Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Ouverture d'une fenêtre au démarrage (RESOLU)

Captainigloo
 Partager

Messages recommandés

Captainigloo Member

Captainigloo

Posté(e)
Posté(e) (modifié)

;) Bonjour,

 

J'ai un petit problème à résoudre.

L'exécution, d'un programme téléchargé sur le net a provoqué (à priori), l,apparition de deux .exe dans mon dossier d'utilisateur.

 

Voir la capture d'écran suivante:

© CJoint.com, 2008

 

Une suppression ne donne rien, les exécutables reviennent à chaque démarrage de Windows. J'ai fait un démarrage sur un point de restauration mais il n'a pas fonctionné. Un scan avec "Malwarebytes' Anti-Malware" détecte quelque chose, mais la suppression ne semble pas totalement efficace(je transmet le LOG plus loin).

 

Spybot ne trouve rien

 

 

De plus à chaque démarrage apparait sur le bureau une détection de nouveau matériel

 

Voir la capture d'écran suivante:

© CJoint.com, 2008

 

Lancer la recherche ne donne rien (Windows ne trouve pas les drivers du nouveau matériel), en même temps je n'ai pas installé de nouveau matériel.

 

Je vous transmet le rapport de "Malwarebytes' Anti-Malware" et un rapport "HiJackThis"

 

MERCI de votre aide

 

________________________________________________________________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4483

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

 

27/08/2010 00:32:34

mbam-log-2010-08-27 (00-32-34).txt

 

Type d'examen: Examen complet (C:\|D:\|K:\|)

Elément(s) analysé(s): 290374

Temps écoulé: 1 heure(s), 22 minute(s), 43 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\Cyril\moofx.exe (P2P.Worm) -> Quarantined and deleted successfully.

C:\Users\Cyril\sbmon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

 

 

____________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:05:16, on 27/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Valve\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\PowerCheck\PowerCheck.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! France

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! France

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [] C:\Users\Cyril\daemi.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O13 - Gopher Prefix:

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7814 bytes

Modifié par Captainigloo

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Bonjour Captainigloo

 

Sur ta 1ère capture d'ecran on y voit des droppers, des déposeurs d'infections.

Nous allons vérifier une chose:

 

Télécharge GMer

 

  • Clique sur "Download EXE"
  • Sauvegarde-le sur ton Bureau (le nom est aléatoire)

 

NB:Sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

 

  • Fais un clique droit dessus ((le nom comporte 8 chiffres/lettres aléatoires) et "Exécuter en tant qu'administrateur"
  • Déconnecte toi d'Internet puis ferme tous les programmes.

 

NB:Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan , clique "NO"

 

  • Dans la section de droite de la fenêtre de l'outil, décoche l'option suivante IAT/EAT
  • Assure-toi que "Show All" est décoché
  • Clique sur "Scan" et patiente (cela peut prendre 10 minutes ou +)
  • Une fois fini, clique sur le bouton "Save..." (au bas à droite) ;
  • Nomme le fichier "Florinator" et sauvegarde-le sur le Bureau ;
  • Copie/colle le contenu de ce rapport dans ta réponse.

 

A++

Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

:) Bonjour Florinator et merci de me donner du temps.

 

Voici ce que tu m'as demandé.

_______________________________________________________________________________________

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-29 11:04:34

Windows 6.0.6002 Service Pack 2

Running: wsdzw059.exe; Driver: C:\Users\Cyril\AppData\Local\Temp\kwtdipob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8FE8C88E]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8FE8C0EC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8FE8BDCE]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8FE8D938]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8FE8BED8]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8FE8BFC2]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8FE8CBBC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8FE8C3F4]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8FE8C526]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8FE8BBFC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8FE8CB04]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8FE8C70C]

 

INT 0x72 ? 85790BF8

INT 0x82 ? 85790BF8

INT 0x93 ? 87327F00

INT 0xA3 ? 87327F00

INT 0xB3 ? 87327F00

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8FF43B9C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8FF439C0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8FF43AFA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!MmIsDriverVerifying + 89F 82C9A200 60 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...]

.text ntkrnlpa.exe!MmIsDriverVerifying + 8DC 82C9A23D 67 Bytes [4D, E0, 59, 74, 04, 85, C9, ...]

.text ntkrnlpa.exe!MmIsDriverVerifying + 920 82C9A281 18 Bytes [45, F8, F6, 45, 10, 04, 0F, ...]

.text ntkrnlpa.exe!MmIsDriverVerifying + 933 82C9A294 9 Bytes [00, 8B, C6, 25, 00, 04, 00, ...]

.text ntkrnlpa.exe!MmIsDriverVerifying + 93D 82C9A29E 20 Bytes [89, 45, E0, 58, 74, 08, 85, ...]

.text ...

.text ntkrnlpa.exe!MmProbeAndLockPages + 24 82C9E07A 9 Bytes [89, B5, 60, FF, FF, FF, 83, ...]

.text ntkrnlpa.exe!MmProbeAndLockPages + 2E 82C9E084 11 Bytes [8B, 4D, 08, BB, F8, FF, 7F, ...] {MOV ECX, [EBP+0x8]; MOV EBX, 0x7ffff8; LEA EAX, [ECX+0x1c]}

.text ntkrnlpa.exe!MmProbeAndLockPages + 3A 82C9E090 2 Bytes [45, D8]

.text ntkrnlpa.exe!MmProbeAndLockPages + 3D 82C9E093 16 Bytes [41, 10, 89, 45, 88, 8B, 79, ...] {INC ECX; ADC [ECX+0x798b8845], CL; SBB [EBX], AL; CLC ; MOV [EBP-0x30], EDI; MOV [EBP-0x74], EDI}

.text ntkrnlpa.exe!MmProbeAndLockPages + 4E 82C9E0A4 19 Bytes [41, 14, 8D, 14, 38, 89, 55, ...]

.text ...

