedRegion + 22 82CECC28 9 Bytes [F7, FF, C3, 90, 90, 90, 90, ...] .text ntkrnlpa.exe!KeLeaveGuardedRegion + 2C 82CECC32 28 Bytes [55, 8B, EC, 83, EC, 0C, 85, ...] .text ntkrnlpa.exe!KeLeaveGuardedRegion + 49 82CECC4F 15 Bytes [C0, 00, 00, 75, 54, 8B, 86, ...] .text ... .text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 12 82CECE04 8 Bytes [88, 45, E7, 3C, 01, 76, 12, ...] .text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 1B 82CECE0D 1 Byte [6A] .text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 1B 82CECE0D 22 Bytes [6A, 00, 0F, B6, C0, 50, 6A, ...] .text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 32 82CECE24 10 Bytes [76, 0A, B8, F1, 00, 00, C0, ...] .text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 3E 82CECE30 5 Bytes [64, 8B, 3D, 24, 01] .text ... .text ntkrnlpa.exe!IoSetTopLevelIrp + 2 82CED05A 17 Bytes [55, 8B, EC, 64, A1, 24, 01, ...] .text ntkrnlpa.exe!IoSetTopLevelIrp + 14 82CED06C 3 Bytes [5D, C2, 04] .text ntkrnlpa.exe!IoSetTopLevelIrp + 18 82CED070 68 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!IoIsOperationSynchronous + 40 82CED0B5 8 Bytes [56, 8B, 70, 48, 8B, 86, 50, ...] .text ntkrnlpa.exe!IoIsOperationSynchronous + 4A 82CED0BF 5 Bytes [81, C6, 38, 02, 00] .text ntkrnlpa.exe!IoIsOperationSynchronous + 50 82CED0C5 34 Bytes [89, 45, FC, 85, C0, 75, 04, ...] .text ntkrnlpa.exe!IoIsOperationSynchronous + 73 82CED0E8 97 Bytes [00, 00, 83, F8, 01, 75, DD, ...] .text ntkrnlpa.exe!IoIsOperationSynchronous + D5 82CED14A 23 Bytes [55, 8B, EC, 53, 8B, 5D, 08, ...] .text ... .text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 2 82CED214 11 Bytes [55, 8B, EC, 8B, 45, 08, 3B, ...] .text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + E 82CED220 38 Bytes [75, 04, 33, C0, EB, 11, FF, ...] .text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 35 82CED247 4 Bytes CALL 82C807E8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 3A 82CED24C 15 Bytes [8B, 45, 08, 8D, 70, C0, 89, ...] .text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 4A 82CED25C 18 Bytes [89, 4D, D8, 8B, 4D, 14, 8B, ...] .text ... .text ntkrnlpa.exe!KeInitializeApc + 2 82CEDAC4 16 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...] .text ntkrnlpa.exe!KeInitializeApc + 13 82CEDAD5 76 Bytes [12, C6, 40, 02, 30, 75, 06, ...] .text ntkrnlpa.exe!KeInitializeApc + 60 82CEDB22 49 Bytes [55, 8B, EC, 83, E4, F8, 83, ...] .text ntkrnlpa.exe!KeInitializeApc + 92 82CEDB54 115 Bytes [00, 8A, 5F, 2D, 74, 40, 84, ...] .text ntkrnlpa.exe!KeInitializeApc + 106 82CEDBC8 11 Bytes [0F, BE, 4F, 2C, 3B, C8, 0F, ...] .text ... .text ntkrnlpa.exe!KiDeliverApc + 21 82CEDE3F 5 Bytes [66, 83, BE, 82, 00] .text ntkrnlpa.exe!KiDeliverApc + 29 82CEDE47 31 Bytes [8B, 86, 20, 01, 00, 00, 89, ...] .text ntkrnlpa.exe!KiDeliverApc + 4A 82CEDE68 9 Bytes [87, 44, 24, 20, 8B, 1D, 50, ...] .text ntkrnlpa.exe!KiDeliverApc + 54 82CEDE72 12 Bytes JMP 82CEDF66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KiDeliverApc + 61 82CEDE7F 4 Bytes [15, 54, B1, C3] .text ... .text ntkrnlpa.exe!KeInsertQueueApc + 21 82CEE0A0 4 Bytes [8B, 87, B0, 00] .text ntkrnlpa.exe!KeInsertQueueApc + 27 82CEE0A6 35 Bytes [A8, 40, 74, 22, B3, 01, 38, ...] .text ntkrnlpa.exe!KeInsertQueueApc + 4B 82CEE0CA 39 Bytes [EB, 02, 32, DB, 8D, 4C, 24, ...] .text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 2 82CEE0F2 9 Bytes [55, 8B, EC, 51, 51, 64, A1, ...] .text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + C 82CEE0FC 19 Bytes [00, 53, 33, DB, 66, FF, 88, ...] .text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 20 82CEE110 2 Bytes [6F, D4] .text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 23 82CEE113 13 Bytes [59, 8B, D6, 33, C0, F0, 0F, ...] {POP ECX; MOV EDX, ESI; XOR EAX, EAX; LOCK CMPXCHG [EDX], ECX; TEST EAX, EAX; JZ 0x14} .text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 31 82CEE121 22 Bytes CALL 82CF22C7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!SeTokenIsRestricted + C6 82CEE2E4 9 Bytes [FF, FF, 3B, D7, 0F, 85, 57, ...] .text ntkrnlpa.exe!SeTokenIsRestricted + D0 82CEE2EE 13 Bytes [8B, 55, FC, FF, 42, 08, 8B, ...] .text ntkrnlpa.exe!SeTokenIsRestricted + DE 82CEE2FC 63 Bytes [b0, 01, 5F, 5B, C9, C2, 04, ...] .text ntkrnlpa.exe!SeTokenIsRestricted + 11E 82CEE33C 9 Bytes [74, 37, EB, 44, EB, 33, 8D, ...] .text ntkrnlpa.exe!SeTokenIsRestricted + 12A 82CEE348 2 Bytes [83, C9] .text ... .text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 15 82CEE6EC 23 Bytes [57, 6A, 00, 8D, 7D, FC, E8, ...] .text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 2D 82CEE704 13 Bytes [00, 83, 65, 08, 00, 53, B1, ...] .text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 3B 82CEE712 21 Bytes [8A, D8, 8B, C6, F0, 0F, BA, ...] .text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 51 82CEE728 20 Bytes [8B, 7D, 10, 85, FF, 8B, 55, ...] .text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 66 82CEE73D 50 Bytes [8D, 72, 20, 8B, 06, EB, 0F, ...] .text ... .text ntkrnlpa.exe!ExAcquireRundownProtectionCacheAwareEx + 4 82CEE7FC 29 Bytes [00, 00, 0F, B6, C0, 56, 8B, ...] .text ntkrnlpa.exe!ExAcquireRundownProtectionCacheAwareEx + 23 82CEE81B 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!ExReleaseRundownProtectionCacheAwareEx + C 82CEE82C 163 Bytes [53, 56, 57, 89, 55, FC, 0F, ...] .text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 1F 82CEE8D0 23 Bytes [00, 00, 8D, 4F, 34, 6A, 11, ...] .text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 37 82CEE8E8 22 Bytes [00, EB, 2A, 8B, 77, 28, B1, ...] .text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 4E 82CEE8FF 55 Bytes CALL 82C7B392 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 86 82CEE937 112 Bytes [3B, C1, 74, 2B, EB, EB, EB, ...] .text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + F7 82CEE9A8 3 Bytes [00, 00, 66] .text ... .text ntkrnlpa.exe!RtlClearBits + 2D 82CEFD1B 64 Bytes [8B, C8, D2, E2, F6, D2, 20, ...] .text ntkrnlpa.exe!RtlClearBits + 6E 82CEFD5C 14 Bytes [20, 06, 5E, 5F, 5D, C2, 0C, ...] .text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 2 82CEFD6B 16 Bytes [55, 8B, EC, 56, 8B, 75, 08, ...] .text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 13 82CEFD7C 7 Bytes [00, 00, 84, C0, 0F, 84, 9C] .text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 1B 82CEFD84 144 Bytes [00, 00, 8B, 55, 14, 85, D2, ...] .text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + AC 82CEFE15 40 Bytes [89, 30, 8B, 45, 24, 85, C0, ...] .text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + D5 82CEFE3E 93 Bytes [85, C9, 7C, 32, 8B, 45, FC, ...] .text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + D 82CEFE9C 10 Bytes [66, FF, 08, 56, 8B, F1, F0, ...] .text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 18 82CEFEA7 4 Bytes [5E, 72, 1C, 66] .text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 1E 82CEFEAD 2 Bytes [0F, B7] .text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 21 82CEFEB0 34 Bytes [66, 85, C0, 75, 0C, 8D, 42, ...] .text ntkrnlpa.exe!ExReleaseFastMutexUnsafe + 2 82CEFED3 4 Bytes [51, 83, 61, 04] .text ntkrnlpa.exe!ExReleaseFastMutexUnsafe + 7 82CEFED8 81 Bytes [56, 33, D2, 57, 42, 8B, C1, ...] .text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 1B 82CEFF2A 92 Bytes [89, 7E, 04, 5F, 5E, C3, 90, ...] .text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 78 82CEFF87 12 Bytes [74, 3A, 85, DB, 74, 2E, 64, ...] .text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 85 82CEFF94 10 Bytes [8B, C3, 2B, C6, C1, F8, 03, ...] .text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 91 82CEFFA0 22 Bytes [00, 8B, C3, EB, 20, 64, 8B, ...] .text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + A9 82CEFFB8 3 Bytes [00, EB, 0A] .text ... .text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 17 82CF09BB 3 Bytes [b0, 18, 01] .text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 1C 82CF09C0 3 Bytes CALL 82CEC08E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 20 82CF09C4 41 Bytes [FF, 5D, C2, 08, 00, 90, 90, ...] .text ntkrnlpa.exe!FsRtlIsPagingFile + 20 82CF09EE 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!FsRtlIsPagingFile + 40 82CF0A0E 1 Byte [04] .text ntkrnlpa.exe!FsRtlIsPagingFile + 40 82CF0A0E 14 Bytes [04, 00, 00, 6A, 00, 89, 4C, ...] .text ntkrnlpa.exe!FsRtlIsPagingFile + 50 82CF0A1E 6 Bytes [85, C9, 0F, 85, 32, 02] .text ntkrnlpa.exe!FsRtlIsPagingFile + 58 82CF0A26 3 Bytes [25, FF, FB] .text ... .text ntkrnlpa.exe!RtlAreBitsSet + 47 82CF0D84 25 Bytes [22, 82, 34, B4, CD, 82, F6, ...] .text ntkrnlpa.exe!RtlAreBitsSet + 61 82CF0D9E 27 Bytes [EB, 06, 8A, 10, 40, 80, FA, ...] .text ntkrnlpa.exe!RtlAreBitsSet + 7D 82CF0DBA 10 Bytes [EB, CE, 32, C0, 5F, 5E, 5B, ...] .text ntkrnlpa.exe!RtlAreBitsSet + 88 82CF0DC5 6 Bytes [90, 90, 90, 90, 90, 8B] .text ntkrnlpa.exe!RtlFindClearBitsAndSet + 2 82CF0DCC 10 Bytes [55, 8B, EC, 56, FF, 75, 10, ...] {PUSH EBP; MOV EBP, ESP; PUSH ESI; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]} .text ntkrnlpa.exe!RtlFindClearBitsAndSet + D 82CF0DD7 11 Bytes CALL 82CEB939 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!RtlFindClearBitsAndSet + 19 82CF0DE3 6 Bytes [74, 0C, FF, 75, 0C, 56] {JZ 0xe; PUSH DWORD [EBP+0xc]; PUSH ESI} .text ntkrnlpa.exe!RtlFindClearBitsAndSet + 20 82CF0DEA 13 Bytes CALL 82CEC91B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!RtlFindClearBitsAndSet + 2E 82CF0DF8 67 Bytes [90, 90, 90, 90, 90, 8B, 11, ...] .text ntkrnlpa.exe!ExAcquireRundownProtection + 3F 82CF0E3C 3 Bytes [5D, C2, 04] .text ntkrnlpa.exe!ExAcquireRundownProtection + 43 82CF0E40 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!ExAcquireRundownProtection + 56 82CF0E53 20 Bytes [03, 53, 8B, 5D, 08, 74, 17, ...] .text