.text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 29 82C9F9AC 7 Bytes [01, 00, 00, 8B, 40, 14, 57]

.text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 31 82C9F9B4 200 Bytes [F8, 81, E7, FF, 0F, 00, 00, ...]

.text ntkrnlpa.exe!MmProbeAndLockSelectedPages + FA 82C9FA7D 96 Bytes [89, 5C, 24, 5C, 0F, 83, AE, ...]

.text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 15C 82C9FADF 6 Bytes [8B, 47, 0C, 83, E1, 1F] {MOV EAX, [EDI+0xc]; AND ECX, 0x1f}

.text ntkrnlpa.exe!MmProbeAndLockSelectedPages + 163 82C9FAE6 79 Bytes [1C, 88, 6A, 11, 59, 8B, D3, ...]

.text ...

.text ntkrnlpa.exe!MmUnlockPages 82CA106A 24 Bytes [8B, FF, 55, 8B, EC, 83, E4, ...]

.text ntkrnlpa.exe!MmUnlockPages + 19 82CA1083 17 Bytes [b7, 47, 06, A8, 01, 89, 44, ...]

.text ntkrnlpa.exe!MmUnlockPages + 2B 82CA1095 43 Bytes [01, 00, 8B, 4F, 14, 8D, 47, ...]

.text ntkrnlpa.exe!MmUnlockPages + 57 82CA10C1 1 Byte [44]

.text ntkrnlpa.exe!MmUnlockPages + 57 82CA10C1 17 Bytes [44, 24, 1C, 00, 04, 89, 74, ...] {INC ESP; AND AL, 0x1c; ADD [ECX+ECX*4], AL; JZ 0x2c; ADC [ECX+0xf28245c], CL; TEST [EAX+0x1], CL}

.text ...

.text ntkrnlpa.exe!MmIsIoSpaceActive + 14 82CA268D 82 Bytes [4F, D4, FD, FF, 89, 45, FC, ...]

.text ntkrnlpa.exe!MmIsIoSpaceActive + 68 82CA26E1 39 Bytes JMP 9F1AB3F2

.text ntkrnlpa.exe!MmIsIoSpaceActive + 90 82CA2709 25 Bytes [85, C0, 75, BE, FF, 05, 64, ...]

.text ntkrnlpa.exe!MmIsIoSpaceActive + AA 82CA2723 56 Bytes [5F, 8B, C6, 5E, 5B, C9, C2, ...]

.text ntkrnlpa.exe!MmIsIoSpaceActive + E3 82CA275C 22 Bytes [00, 8B, 48, 14, 8B, 70, 18, ...]

.text ...

.text ntkrnlpa.exe!MmAdvanceMdl + 1D 82CA2910 23 Bytes JMP 82CA3063 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!MmAdvanceMdl + 35 82CA2928 79 Bytes [23, C6, 8B, F9, 23, FE, 8D, ...]

.text ntkrnlpa.exe!MmAdvanceMdl + 85 82CA2978 43 Bytes [00, 2B, C7, 89, 45, 0C, 8B, ...]

.text ntkrnlpa.exe!MmAdvanceMdl + B1 82CA29A4 18 Bytes [2D, 00, 00, 00, 40, 89, 10, ...]

.text ntkrnlpa.exe!MmAdvanceMdl + C6 82CA29B9 58 Bytes [8B, 55, 0C, 33, FF, 3B, D7, ...]

.text ...

.text ntkrnlpa.exe!MmAllocateContiguousMemorySpecifyCacheNode + 42 82CA32D1 149 Bytes [0B, C8, FD, FF, 8B, 0D, 74, ...]

.text ntkrnlpa.exe!MmAllocateContiguousMemorySpecifyCache + 5A 82CA3369 47 Bytes [80, FF, 75, 24, 8B, CF, 56, ...]

.text ntkrnlpa.exe!MmAllocateContiguousMemory + E 82CA3399 89 Bytes [43, C7, FD, FF, 8B, 0D, 74, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemory + 26 82CA33F3 18 Bytes [A1, 68, 18, D7, 82, 3B, D8, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemory + 39 82CA3406 1 Byte [3F]

.text ntkrnlpa.exe!MmFreeContiguousMemory + 3C 82CA3409 14 Bytes [23, C1, 23, D1, 2B, D0, C1, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemory + 4B 82CA3418 19 Bytes [3C, 05, 74, 04, 3C, 07, 75, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemory + 5F 82CA342C 15 Bytes CALL 82CA2267 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 31 82CA364D 10 Bytes [40, 60, C0, 72, 19, 8B, 35, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 3C 82CA3658 8 Bytes [C1, EE, 09, 81, E6, F8, FF, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 45 82CA3661 58 Bytes [81, EE, 00, 00, 00, 40, 3B, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 80 82CA369C 12 Bytes [75, 04, 33, C0, EB, 77, 8B, ...]

.text ntkrnlpa.exe!MmFreeContiguousMemorySpecifyCache + 8D 82CA36A9 16 Bytes [53, 56, 57, 8B, 78, 08, A1, ...] {PUSH EBX; PUSH ESI; PUSH EDI; MOV EDI, [EAX+0x8]; MOV EAX, [0x82d7184c]; MOV ESI, EAX; MOV EAX, [EAX+0x50]}

.text ...

.text ntkrnlpa.exe!MmMapLockedPages + 3F 82CA5CEE 21 Bytes [59, C3, CC, CC, CC, CC, CC, ...]

.text ntkrnlpa.exe!MmMapLockedPages + 55 82CA5D04 3 Bytes [00, A0, 3F]

.text ntkrnlpa.exe!MmMapLockedPages + 59 82CA5D08 210 Bytes [10, 8B, 48, 04, 8B, C2, 0F, ...]

.text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + B6 82CA5DDB 88 Bytes [00, 00, 8D, 74, C8, F0, EB, ...]

.text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 10F 82CA5E34 18 Bytes JMP A71EE739

.text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 122 82CA5E47 70 Bytes [01, 89, 54, 24, 2C, 75, 17, ...]

.text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 16A 82CA5E8F 5 Bytes [66, 83, 7C, 24, 20]

.text ntkrnlpa.exe!MmMapLockedPagesWithReservedMapping + 170 82CA5E95 29 Bytes [74, 31, 3B, 3D, 74, 18, D7, ...]

.text ...

.text ntkrnlpa.exe!MmUnmapReservedMapping + 1E 82CA6057 37 Bytes [40, 56, 8B, 70, F8, 81, E1, ...]

.text ntkrnlpa.exe!MmUnmapReservedMapping + 44 82CA607D 41 Bytes [08, 68, 08, 01, 00, 00, 68, ...]

.text ntkrnlpa.exe!MmUnmapReservedMapping + 6E 82CA60A7 18 Bytes [00, EB, D9, 8B, 75, 10, 8B, ...]

.text ntkrnlpa.exe!MmUnmapReservedMapping + 82 82CA60BB 73 Bytes [8B, D9, 23, FE, 23, DE, 8D, ...]

.text ntkrnlpa.exe!MmUnmapReservedMapping + CC 82CA6105 52 Bytes [6A, 00, 89, 4C, 24, 14, 59, ...]

.text ...

.text ntkrnlpa.exe!MmGetPhysicalAddress + 2A 82CA61EF 74 Bytes [F0, 23, F7, 33, DB, 3B, F7, ...]

.text ntkrnlpa.exe!MmGetPhysicalAddress + 75 82CA623A 1 Byte [00]

.text ntkrnlpa.exe!MmGetPhysicalAddress + 75 82CA623A 3 Bytes [00, 00, 6A]

.text ntkrnlpa.exe!MmGetPhysicalAddress + 7A 82CA623F 21 Bytes [55, F8, 5A, 74, 0D, 85, D2, ...]

.text ntkrnlpa.exe!MmGetPhysicalAddress + 9F 82CA6264 103 Bytes [40, 8B, 01, 8B, 49, 04, 8B, ...]

.text ntkrnlpa.exe!MmSizeOfMdl + 1E 82CA62CD 35 Bytes CALL 8FB423DE \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.)

.text ntkrnlpa.exe!MmCreateMdl + 2 82CA62F1 32 Bytes [55, 8B, EC, 8B, 45, 08, 85, ...]

.text ntkrnlpa.exe!MmCreateMdl + 23 82CA6312 11 Bytes CALL 82D27B41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!MmCreateMdl + 2F 82CA631E 10 Bytes [66, 83, 60, 06, 00, 53, BA, ...]

.text ntkrnlpa.exe!MmCreateMdl + 3A 82CA6329 13 Bytes [8B, CE, 23, CA, 8B, DF, 23, ...]

.text ntkrnlpa.exe!MmCreateMdl + 48 82CA6337 15 Bytes JMP C1DF8B0C

.text ...

.text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 12 82CA6381 8 Bytes [53, 8B, 5A, 14, 56, 8D, 42, ...] {PUSH EBX; MOV EBX, [EDX+0x14]; PUSH ESI; LEA EAX, [EDX+0x1c]}

.text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 1B 82CA638A 1 Byte [44]

.text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 1B 82CA638A 21 Bytes [44, 24, 0C, 8B, 42, 18, 57, ...]

.text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 31 82CA63A0 48 Bytes [81, E1, FF, 0F, 00, 00, 8D, ...]

.text ntkrnlpa.exe!MmBuildMdlForNonPagedPool + 63 82CA63D2 52 Bytes [40, 2D, 00, 00, A0, 3F, 8D, ...]

.text ...

.text ntkrnlpa.exe!MmProtectMdlSystemAddress + 53 82CA6541 9 Bytes CALL 82CE7BD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!MmProtectMdlSystemAddress + 5D 82CA654B 18 Bytes [89, 44, 24, 10, 0F, 84, ED, ...] {MOV [ESP+0x10], EAX; JZ 0x3f7; MOV ECX, EAX; SHR ECX, 0x3; CMP ECX, 0x2}

.text ntkrnlpa.exe!MmProtectMdlSystemAddress + 71 82CA655F 2 Bytes [DF, 03] {FILD WORD [EBX]}

.text ntkrnlpa.exe!MmProtectMdlSystemAddress + 75 82CA6563 29 Bytes [83, F9, 01, 0F, 84, D6, 03, ...]

.text ntkrnlpa.exe!MmProtectMdlSystemAddress + 93 82CA6581 36 Bytes [00, 83, F8, 07, 0F, 84, B7, ...]

.text ...

.text ntkrnlpa.exe!MmMapIoSpace + 55 82CA6A5A 26 Bytes [82, 90, FD, FF, 8B, D8, 3B, ...]

.text ntkrnlpa.exe!MmMapIoSpace + 70 82CA6A75 29 Bytes [85, C0, 75, 03, 40, EB, 12, ...]

.text ntkrnlpa.exe!MmMapIoSpace + 8E 82CA6A93 12 Bytes [94, C1, 0F, B7, C9, 0F, BF, ...]

.text ntkrnlpa.exe!MmMapIoSpace + 9B 82CA6AA0 29 Bytes [30, 74, 03, 6A, 06, 58, 8B, ...]

.text ntkrnlpa.exe!MmMapIoSpace + B9 82CA6ABE 21 Bytes [1F, 00, 85, F8, 75, 3B, 85, ...]

.text ...

.text ntkrnlpa.exe!MmUnmapIoSpace + 13 82CA6EC8 98 Bytes [00, 23, D0, 8B, CB, 23, C8, ...]

.text ntkrnlpa.exe!MmUnmapIoSpace + 77 82CA6F2C 31 Bytes [40, 8B, 0E, 8B, 46, 04, 0F, ...]