ntkrnlpa.exe!ExAcquireRundownProtection + 6B 82CF0E68 6 Bytes [89, 06, B0, 01, E9, CF] .text ntkrnlpa.exe!ExAcquireRundownProtection + 73 82CF0E70 7 Bytes [00, 57, 64, 8B, 3D, 24, 01] .text ... .text ntkrnlpa.exe!ExReleaseRundownProtection + 36 82CF0F80 3 Bytes [72, 0D, 6A] .text ntkrnlpa.exe!ExReleaseRundownProtection + 3A 82CF0F84 121 Bytes [6A, 00, 83, C2, 04, 52, E8, ...] .text ntkrnlpa.exe!RtlAreBitsClear + 3F 82CF0FFE 5 Bytes [22, 83, 29, B4, CD] .text ntkrnlpa.exe!RtlAreBitsClear + 45 82CF1004 22 Bytes [22, 82, 34, B4, CD, 82, F6, ...] .text ntkrnlpa.exe!RtlAreBitsClear + 5C 82CF101B 24 Bytes [EB, 05, 8A, 10, 40, 84, D2, ...] .text ntkrnlpa.exe!RtlAreBitsClear + 75 82CF1034 17 Bytes [EB, D4, 32, C0, 5F, 5E, 5B, ...] .text ntkrnlpa.exe!RtlAreBitsClear + 87 82CF1046 41 Bytes [55, 8B, EC, 8B, 52, 04, 56, ...] .text ... .text ntkrnlpa.exe!RtlFindSetBits + 1C 82CF14F1 4 Bytes [48, 83, 7D, 0C] .text ntkrnlpa.exe!RtlFindSetBits + 21 82CF14F6 16 Bytes [89, 75, EC, 89, 4D, E8, 75, ...] .text ntkrnlpa.exe!RtlFindSetBits + 33 82CF1508 34 Bytes CALL 8F5CE740 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) .text ntkrnlpa.exe!RtlFindSetBits + 56 82CF152B 2 Bytes JMP 82CF160B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!RtlFindSetBits + 5B 82CF1530 51 Bytes [8B, DA, 2B, 5D, 0C, 33, F6, ...] .text ... .text ntkrnlpa.exe!RtlCopyUnicodeString + 59 82CF208C 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text ntkrnlpa.exe!RtlCopyUnicodeString + 71 82CF20A4 23 Bytes [8A, D0, 8B, 45, 08, FF, 48, ...] .text ntkrnlpa.exe!RtlCopyUnicodeString + 89 82CF20BC 25 Bytes [00, 00, F6, 41, 10, 07, 74, ...] .text ntkrnlpa.exe!RtlCopyUnicodeString + A3 82CF20D6 24 Bytes [15, 58, B1, C3, 82, 8B, E5, ...] .text ntkrnlpa.exe!RtlCopyUnicodeString + BC 82CF20EF 4 Bytes [15, 5C, B1, C3] .text ... .text ntkrnlpa.exe!ExfAcquirePushLockShared + 2 82CF22CA 13 Bytes [55, 8B, EC, 83, E4, F0, 83, ...] .text ntkrnlpa.exe!ExfAcquirePushLockShared + 10 82CF22D8 19 Bytes [53, 56, 57, 8B, F9, 8B, 0F, ...] .text ntkrnlpa.exe!ExfAcquirePushLockShared + 24 82CF22EC 18 Bytes CALL F7D10374 .text ntkrnlpa.exe!ExfAcquirePushLockShared + 38 82CF2300 25 Bytes [00, 33, F6, 6A, 02, 5A, 32, ...] .text ntkrnlpa.exe!ExfAcquirePushLockShared + 52 82CF231A 30 Bytes [83, E0, F0, 89, 44, 24, 30, ...] .text ... .text ntkrnlpa.exe!RtlSubAuthoritySid + 3 82CF2412 29 Bytes [8B, EC, 8B, 45, 0C, 8B, 4D, ...] .text ntkrnlpa.exe!IoAcquireCancelSpinLock + 9 82CF2430 35 Bytes [15, 5C, B1, C3, 82, 8B, 4D, ...] .text ntkrnlpa.exe!IoReleaseCancelSpinLock + 11 82CF2454 3 Bytes [5D, C2, 04] .text ntkrnlpa.exe!IoReleaseCancelSpinLock + 15 82CF2458 6 Bytes [90, 90, 90, 90, 90, 8B] .text ntkrnlpa.exe!CcUninitializeCacheMap + 2 82CF245F 18 Bytes [55, 8B, EC, 83, E4, F8, 83, ...] .text ntkrnlpa.exe!CcUninitializeCacheMap + 15 82CF2472 7 Bytes [24, 14, 88, 5C, 24, 0F, 89] .text ntkrnlpa.exe!CcUninitializeCacheMap + 1D 82CF247A 7 Bytes [24, 18, FF, 15, 5C, B1, C3] .text ntkrnlpa.exe!CcUninitializeCacheMap + 25 82CF2482 33 Bytes [8B, 55, 08, 8B, 7A, 18, 3B, ...] .text ntkrnlpa.exe!CcUninitializeCacheMap + 47 82CF24A4 12 Bytes [00, 00, BF, 58, 04, 00, 00, ...] .text ... .text ntkrnlpa.exe!CcRemapBcb + 2A 82CF278F 4 Bytes [15, 5C, B1, C3] .text ntkrnlpa.exe!CcRemapBcb + 2F 82CF2794 14 Bytes [66, FF, 46, 08, 6A, 04, 8A, ...] .text ntkrnlpa.exe!CcRemapBcb + 3E 82CF27A3 26 Bytes [8B, C6, 83, C8, 01, 5E, 5D, ...] .text ntkrnlpa.exe!CcRemapBcb + 59 82CF27BE 21 Bytes [53, 56, 8D, 70, 7C, 8B, 0E, ...] .text ntkrnlpa.exe!CcRemapBcb + 70 82CF27D5 12 Bytes JMP 82CF288F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!PsIsCurrentThreadPrefetching + 7 82CF28A6 84 Bytes [80, 69, 02, 00, 00, C0, E8, ...] .text ntkrnlpa.exe!IoSetShareAccessEx + 46 82CF28FC 83 Bytes [8B, 45, F8, F6, 00, 01, 74, ...] .text ntkrnlpa.exe!IoSetShareAccessEx + 9A 82CF2950 3 Bytes [01, 00, 00] .text ntkrnlpa.exe!IoSetShareAccessEx + 9E 82CF2954 79 Bytes [0F, B6, 4E, 26, 89, 48, 04, ...] .text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 2 82CF29A4 43 Bytes [55, 8B, EC, 51, 56, 8B, 75, ...] .text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 2E 82CF29D0 77 Bytes [83, 65, 08, 00, 53, B1, 01, ...] .text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 7C 82CF2A1E 65 Bytes [3B, C1, 74, 3B, EB, EB, EB, ...] .text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + BE 82CF2A60 24 Bytes [8A, 5A, 1C, 33, C9, 41, 8B, ...] .text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + D7 82CF2A79 29 Bytes [8B, F0, 8B, FA, 8B, C1, F0, ...] .text ... .text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 2 82CF2AFA 18 Bytes [55, 8B, EC, 51, 53, 56, 8B, ...] .text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 15 82CF2B0D 23 Bytes JMP 82CF2C24 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 2E 82CF2B26 31 Bytes [8B, 7D, FC, 3B, FB, 75, 76, ...] .text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 4F 82CF2B47 5 Bytes [C0, E9, D7, 00, 00] {SHR CL, 0xd7; ADD [EAX], AL} .text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 55 82CF2B4D 31 Bytes [89, 5F, 04, 89, 5F, 08, 33, ...] .text ... .text ntkrnlpa.exe!KeAreApcsDisabled + 6 82CF2C56 6 Bytes [83, B8, 80, 00, 00, 00] .text ntkrnlpa.exe!KeAreApcsDisabled + D 82CF2C5D 46 Bytes [0F, 95, C0, C3, 90, 90, 90, ...] .text ntkrnlpa.exe!KeAreApcsDisabled + 3C 82CF2C8C 16 Bytes [EB, 10, 8B, 40, 10, 85, C0, ...] .text ntkrnlpa.exe!KeAreApcsDisabled + 4D 82CF2C9D 4 Bytes CALL 82CEAE1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!KeAreApcsDisabled + 53 82CF2CA3 10 Bytes [64, 8B, 0D, 24, 01, 00, 00, ...] .text ... .text ntkrnlpa.exe!IoAllocateMdl + 18 82CF2F66 8 Bytes [8B, 55, 0C, 83, 65, FC, 00, ...] {MOV EDX, [EBP+0xc]; AND DWORD [EBP-0x4], 0x0; PUSH EBX} .text ntkrnlpa.exe!IoAllocateMdl + 21 82CF2F6F 6 Bytes [8B, 7D, 08, B8, FF, 0F] .text ntkrnlpa.exe!IoAllocateMdl + 29 82CF2F77 40 Bytes [23, D0, 8B, CF, 23, C8, 8B, ...] .text ntkrnlpa.exe!IoAllocateMdl + 52 82CF2FA0 7 Bytes [00, EB, 5D, 64, A1, 20, 00] .text ntkrnlpa.exe!IoAllocateMdl + 5A 82CF2FA8 34 Bytes [00, 56, 8B, B0, B0, 06, 00, ...] .text ... .text ntkrnlpa.exe!IoFreeMdl + 35 82CF30A0 51 Bytes [00, 66, 8B, 51, 04, FF, 41, ...] .text ntkrnlpa.exe!IoFreeMdl + 69 82CF30D4 3 Bytes [EB, 08, 6A] .text ntkrnlpa.exe!IoFreeMdl + 6D 82CF30D8 5 Bytes [56, E8, 27, 3F, 03] .text ntkrnlpa.exe!IoFreeMdl + 73 82CF30DE 6 Bytes [5E, 8B, E5, 5D, C2, 04] .text ntkrnlpa.exe!IoFreeMdl + 7A 82CF30E5 6 Bytes [90, 90, 90, 90, 90, 8B] .text ... .text ntkrnlpa.exe!IoSetIoPriorityHint + 11 82CF3194 15 Bytes [C0, EB, 17, 8B, 45, 08, 8B, ...] .text ntkrnlpa.exe!IoSetIoPriorityHint + 21 82CF31A4 10 Bytes [FF, F1, FF, 0B, CA, 89, 48, ...] .text ntkrnlpa.exe!IoSetIoPriorityHint + 2C 82CF31AF 28 Bytes [C2, 08, 00, 90, 90, 90, 90, ...] .text ntkrnlpa.exe!IoSetIoPriorityHint + 49 82CF31CC 15 Bytes [76, 24, FF, 76, 1C, FF, 56, ...] .text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 2 82CF31DC 19 Bytes [55, 8B, EC, 56, 8B, 75, 10, ...] .text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 16 82CF31F0 45 Bytes [83, F8, 01, 8B, 4D, 14, 89, ...] .text ntkrnlpa.exe!IoGetAttachedDeviceReference + 10 82CF321E 19 Bytes [FF, 75, 08, 8A, D8, E8, CB, ...] {PUSH DWORD [EBP+0x8]; MOV BL, AL; CALL 0xffffffffffff93d5; MOV ESI, EAX; MOV ECX, ESI; CALL 0xfffffffffff8bb31} .text ntkrnlpa.exe!IoGetAttachedDeviceReference + 24 82CF3232 9 Bytes [0A, 8A, D3, 59, FF, 15, 58, ...] {OR CL, [EDX+0x15ff59d3]; POP EAX; MOV CL, 0xc3} .text ntkrnlpa.exe!IoGetAttachedDeviceReference + 2E 82CF323C 14 Bytes [8B, C6, 5E, 5B, 5D, C2, 04, ...] .text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 2 82CF324B 14 Bytes [55, 8B, EC, 8D, 45, 0C, 50, ...] {PUSH EBP; MOV EBP, ESP; LEA EAX, [EBP+0xc]; PUSH EAX; LEA EAX, [EBP+0x8]; PUSH EAX; PUSH DWORD [EBP+0xc]} .text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 11 82CF325A 10 Bytes CALL 82CF31D8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 1C 82CF3265 6 Bytes [90, 90, 90, 90, 90, 8B] .text ntkrnlpa.exe!_wcsupr + 2 82CF326C 9 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...] .text ntkrnlpa.exe!_wcsupr + C 82CF3276 54 Bytes [8B, C8, 74, 1D, 0F, B7, 11, ...] .text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 11 82CF32AF 32 Bytes [8B, 4D, 10, 8D, 41, 10, 3B, ...] .text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 32 82CF32D0 5 Bytes [00, 33, C0, E9, 98] {ADD [EBX], DH; SHR CL, 0x98} .text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 3A 82CF32D8 9 Bytes [57, 33, C0, 8B, FB, AB, AB, ...] {PUSH EDI; XOR EAX, EAX; MOV EDI, EBX; STOSD ; STOSD ; STOSD ; STOSD } .text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 44 82CF32E2 5 Bytes [46, 18, 83, 7D, 1C] .text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 4A 82CF32E8 11 Bytes [75, 0E, 89, 5E, 08, 89, 33, ...] .text ... .text ntkrnlpa.exe!ExInitializeRundownProtection + 1F 82CF33AE 49 Bytes JMP 82C88885 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ExInitializeRundownProtection + 51 82CF33E0 25 Bytes [00, 32, D2, 88, 56, 0C, 88, ...] .text ntkrnlpa.exe!ExInitializeRundownProtection + 6B 82CF33FA 17 Bytes [75, 3D, 80, FB, 01, 75, 05, ...] .text ntkrnlpa.exe!ExInitializeRundownProtection + 7D 82CF340C 51 Bytes CALL 82CF344F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!ExInitializeRundownProtection + B1 82CF3440 84 Bytes [F6, DB, 33, C0, 88, 5E, 0C, ...] .text ... .text ntkrnlpa.exe!EtwWrite + 30 82CF4668 145 Bytes [73, 08, C1, E1, 04, 81, C1, ...] .text ntkrnlpa.exe!KeQueryPriorityThread + 1 82CF46FA 51 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...] .text ntkrnlpa.exe!KeQueryPriorityThread + 35 82CF472E 131 Bytes [D8, 8B, 43, 08, 85, C0, 75, ...] .text ntkrnlpa.exe!KeQueryPriorityThread + B9 