.text ntkrnlpa.exe!MmUnmapIoSpace + 97 82CA6F4C 43 Bytes [85, C0, 74, 5E, 8B, D1, C1, ...]

.text ntkrnlpa.exe!MmUnmapIoSpace + C3 82CA6F78 61 Bytes [00, 76, 0B, 6A, 01, 6A, 00, ...]

.text ntkrnlpa.exe!MmUnmapIoSpace + 101 82CA6FB6 37 Bytes [EB, 51, 8B, 08, 8B, 40, 04, ...]

.text ...

.text ntkrnlpa.exe!MmGetVirtualForPhysical + 2 82CA72C7 36 Bytes [55, 8B, EC, 8B, 55, 0C, 56, ...]

.text ntkrnlpa.exe!MmGetVirtualForPhysical + 27 82CA72EC 29 Bytes [00, C1, E0, 09, 03, C6, 5E, ...]

.text ntkrnlpa.exe!MmGetVirtualForPhysical + 45 82CA730A 24 Bytes [17, D7, 82, 83, EC, 30, 53, ...]

.text ntkrnlpa.exe!MmGetVirtualForPhysical + 5E 82CA7323 9 Bytes CALL 82C53269 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!MmGetVirtualForPhysical + 68 82CA732D 49 Bytes [00, 8B, 4D, 08, 3B, 0D, 74, ...]

.text ...

.text ntkrnlpa.exe!MmAllocatePagesForMdlEx + 24 82CA8CDF 539 Bytes [04, 33, C0, EB, 1E, FF, 75, ...]

.text ntkrnlpa.exe!MmFreePagesFromMdl + 1EC 82CA8EFE 97 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!MmFreePagesFromMdl + 24E 82CA8F60 59 Bytes [A1, D4, 18, D7, 82, 0B, 05, ...]

.text ntkrnlpa.exe!MmFreePagesFromMdl + 28A 82CA8F9C 1 Byte [00]

.text ntkrnlpa.exe!MmFreePagesFromMdl + 28A 82CA8F9C 9 Bytes [00, 00, 8B, FE, 81, E7, FF, ...]

.text ntkrnlpa.exe!MmFreePagesFromMdl + 294 82CA8FA6 61 Bytes [83, E0, C0, 89, 45, D4, 89, ...]

.text ...

.text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + C 82CABF93 4 Bytes [15, 5C, B1, C3]

.text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 11 82CABF98 51 Bytes [8B, 4D, 08, 8B, 09, 85, C9, ...]

.text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 45 82CABFCC 23 Bytes [CC, CC, CC, CC, CC, 90, 90, ...]

.text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 5D 82CABFE4 35 Bytes [15, 5C, B1, C3, 82, 88, 45, ...]

.text ntkrnlpa.exe!MmDisableModifiedWriteOfSection + 81 82CAC008 17 Bytes [00, 74, 3E, 8B, 35, 48, 1A, ...]

.text ...

.text ntkrnlpa.exe!MmFlushImageSection + 12 82CAE244 38 Bytes [8B, 55, 08, 33, DB, 39, 5D, ...]

.text ntkrnlpa.exe!MmFlushImageSection + 39 82CAE26B 4 Bytes [05, 04, 1D, D5]

.text ntkrnlpa.exe!MmFlushImageSection + 3E 82CAE270 11 Bytes [8A, 55, FC, 6A, 02, 59, FF, ...]

.text ntkrnlpa.exe!MmFlushImageSection + 4A 82CAE27C 15 Bytes [8A, C3, EB, 24, 8A, 55, FC, ...]

.text ntkrnlpa.exe!MmFlushImageSection + 5A 82CAE28C 23 Bytes [32, C0, EB, 14, 8B, 72, 08, ...]

.text ...

.text ntkrnlpa.exe!MmUnlockPagableImageSection + 21 82CB022C 56 Bytes [60, C0, BA, 81, 00, 00, 00, ...]

.text ntkrnlpa.exe!MmUnlockPagableImageSection + 5A 82CB0265 7 Bytes [3C, 0B, 0F, 84, 08, 02, 00]

.text ntkrnlpa.exe!MmUnlockPagableImageSection + 62 82CB026D 30 Bytes [8B, 56, 10, 8B, 7E, 18, 8D, ...]

.text ntkrnlpa.exe!MmUnlockPagableImageSection + 81 82CB028C 1 Byte [7F]

.text ntkrnlpa.exe!MmUnlockPagableImageSection + 81 82CB028C 11 Bytes JMP 09EBC109

.text ...

.text ntkrnlpa.exe!MmIsAddressValid + D 82CB85A4 46 Bytes [5D, C2, 04, 00, CC, CC, CC, ...]

.text ntkrnlpa.exe!MmIsAddressValid + 3C 82CB85D3 11 Bytes [00, 89, 5C, 24, 20, 81, 7D, ...]

.text ntkrnlpa.exe!MmIsAddressValid + 48 82CB85DF 33 Bytes [8B, 46, 04, 89, 44, 24, 24, ...]

.text ntkrnlpa.exe!MmIsAddressValid + 6A 82CB8601 41 Bytes [00, 00, 08, 74, 63, 8B, C6, ...]

.text ntkrnlpa.exe!MmIsAddressValid + 94 82CB862B 70 Bytes [51, C1, E0, 09, 50, 68, 40, ...]

.text ...

.text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 3B 82CB9711 4 Bytes CALL 82CC51EA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 40 82CB9716 35 Bytes [00, 85, C0, 74, 0C, 57, E8, ...]

.text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 64 82CB973A 5 Bytes [8A, 87, 20, 14, D5]

.text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 6A 82CB9740 9 Bytes [3C, 01, 74, C8, 3C, 0B, 74, ...]

.text ntkrnlpa.exe!MmIsNonPagedSystemAddressValid + 74 82CB974A 39 Bytes [5F, 5E, 5B, 5D, C2, 04, 00, ...]

.text ...

.text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache 82CB97DD 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP}

.text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + 4 82CB97E1 4 Bytes [EC, 83, E4, F8] {IN AL, DX ; AND ESP, -0x8}

.text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + A 82CB97E7 1 Byte [3C]

.text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + A 82CB97E7 30 Bytes [3C, 53, 8B, 5D, 08, 8B, 4B, ...]

.text ntkrnlpa.exe!MmMapLockedPagesSpecifyCache + 29 82CB9806 4 Bytes JMP 82CB9C80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!MmUnmapLockedPages + 45 82CB9CD8 2 Bytes [8B, DA] {MOV EBX, EDX}

.text ntkrnlpa.exe!MmUnmapLockedPages + 48 82CB9CDB 129 Bytes [EB, 09, C1, EF, 0C, C1, E8, ...]

.text ntkrnlpa.exe!MmUnmapLockedPages + CB 82CB9D5E 85 Bytes [87, 44, 24, 10, A1, 80, 4A, ...]

.text ntkrnlpa.exe!MmUnmapLockedPages + 121 82CB9DB4 211 Bytes [30, 89, 54, 24, 28, E8, 26, ...]

.text ntkrnlpa.exe!MmUnmapLockedPages + 1F5 82CB9E88 20 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]

.text ...

.text ntkrnlpa.exe!MmMapMemoryDumpMdl + 50 82CBA241 17 Bytes [83, 64, FE, 04, 00, 8B, C7, ...]

.text ntkrnlpa.exe!MmMapMemoryDumpMdl + 62 82CBA253 101 Bytes [8B, 54, 24, 10, 8B, 12, 8B, ...]

.text ntkrnlpa.exe!MmMapMemoryDumpMdl + C8 82CBA2B9 51 Bytes [E2, 0C, 83, E1, C0, 0B, D0, ...]

.text ntkrnlpa.exe!MmMapMemoryDumpMdl + FC 82CBA2ED 28 Bytes [EB, 05, 89, 5E, 04, 89, 16, ...]

.text ntkrnlpa.exe!MmMapMemoryDumpMdl + 119 82CBA30A 9 Bytes [FF, 5F, 5E, 5B, 8B, E5, 5D, ...]

.text ...

.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 13 82CBD98E 61 Bytes [53, 56, 57, 75, 07, 33, C0, ...]

.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 51 82CBD9CC 6 Bytes [02, 74, EA, 64, 8B, 35]

.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 58 82CBD9D3 13 Bytes [01, 00, 00, 80, 7E, 4F, 00, ...]

.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 66 82CBD9E1 27 Bytes [00, 00, BB, 40, 28, D5, 82, ...]

.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 82 82CBD9FD 60 Bytes [00, 00, 66, 85, C0, 75, B5, ...]

.text ...

.text ntkrnlpa.exe!NtFreeVirtualMemory + 15 82CBEF74 4 Bytes [0F, 85, 33, 0B]

.text ntkrnlpa.exe!NtFreeVirtualMemory + 1A 82CBEF79 28 Bytes [00, B8, 00, C0, 00, 00, 23, ...]

.text ntkrnlpa.exe!NtFreeVirtualMemory + 37 82CBEF96 9 Bytes [8B, 53, 48, 89, 55, AC, 8A, ...]

.text ntkrnlpa.exe!NtFreeVirtualMemory + 41 82CBEFA0 49 Bytes [00, 00, 88, 45, A4, 83, 65, ...]

.text ntkrnlpa.exe!NtFreeVirtualMemory + 73 82CBEFD2 210 Bytes [8B, 45, 0C, 8B, 00, 89, 45, ...]

.text ...

.text ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 4 82CDC32C 17 Bytes [28, 29, 2C, 00, 07, 00, 00, ...]

.text ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 17 82CDC33F 40 Bytes [00, 00, 00, 00, 00, 72, 17, ...]

.text ntkrnlpa.exe!NtBuildLab + 20 82CDC368 2 Bytes [00, 00] {ADD [EAX], AL}

.text ntkrnlpa.exe!NtBuildLab + 23 82CDC36B 30 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text ntkrnlpa.exe!NtBuildLab + 42 82CDC38A 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text ntkrnlpa.exe!NtBuildLab + 4D 82CDC395 6 Bytes [00, 00, 00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text ntkrnlpa.exe!NtBuildLab + 56 82CDC39E 3 Bytes [00, 00, 00]

.text ...

.text ntkrnlpa.exe!NtBuildGUID + 27 82CDC52B 144 Bytes [00, 21, C0, 0B, 3C, A8, C8, ...]

.text ntkrnlpa.exe!NtBuildGUID + B8 82CDC5BC 542 Bytes [25, 70, A2, B7, 69, E5, C2, ...]

.text ntkrnlpa.exe!NtBuildGUID + 2D7 82CDC7DB 65 Bytes [2E, DD, 2D, B3, A5, 39, 7F, ...]

.text ntkrnlpa.exe!NtBuildGUID + 319 82CDC81D 297 Bytes [8E, 13, BA, 50, E2, D7, 4A, ...]

.text ntkrnlpa.exe!NtBuildGUID + 444 82CDC948 200 Bytes [00, 00, 00, 00, BD, C4, 07, ...]

.text ...

.text ntkrnlpa.exe!KeRemoveQueueEx + 2 82CE0005 143 Bytes [55, 8B, EC, 83, E4, F8, 83, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 92 82CE0095 17 Bytes [02, 00, EB, 02, F3, 90, A1, ...] {ADD AL, [EAX]; JMP 0x6; PAUSE ; MOV EAX, [0xffdf0018]; MOV ECX, [0xffdf0014]}

.text ntkrnlpa.exe!KeRemoveQueueEx + A4 82CE00A7 107 Bytes [15, 1C, 00, DF, FF, 3B, C2, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 110 82CE0113 54 Bytes [75, C8, 2B, 4C, 24, 38, 1B, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 147 82CE014A 93 Bytes [41, 10, 89, 48, 10, 89, 43, ...]