82CF47B2 201 Bytes [75, 03, 80, C2, 02, 8B, F8, ...] .text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 77 82CF487C 59 Bytes [8B, C3, C1, E0, 03, 50, 8B, ...] .text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + B3 82CF48B8 29 Bytes [FF, 52, 50, 8B, C3, C1, E0, ...] .text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + D1 82CF48D6 83 Bytes [10, 00, 00, 76, 0A, 6A, 01, ...] .text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 125 82CF492A 5 Bytes [23, CA, 23, C2, 2B] .text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 12B 82CF4930 22 Bytes [74, 3C, 8D, 58, FF, C1, EB, ...] .text ... .text ntkrnlpa.exe!CcSetFileSizesEx + 16 82CF4990 18 Bytes [53, 8B, 18, 89, 4C, 24, 10, ...] .text ntkrnlpa.exe!CcSetFileSizesEx + 29 82CF49A3 99 Bytes [8B, 48, 10, 8B, 40, 14, 6A, ...] .text ntkrnlpa.exe!CcSetFileSizesEx + 8D 82CF4A07 86 Bytes [00, FF, 46, 04, 6A, 05, 59, ...] .text ntkrnlpa.exe!CcSetFileSizesEx + E4 82CF4A5E 20 Bytes [F8, FF, 15, 5C, B1, C3, 82, ...] .text ntkrnlpa.exe!CcSetFileSizesEx + F9 82CF4A73 7 Bytes [46, 6C, A9, 00, 00, 01, 00] {INC ESI; INSB ; TEST EAX, 0x10000} .text ... .text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 32 82CF4D8D 3 Bytes [45, F4, 50] {INC EBP; HLT ; PUSH EAX} .text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 36 82CF4D91 5 Bytes [C7, E8, 72, B8, F7] .text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 3C 82CF4D97 6 Bytes [85, C0, 74, E0, 80, 7D] .text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 43 82CF4D9E 188 Bytes [00, 74, 4A, 83, 7F, 10, 00, ...] .text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 100 82CF4E5B 6 Bytes [7D, E0, 8B, 45, 08, 8B] .text ... .text ntkrnlpa.exe!CcSetDirtyPinnedData + 2B 82CF5492 82 Bytes [D9, 8B, 0B, 8B, 49, 70, 66, ...] .text ntkrnlpa.exe!CcSetDirtyPinnedData + 7E 82CF54E5 38 Bytes [EB, 0C, 85, C0, C6, 46, 02, ...] .text ntkrnlpa.exe!CcSetDirtyPinnedData + A5 82CF550C 4 Bytes [bE, 40, 04, 00] .text ntkrnlpa.exe!CcSetDirtyPinnedData + AA 82CF5511 25 Bytes CALL 82CE0B4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!CcSetDirtyPinnedData + C4 82CF552B 19 Bytes CALL 82C6FA74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!IoGetBaseFileSystemDeviceObject + 1 82CF573D 99 Bytes [FF, 55, 8B, EC, 8B, 4D, 08, ...] .text ntkrnlpa.exe!PfFileInfoNotify + 2A 82CF57A1 2 Bytes [8B, 43] .text ntkrnlpa.exe!PfFileInfoNotify + 2D 82CF57A4 57 Bytes [A8, 04, 0F, 84, 26, 03, 00, ...] .text ntkrnlpa.exe!PfFileInfoNotify + 67 82CF57DE 2 Bytes [bE, 89] .text ntkrnlpa.exe!PfFileInfoNotify + 6A 82CF57E1 31 Bytes JMP 82CF5EBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!PfFileInfoNotify + 8A 82CF5801 69 Bytes CALL 82CEB69D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ... .text ntkrnlpa.exe!ExDeleteResourceLite + 2E 82CF5F07 69 Bytes [8B, 46, 08, 33, FF, 3B, C7, ...] .text ntkrnlpa.exe!ExDeleteResourceLite + 74 82CF5F4D 27 Bytes [07, 8B, 4F, 04, 53, 33, DB, ...] .text ntkrnlpa.exe!ExDeleteResourceLite + 90 82CF5F69 42 Bytes CALL 872E987E .text ntkrnlpa.exe!ExDeleteResourceLite + BB 82CF5F94 4 Bytes [0A, 8B, 40, 10] .text ntkrnlpa.exe!ExDeleteResourceLite + C0 82CF5F99 39 Bytes CALL BB50C5AE .text ... .text ntkrnlpa.exe!IoRetrievePriorityInfo + 2 82CF6AA9 104 Bytes [55, 8B, EC, 8B, 45, 08, 85, ...] .text ntkrnlpa.exe!IoRetrievePriorityInfo + 6B 82CF6B12 77 Bytes [3B, F1, 75, 0B, 80, BE, 6B, ...] .text ntkrnlpa.exe!IoRetrievePriorityInfo + B9 82CF6B60 44 Bytes [05, 77, 18, 8B, 55, 08, 8D, ...] .text ntkrnlpa.exe!IoRetrievePriorityInfo + E6 82CF6B8D 16 Bytes [EC, 51, 51, 53, 33, DB, 38, ...] {IN AL, DX ; PUSH ECX; PUSH ECX; PUSH EBX; XOR EBX, EBX; CMP [EBP+0x10], BL; PUSH ESI; PUSH EDI; MOV [EBP-0x4], EBX; JZ 0x21} .text ntkrnlpa.exe!IoRetrievePriorityInfo + F7 82CF6B9E 1 Byte [45] .text ... .text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 29 82CF6CA8 5 Bytes [01, 00, 00, 66, FF] {ADD [EAX], EAX; ADD [ESI-0x1], AH} .text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 2F 82CF6CAE 13 Bytes [80, 00, 00, 00, 8D, 4F, 34, ...] .text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 3D 82CF6CBC 7 Bytes CALL 82CEB69D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 45 82CF6CC4 1 Byte [2A] .text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 45 82CF6CC4 14 Bytes [2A, 8B, 77, 28, B1, 01, FF, ...] {SUB CL, [EBX+0x1b12877]; CALL [0x82c3b14c]; MOV BL, AL} .text ... .text ntkrnlpa.exe!ExReinitializeResourceLite + 2 82CF6DBD 61 Bytes [55, 8B, EC, 53, 56, 8B, 75, ...] .text ntkrnlpa.exe!ExReinitializeResourceLite + 41 82CF6DFC 70 Bytes CALL 82C77EBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 4 82CF6E43 23 Bytes [EC, 8B, 45, 08, 66, 83, 78, ...] .text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 1C 82CF6E5B 114 Bytes CALL 82CEB35C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 8F 82CF6ECE 59 Bytes [00, 00, 89, 7D, CC, 89, 