.text ...

.text ntkrnlpa.exe!KefAcquireSpinLockAtDpcLevel + 1C 82CE09FC 54 Bytes CALL 82D006FB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeAcquireSpinLockAtDpcLevel + 1F 82CE0A33 29 Bytes [40, 74, 0C, 50, 51, 52, 50, ...]

.text ntkrnlpa.exe!KeAcquireSpinLockAtDpcLevel + 3D 82CE0A51 54 Bytes [8D, A4, 24, 00, 00, 00, 00, ...]

.text ntkrnlpa.exe!KiAcquireSpinLock + 8 82CE0A88 61 Bytes [33, C0, 40, 85, 05, 94, 1B, ...]

.text ntkrnlpa.exe!KiReleaseSpinLock + 6 82CE0AC6 223 Bytes [49, 00, 8B, 54, 24, 04, 83, ...]

.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + E 82CE0BA6 176 Bytes [bA, F1, 01, 89, 48, 04, 75, ...]

.text ntkrnlpa.exe!_CIsqrt + 37 82CE0C57 34 Bytes [00, 00, 80, 75, 1F, D9, FA, ...]

.text ntkrnlpa.exe!_CIsqrt + 5B 82CE0C7B 63 Bytes [A9, 00, 00, F0, 7F, 75, 2C, ...]

.text ntkrnlpa.exe!_CIsqrt + 9B 82CE0CBB 11 Bytes [83, 3D, 00, 4D, D3, 82, 00, ...]

.text ntkrnlpa.exe!_CIsqrt + A7 82CE0CC7 11 Bytes [00, BA, 05, 00, 00, 00, 8D, ...]

.text ntkrnlpa.exe!_CIsqrt + B3 82CE0CD3 24 Bytes CALL 82CFAC97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!_except_handler3 + 1C 82CE0EB4 20 Bytes [00, 00, 89, 45, F8, 8B, 45, ...]

.text ntkrnlpa.exe!_except_handler3 + 31 82CE0EC9 79 Bytes CALL 82D238F7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!_except_handler3 + 81 82CE0F19 66 Bytes [00, 83, C4, 08, 8D, 0C, 76, ...]

.text ntkrnlpa.exe!_except_handler3 + C4 82CE0F5C 24 Bytes [00, 00, 00, EB, 15, 55, 8D, ...]

.text ntkrnlpa.exe!_except_handler3 + DD 82CE0F75 47 Bytes [00, 5D, 5F, 5E, 5B, 8B, E5, ...]

.text ntkrnlpa.exe!_global_unwind2 + 5 82CE0FA5 10 Bytes [57, 55, 6A, 00, 6A, 00, 68, ...]

.text ntkrnlpa.exe!_global_unwind2 + 10 82CE0FB0 29 Bytes CALL 82C75DBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!_global_unwind2 + 2E 82CE0FCE 52 Bytes [00, 00, 74, 32, 8B, 44, 24, ...]

.text ntkrnlpa.exe!_global_unwind2 + 63 82CE1003 40 Bytes [00, C3, 53, 56, 57, 8B, 44, ...]

.text ntkrnlpa.exe!_local_unwind2 + 27 82CE102C 100 Bytes [00, 00, 8B, 44, 24, 28, 8B, ...]

.text ntkrnlpa.exe!_abnormal_termination + 8 82CE1091 55 Bytes [00, 81, 79, 04, C0, 0F, CE, ...]

.text ntkrnlpa.exe!_abnormal_termination + 40 82CE10C9 85 Bytes [55, 51, 50, 58, 59, 5D, 59, ...]

.text ntkrnlpa.exe!_abnormal_termination + 96 82CE111F 108 Bytes [b6, 47, 01, FF, 77, 14, C6, ...]

.text ntkrnlpa.exe!_abnormal_termination + 103 82CE118C 174 Bytes [00, 39, 5E, 18, 7C, 0A, 8A, ...]

.text ntkrnlpa.exe!_abnormal_termination + 1B2 82CE123B 156 Bytes [89, 5F, 01, 89, 5F, 05, 89, ...]

.text ...

.text ntkrnlpa.exe!KeWaitForMultipleObjects + 1F 82CE17A9 39 Bytes [89, 74, 24, 14, 89, 44, 24, ...]

.text ntkrnlpa.exe!KeWaitForMultipleObjects + 47 82CE17D1 31 Bytes [00, 00, 89, 4D, 24, 8B, 47, ...]

.text ntkrnlpa.exe!KeWaitForMultipleObjects + 67 82CE17F1 60 Bytes [14, B2, 89, 50, F8, 8A, 55, ...]

.text ntkrnlpa.exe!KeWaitForMultipleObjects + A4 82CE182E 65 Bytes [00, 89, 41, 10, 89, 70, 10, ...]

.text ntkrnlpa.exe!KeWaitForMultipleObjects + E6 82CE1870 2 Bytes [A1, 18]

.text ...

.text ntkrnlpa.exe!KiDispatchInterrupt + 8 82CE22B8 6 Bytes [F0, 80, A3, 38, 1B, 00]

.text ntkrnlpa.exe!KiDispatchInterrupt + 10 82CE22C0 11 Bytes [FA, 8B, 83, 0C, 1B, 00, 00, ...]

.text ntkrnlpa.exe!KiDispatchInterrupt + 1D 82CE22CD 5 Bytes [0B, 83, 48, 1B, 00]

.text ntkrnlpa.exe!KiDispatchInterrupt + 23 82CE22D3 29 Bytes [0B, 83, D4, 1B, 00, 00, 74, ...]

.text ntkrnlpa.exe!KiDispatchInterrupt + 41 82CE22F1 2 Bytes CALL 82CE457C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!memcpy + 18 82CE3038 7 Bytes [3B, F8, 0F, 82, 7C, 01, 00]

.text ntkrnlpa.exe!memcpy + 20 82CE3040 3 Bytes [F7, C7, 03]

.text ntkrnlpa.exe!memcpy + 25 82CE3045 58 Bytes JMP 86B0B34C

.text ntkrnlpa.exe!memcpy + 60 82CE3080 11 Bytes [31, CE, 82, 90, 90, 30, CE, ...] {XOR ESI, ECX; ADC BYTE [EAX-0x7d31cf70], -0x44; XOR DH, CL}

.text ntkrnlpa.exe!memcpy + 6C 82CE308C 3 Bytes [E0, 30, CE] {LOOPNZ 0x32; INTO }

.text ...

.text ntkrnlpa.exe!RtlCaptureContext 82CE34F4 3 Bytes [53, 8B, 5C]

.text ntkrnlpa.exe!RtlCaptureContext + 4 82CE34F8 11 Bytes [08, 89, 83, B0, 00, 00, 00, ...]

.text ntkrnlpa.exe!RtlCaptureContext + 10 82CE3504 4 Bytes [00, 89, 93, A8]

.text ntkrnlpa.exe!RtlCaptureContext + 15 82CE3509 3 Bytes [00, 00, 8B]

.text ntkrnlpa.exe!RtlCaptureContext + 19 82CE350D 6 Bytes [24, 89, 83, A4, 00, 00]

.text ...

.text ntkrnlpa.exe!KeDelayExecutionThread + 38 82CE35F4 1 Byte [89]

.text ntkrnlpa.exe!KeDelayExecutionThread + 38 82CE35F4 19 Bytes [89, 44, 24, 24, 8B, 47, 68, ...]

.text ntkrnlpa.exe!KeDelayExecutionThread + 4C 82CE3608 15 Bytes [00, 64, 8B, 0D, 20, 00, 00, ...]

.text ntkrnlpa.exe!KeDelayExecutionThread + 5D 82CE3619 18 Bytes CALL 82CE0B99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeDelayExecutionThread + 70 82CE362C 31 Bytes [8D, 87, 00, 01, 00, 00, 89, ...]

.text ...

.text ntkrnlpa.exe!KeInsertQueueDpc + E 82CE438B 7 Bytes [FF, 00, FF, 15, 4C, B1, C3]

.text ntkrnlpa.exe!KeInsertQueueDpc + 16 82CE4393 71 Bytes [64, 8B, 1D, 20, 00, 00, 00, ...]

.text ntkrnlpa.exe!KeInsertQueueDpc + 5E 82CE43DB 33 Bytes [CC, 0F, B6, 43, 10, 89, 45, ...]

.text ntkrnlpa.exe!KeInsertQueueDpc + 81 82CE43FE 12 Bytes [8D, 4E, 08, 89, 4D, EC, E8, ...]

.text ntkrnlpa.exe!KeInsertQueueDpc + 8E 82CE440B 96 Bytes [0B, 00, 8B, CE, 8D, 57, 1C, ...]

.text ...

.text ntkrnlpa.exe!KiIpiServiceRoutine + A 82CE4F72 24 Bytes [33, DB, 87, 9E, A0, 19, 00, ...]

.text ntkrnlpa.exe!KiIpiServiceRoutine + 24 82CE4F8C 11 Bytes [bF, 00, 00, 00, 00, 74, 06, ...]

.text ntkrnlpa.exe!KiIpiServiceRoutine + 32 82CE4F9A 46 Bytes [C3, 14, 75, 58, B7, 01, 8B, ...]

.text ntkrnlpa.exe!KiIpiServiceRoutine + 61 82CE4FC9 14 Bytes [00, FF, D0, B7, 01, F6, C3, ...]

.text ntkrnlpa.exe!KiIpiServiceRoutine + 70 82CE4FD8 77 Bytes [FF, 15, 88, B0, C3, 82, F6, ...]

.text ...

.text ntkrnlpa.exe!_alloca_probe_8 82CE563E 3 Bytes [51, 8D, 4C]

.text ntkrnlpa.exe!_alloca_probe_8 + 4 82CE5642 37 Bytes [08, 2B, C8, 83, E1, 07, 03, ...]

.text ntkrnlpa.exe!_alloca_probe + 14 82CE5668 9 Bytes [3B, C8, 72, 0A, 8B, C1, 59, ...]

.text ntkrnlpa.exe!_alloca_probe + 1E 82CE5672 141 Bytes [89, 04, 24, C3, 2D, 00, 10, ...]

.text ntkrnlpa.exe!ExReleaseResourceLite + 7C 82CE5700 12 Bytes [00, 00, 8B, 56, 2C, 3B, D1, ...] {ADD [EAX], AL; MOV EDX, [ESI+0x2c]; CMP EDX, ECX; JZ 0x2f; XOR ECX, ECX; INC ECX}

.text ntkrnlpa.exe!ExReleaseResourceLite + 89 82CE570D 49 Bytes [0F, 89, 4E, 1C, 89, 4E, 20, ...]

.text ntkrnlpa.exe!ExReleaseResourceLite + BB 82CE573F 25 Bytes [00, 33, C9, 8D, 46, 18, 41, ...]

.text ntkrnlpa.exe!ExReleaseResourceLite + D5 82CE5759 3 Bytes [89, 45, 08] {MOV [EBP+0x8], EAX}

.text ntkrnlpa.exe!ExReleaseResourceLite + D9 82CE575D 23 Bytes [46, 08, 85, C0, 75, 10, 6A, ...]

.text ...