4D, ...] .text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + CB 82CF6F0A 25 Bytes CALL 82CEC9A6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + E6 82CF6F25 130 Bytes [90, 90, 90, 6A, 08, 68, D8, ...] .text ntkrnlpa.exe!FsRtlUninitializeOplock + 80 82CF6FA8 65 Bytes [03, 00, EB, BA, 8D, 43, 08, ...] .text ntkrnlpa.exe!FsRtlUninitializeOplock + C3 82CF6FEB 14 Bytes [00, 83, 66, 18, 00, B2, 01, ...] {ADD [EBX-0x4dffe79a], AL; ADD [EBX+0x7c15ffce], ECX; SBB EDX, EDI} .text ntkrnlpa.exe!FsRtlUninitializeOplock + D2 82CF6FFA 3 Bytes [EB, B0, 8B] .text ntkrnlpa.exe!FsRtlUninitializeOplock + D6 82CF6FFE 33 Bytes [85, F6, 74, 3D, 8D, 7E, 25, ...] .text ntkrnlpa.exe!FsRtlUninitializeOplock + F8 82CF7020 5 Bytes [00, 00, 83, 66, 18] .text ... .text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 26 82CF70D1 8 Bytes [00, 83, FE, 01, 0F, 84, B8, ...] .text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 2F 82CF70DA 8 Bytes [00, FF, 15, 60, B1, C3, 82, ...] .text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 38 82CF70E3 68 Bytes [8D, 54, 24, 20, 0F, 92, 44, ...] .text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 7D 82CF7128 58 Bytes [24, 01, 88, 5C, 24, 25, C6, ...] .text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + B8 82CF7163 9 Bytes [8B, 5C, 24, 14, 33, FF, 8B, ...] .text ... .text ntkrnlpa.exe!RtlDeleteNoSplay + 4 82CF71BD 15 Bytes [EC, 53, 56, 8B, 75, 08, 33, ...] {IN AL, DX ; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0x8]; XOR EBX, EBX; CMP [ESI+0x4], EBX; PUSH EDI; MOV EDI, [EBP+0xc]} .text ntkrnlpa.exe!RtlDeleteNoSplay + 14 82CF71CD 37 Bytes [18, 39, 5E, 08, 74, 13, 56, ...] .text ntkrnlpa.exe!RtlDeleteNoSplay + 3A 82CF71F3 146 Bytes [06, 3B, C6, 75, 04, 89, 1F, ...] .text ntkrnlpa.exe!RtlDelete + 13 82CF7286 184 Bytes CALL 82CF73FF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) .text ntkrnlpa.exe!RtlDelete + CC 82CF733F 114 Bytes [57, 8B, 39, 3B, F9, 8D, 72, ...] .text ntkrnlpa.exe!RtlDelete + 13F 82CF73B2 37 Bytes [8B, 71, 04, 8B, 50, 04, 89, ...] .text ntkrnlpa.exe!RtlDelete + 165 82CF73D8 22 Bytes [50, 04, 85, D2, 5E, 74, 02, ...] .text ntkrnlpa.exe!RtlDelete + 17C 82CF73EF 37 Bytes [74, 02, 89, 08, 8B, 41, 08, ...] .text ntkrnlpa.exe!RtlSubtreePredecessor + 13 82CF7415 110 Bytes [8B, C1, 8B, 48, 08, 85, C9, ...] .text ntkrnlpa.exe!RtlSubtreePredecessor + 82 82CF7484 13 Bytes [A4, F7, 0C, BB, FF, 0F, 00, ...] .text ntkrnlpa.exe!RtlSubtreePredecessor + 90 82CF7492 14 Bytes [E6, 0C, B1, 02, 0B, F0, 0B, ...] {OUT 0xc, AL; MOV CL, 0x2; OR ESI, EAX; OR EDI, EDX; CALL [0x82c3b14c]} .text ntkrnlpa.exe!RtlSubtreePredecessor + 9F 82CF74A1 98 Bytes [4D, 08, 88, 01, 64, A1, 20, ...] .text ntkrnlpa.exe!RtlSubtreePredecessor + 102 82CF7504 7 Bytes [25, FF, 0F, 00, 00, 81, E9] .text ... .text ntkrnlpa.exe!ExGetCurrentProcessorCounts 82CF7569 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP} .text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 4 82CF756D 15 Bytes [EC, 64, A1, 20, 00, 00, 00, ...] .text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 15 82CF757E 1 Byte [55] .text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 15 82CF757E 16 Bytes [55, 08, 89, 0A, 8B, 88, AC, ...] {PUSH EBP; OR [ECX-0x537774f6], CL; ADD EAX, 0x88030000; TEST AL, 0x5; ADD [EAX], AL} .text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 26 82CF758F 45 Bytes [55, 0C, 89, 0A, 0F, B6, 40, ...] .text ... .text ntkrnlpa.exe!ZwQueryDebugFilterState + 32 82CF7B17 63 Bytes [0C, 95, C8, 1F, D3, 82, 85, ...] .text ntkrnlpa.exe!ZwQueryDebugFilterState + 72 82CF7B57 6 Bytes [10, FF, 75, 0C, E8, 85] .text ntkrnlpa.exe!ZwQueryDebugFilterState + 7A 82CF7B5F 11 Bytes [FF, 85, C0, 75, 07, 33, C0, ...] {INC DWORD [EBP+0x330775c0]; SHR CL, 0x8a; ADD AL, [EAX]} .text ntkrnlpa.exe!ZwQueryDebugFilterState + 86 82CF7B6B 38 Bytes [83, 65, FC, 00, 8B, C7, 8D, ...] .text ntkrnlpa.exe!ZwQueryDebugFilterState + AD 82CF7B92 5 Bytes [50, E8, 88, B4, FE] .text ... .text ntkrnlpa.exe!DbgPrint + BA 82CF7EBC 33 Bytes [b8, 68, CF, D4, 82, 33, C9, ...] .text ntkrnlpa.exe!DbgPrint + DC 82CF7EDE 17 Bytes [84, 52, 01, 00, 00, F6, 80, ...] .text ntkrnlpa.exe!DbgPrint + EE 82CF7EF0 55 Bytes [F6, 80, 7D, 0D, 00, 00, 01, ...] .text ntkrnlpa.exe!DbgPrint + 127 82CF7F29 80 Bytes [FF, 03, 8B, D1, 6B, D2, 1C, ...] .text ntkrnlpa.exe!DbgPrint + 178 82CF7F7A 12 Bytes [C1, E1, 0C, 8B, D1, 23, C6, ...] .text ... .text ntkrnlpa.exe!ExfTryToWakePushLock + 1 82CF85AD 54 Bytes [11, F6, C2, 05, 53, 56, 57, ...] .text ntkrnlpa.exe!ExfTryToWakePushLock + 38 82CF85E4 25 Bytes [53, 8D, 4E, 58, 8D, 55, F0, ...] .text ntkrnlpa.exe!ExfTryToWakePushLock + 52 82CF85FE 2 Bytes [47, 10] .text ntkrnlpa.exe!ExfTryToWakePushLock + 55 82CF8601 66 Bytes [86, 94, 01, 00, 00, 89, 47, ...] .text ntkrnlpa.exe!ExfTryToWakePushLock + 98 82CF8644 9 Bytes [00, 89, 47, 30, 8B, 86, B4, ...] .text ... .text ntkrnlpa.exe!AlpcInitializeMessageAttribute + 1C 82CF8D2D 37 Bytes [C0, EB, 0F, 8B, 45, 0C, 85, ...] .text ntkrnlpa.exe!AlpcInitializeMessageAttribute + 42 82CF8D53 98 Bytes [A1, 34, 27, D3, 82, 33, C4, ...] .text ntkrnlpa.exe!AlpcInitializeMessageAttribute + A5 82CF8DB6 18 Bytes [3B, C3, 75, D0, 8B, 4C, 24, ...] {CMP EAX, EBX; JNZ 0xffffffffffffffd4; MOV ECX, [ESP+0x24]; POP EDI; POP ESI; POP EBX; XOR ECX, ESP; CALL 0xfffffffffffef57a} .text ntkrnlpa.exe!AlpcInitializeMessageAttribute + B8 82CF8DC9 16 Bytes [E5, 5D, C3, 90, 90, 90, 90, ...] .text ntkrnlpa.exe!AlpcInitializeMessageAttribute + C9 82CF8DDA 57 Bytes [00, 83, 25, D0, 69, D4, 82, ...] .text ... .text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 63 82CF904A 20 Bytes [8B, F0, 3B, F3, 0F, 8C, AA, ...] .text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 79 82CF9060 86 Bytes [10, 00, FF, 75, 0C, E8, F6, ...] .text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + D0 82CF90B7 20 Bytes [3B, C3, 8D, 3C, 02, 7D, 02, ...] .text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + E5 82CF90CC 22 Bytes [05, 10, 10, D7, 82, 75, 1F, ...] .text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + FC 82CF90E3 90 Bytes [00, 00, 51, 51, 52, E8, 76, ...] .text ... .text ntkrnlpa.exe!RtlIpv6AddressToStringA + 4C 82CF970C 250 Bytes [00, 0F, B7, 56, 08, 66, 3B, ...] .text ntkrnlpa.exe!RtlIpv6AddressToStringA + 147 82CF9807 12 Bytes [39, 45, F8, 7F, 0B, EB, 7F, ...] {CMP [EBP-0x8], EAX; JG 0x10; JMP 0x86; JMP 0x10; MOV [EBP-0xc], ECX} .text ntkrnlpa.exe!RtlIpv6AddressToStringA + 154 82CF9814 13 Bytes [D7, 33, C0, 39, 7D, FC, 7F, ...] {XLATB ; XOR EAX, EAX; CMP [EBP-0x4], EDI; JG 0x2c; CMP EDI, [EBP+0x8]; JGE 0x2c} .text ntkrnlpa.exe!RtlIpv6AddressToStringA + 162 82CF9822 63 Bytes [C3, 2B, 45, 0C, 68, 20, A2, ...] .text ntkrnlpa.exe!RtlIpv6AddressToStringA + 1A2 82CF9862 22 Bytes [66, 8B, 04, 7E, 8A, E8, 8A, ...] .text ... PAGE ntkrnlpa.exe!ZwLoadDriver 82DA5DF0 7 Bytes JMP 8FF43AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E1128F 5 Bytes JMP 8FF3F5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject 82E6A063 5 Bytes JMP 8FF40F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!NtCreateSection 82E6B905 7 Bytes JMP 8FF439C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ECB90A 7 Bytes JMP 8FF43BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ? System32\Drivers\sphz.sys Le chemin d'accès spécifié est introuvable. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F005000, 0x267978, 0xE8000020] .text USBPORT.SYS!DllUnload 8F57C41B 5 Bytes JMP 873274E0 .text a3sb3758.SYS 8B3BF000 22 Bytes [82, E3, C0, 82, 6C, E2, C0, ...] .text a3sb3758.SYS 8B3BF017 181 Bytes [00, 32, 47, 39, 83, 3D, 45, ...] .text a3sb3758.SYS 8B3BF0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...] .text a3sb3758.SYS 8B3BF0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...] .text a3sb3758.SYS 8B3BF0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA8202400, 0x7960C, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A4420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A4420] .protectÿÿÿÿhardlockunknown last code section [0xA82A4200, 0x5049, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA82A4200, 0x5049, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4912] kernel32.dll!SetUnhandledExceptionFilter 7718A84F 5 Bytes JMP 5CDF5164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4912] ole32.dll!OleLoadFromStream 77921E12 5 Bytes JMP 5D8A9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\Ntfs \Ntfs 861261F8 Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\fastfat \FatCdrom 88E39500 Device \Driver\volmgr \Device\VolMgrControl 857921F8 Device \Driver\usbohci \Device\USBPDO-0 873A5398 Device \Driver\usbohci \Device\USBPDO-1 873A5398 Device \Driver\usbehci \Device\USBPDO-2 873601F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\volmgr \Device\HarddiskVolume1 857921F8 Device \Driver\USBSTOR \Device\00000071 88DA01F8 Device \Driver\volmgr \Device\HarddiskVolume2 857921F8 Device \Driver\cdrom \Device\CdRom0 873591F8 Device \Driver\PCI_PNP5919 \Device\00000059 sphz.sys Device \Driver\USBSTOR \Device\00000072 88DA01F8 Device \Driver\netbt \Device\NetBT_Tcpip_{C2B218E3-51B5-434A-8775-34E10D41BD45} 88D141F8 Device \Driver\volmgr \Device\HarddiskVolume3 857921F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 861251F8 Device \Driver\atapi \Device\Ide\IdePort0 861251F8 Device \Driver\atapi \Device\Ide\IdePort1 861251F8 Device \Driver\atapi \Device\Ide\IdePort2 861251F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 861251F8 Device \Driver\volmgr \Device\HarddiskVolume4 857921F8 Device \Driver\sptd \Device\3085873927 sphz.sys Device \Driver\USBSTOR \Device\00000074 88DA01F8 Device \Driver\volmgr \Device\HarddiskVolume5 857921F8 Device \Driver\volmgr \Device\HarddiskVolume6 857921F8 Device \Driver\volmgr \Device\HarddiskVolume7 857921F8 Device \Driver\netbt \Device\NetBt_Wins_Export 88D141F8 Device \Driver\volmgr \Device\HarddiskVolume8 857921F8 Device \Driver\USBSTOR \Device\00000079 88DA01F8 Device \Driver\Smb \Device\NetbiosSmb 8777C1F8 Device \Driver\iScsiPrt \Device\RaidPort0 873CF1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBFDO-0 873A5398 Device \Driver\usbohci \Device\USBFDO-1 873A5398 Device \Driver\USBSTOR \Device\0000007a 88DA01F8 Device \Driver\usbehci \Device\USBFDO-2 873601F8 Device \Driver\USBSTOR \Device\0000007b 88DA01F8 Device \Driver\USBSTOR \Device\0000007c 88DA01F8 Device \Driver\a3sb3758 \Device\Scsi\a3sb37581 873A31F8 Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\fastfat \Fat 88E39500 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 870FC1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xF1 0x87 0x08 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x7A 0xB6 0x66 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x7A 0xB6 0x66 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0x99 0xCD 0x90 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0x99 0xCD 0x90 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xF1 0x87 0x08 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 41B208826F6EDAE005FDA11999FE00EE8443CDC03CEEB8EA392DC714A8EAAB7EF7681DC7B0252FC303E45138854E7AC328F61BBF9F4EE8B67E3AA1EEB5D9C1959B49DC7D4DCF9984F24EF31DD1ECC1812BCFB71440C9C66E1BE2A92BE02B7AE1C91F90E712A41ACC7BE5201B2386F4ECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74CA9C6AECB7A5D14070C8DF9F0FCE8F86E04F1A5B6DB11B97EF3F85677C285F547CCE7F7B6C721C19C558F257DC09481F7BF144FE6995616E545076F7F44631D5264CC526BAECE3E951857ECE94EA58CDD2E32BF9C3C9AEF61AD5154285F8A29E343443E9BA4CADB0B472730344BC92F0250EEA9E0C102FDEED301A7288A3591B7D91C6C4CBA8271153F8F544E8345447908C34234CDC2BA4143150FADE1AD913CFB7815F5A5779B00BA79C19D63EB670C1CFCC209A62863BBEB5D36D52655A713E250F4073FBDBB4A5D22667CFBA97935B43DE9C537127AF92101CBB7BAA096942A6D4B5F0300F3A7AB97B0B985FB202763F6F7458E73C5499AF981D8A717E749D36E5B53137AAD008D3F1717D8F5C54698F4B358DFD3502A72940E3798D4E3704247EBAC337F94EED24F914A73BC152B2AD26640034E685229F4AC415D8B9B7CBEBDCBA94EF218C Reg HKLM\SOFTWARE\Classes\.pcb\PCBFile\ShellNew Reg HKLM\SOFTWARE\Classes\.sdp\OpenWithProgIDs@soffice.StarImpressDocument.5 Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew ---- EOF - GMER 1.0.15 ----

Bonjour, J'ai un petit problème à résoudre. L'exécution, d'un programme téléchargé sur le net a provoqué (à priori), l,apparition de deux .exe dans mon dossier d'utilisateur. Voir la capture d'écran suivante: © CJoint.com, 2008 Une suppression ne donne rien, les exécutables reviennent à chaque démarrage de Windows. J'ai fait un démarrage sur un point de restauration mais il n'a pas fonctionné. Un scan avec "Malwarebytes' Anti-Malware" détecte quelque chose, mais la suppression ne semble pas totalement efficace(je transmet le LOG plus loin). Spybot ne trouve rien De plus à chaque démarrage apparait sur le bureau une détection de nouveau matériel Voir la capture d'écran suivante: © CJoint.com, 2008 Lancer la recherche ne donne rien (Windows ne trouve pas les drivers du nouveau matériel), en même temps je n'ai pas installé de nouveau matériel. Je vous transmet le rapport de "Malwarebytes' Anti-Malware" et un rapport "HiJackThis" MERCI de votre aide ________________________________________________________________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4483 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 27/08/2010 00:32:34 mbam-log-2010-08-27 (00-32-34).txt Type d'examen: Examen complet (C:\|D:\|K:\|) Elément(s) analysé(s): 290374 Temps écoulé: 1 heure(s), 22 minute(s), 43 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Cyril\moofx.exe (P2P.Worm) -> Quarantined and deleted successfully. C:\Users\Cyril\sbmon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. ____________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:16, on 27/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\PowerCheck\PowerCheck.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! France R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [] C:\Users\Cyril\daemi.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file) O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7814 bytes

Merci Thanos Je suis de retour, pas de message d'alerte, tout semble fonctionner. J'ai vu que tu avais noté le sujet comme résolu. Dois je faire autre chose? Salut et bonne chasse :P

Bonjour Je crois que le problème est résolu, Plus de soucis, plus de message. J' attend tes consignes. Je m'absente un peu. Je reviens un peu plus tard. Dis moi si je peux mettre résolu? (à mon retour) TCHO et merci PS (Pourquoi le choix de THANOS pour ton Pseudo et en particulier ce personnage de Comics ???? (Je suis assez Fan) )