.text ntkrnlpa.exe!KeUpdateRunTime + 11 82CE5801 1 Byte [57]

.text ntkrnlpa.exe!KeUpdateRunTime + 11 82CE5801 18 Bytes [57, 8B, 7E, 04, 3B, 7E, 0C, ...] {PUSH EDI; MOV EDI, [ESI+0x4]; CMP EDI, [ESI+0xc]; MOV EBX, EDX; MOV [EBP-0x8], ECX; JZ 0x3a; JMP 0x12; PAUSE }

.text ntkrnlpa.exe!KeUpdateRunTime + 24 82CE5814 31 Bytes [47, 14, 8B, 4F, 10, 8B, 57, ...]

.text ntkrnlpa.exe!KeUpdateRunTime + 44 82CE5834 11 Bytes [01, FF, 15, 88, B0, C3, 82, ...]

.text ntkrnlpa.exe!KeUpdateRunTime + 50 82CE5840 6 Bytes [00, 8B, 86, 5C, 1A, 00] {ADD [EBX+0x1a5c86], CL}

.text ...

.text ntkrnlpa.exe!DbgBreakPointWithStatus + 1 82CE5AB5 65 Bytes [44, 24, 04, CC, C2, 04, 00, ...]

.text ntkrnlpa.exe!KdPollBreakIn + 37 82CE5AF8 59 Bytes [0F, B6, C0, 8D, 34, 85, 00, ...]

.text ntkrnlpa.exe!KdPollBreakIn + 73 82CE5B34 49 Bytes [01, 88, 1D, A4, C3, D6, 82, ...]

.text ntkrnlpa.exe!KdPollBreakIn + A5 82CE5B66 32 Bytes CALL 82CE0A5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KdPollBreakIn + C6 82CE5B87 84 Bytes [E0, F2, 83, C8, 02, 81, FF, ...]

.text ntkrnlpa.exe!KeSetTimer + 1B 82CE5BDC 5 Bytes [8B, E5, 5D, C2, 10]

.text ntkrnlpa.exe!KeSetTimer + 21 82CE5BE2 53 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!KeSetTimerEx + 32 82CE5C19 119 Bytes [8B, CF, 83, E1, 1F, 8D, 9C, ...]

.text ntkrnlpa.exe!KeSetTimerEx + AA 82CE5C91 41 Bytes [EB, 02, F3, 90, A1, 18, 00, ...]

.text ntkrnlpa.exe!KeSetTimerEx + D4 82CE5CBB 3 Bytes [83, 66, 14]

.text ntkrnlpa.exe!KeSetTimerEx + D8 82CE5CBF 15 Bytes [8B, C6, C6, 46, 02, 00, E8, ...]

.text ntkrnlpa.exe!KeSetTimerEx + E8 82CE5CCF 21 Bytes [00, 00, 81, C1, 18, 04, 00, ...]

.text ...

.text ntkrnlpa.exe!KeInsertQueue + F 82CE6422 122 Bytes CALL 82CE6430 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeInsertQueue + 8A 82CE649D 78 Bytes [8D, 43, 01, 89, 46, 04, 8D, ...]

.text ntkrnlpa.exe!KeInsertQueue + DA 82CE64ED 4 Bytes [75, 5B, B8, 7F]

.text ntkrnlpa.exe!KeInsertQueue + E0 82CE64F3 128 Bytes [FF, 8B, CE, F0, 21, 01, 64, ...]

.text ntkrnlpa.exe!KeInsertQueue + 161 82CE6574 68 Bytes CALL 82CE2034 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!ExQueueWorkItem + C 82CE66F9 30 Bytes [39, 38, 74, 12, 57, FF, 75, ...]

.text ntkrnlpa.exe!ExQueueWorkItem + 2B 82CE6718 58 Bytes [77, 04, 57, 51, EB, E3, 8B, ...]

.text ntkrnlpa.exe!ExQueueWorkItem + 66 82CE6753 10 Bytes CALL 82CE6763 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ExQueueWorkItem + 71 82CE675E 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!KeSetEvent + 22 82CE6785 6 Bytes [75, 07, 8B, C3, E9, B1]

.text ntkrnlpa.exe!KeSetEvent + 2B 82CE678E 35 Bytes [33, C9, FF, 15, 68, B0, C3, ...]

.text ntkrnlpa.exe!KeSetEvent + 4F 82CE67B2 53 Bytes [8B, 07, 75, 25, 38, 58, 16, ...]

.text ntkrnlpa.exe!KeSetEvent + 85 82CE67E8 41 Bytes CALL 82CE159E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeSetEvent + B0 82CE6813 17 Bytes [8A, 4C, 24, 13, 83, 48, 68, ...]

.text ...

.text ntkrnlpa.exe!ZwCallbackReturn + 45 82CE7341 7 Bytes CALL 82CE7072 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ZwCallbackReturn + 51 82CE734D 52 Bytes [39, 81, FD, 23, 04, 00, C0, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 86 82CE7382 74 Bytes [58, 8B, 8B, 74, 01, 00, 00, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + D6 82CE73D2 16 Bytes [83, 8B, B3, 20, 01, 00, 00, ...] {OR DWORD [EBX+0x120b3], 0x0; MOV EDX, [ESI+0x18]; MOV [EDI+0x18], EDX; MOV EDX, [ESI+0x1c]}

.text ntkrnlpa.exe!ZwCallbackReturn + E7 82CE73E3 2 Bytes [57, 1C]

.text ...

.text ntkrnlpa.exe!strstr + 32 82CE7472 38 Bytes [74, 0A, 84, C0, 75, F3, 5E, ...]

.text ntkrnlpa.exe!strstr + 59 82CE7499 31 Bytes [bE, 8A, 41, 03, 84, C0, 74, ...]

.text ntkrnlpa.exe!strstr + 79 82CE74B9 106 Bytes [8D, 47, FF, 5E, 5B, 5F, C3, ...]

.text ntkrnlpa.exe!strchr + 14 82CE7524 75 Bytes [00, 00, 74, 15, 8A, 0A, 83, ...]

.text ntkrnlpa.exe!strchr + 60 82CE7570 14 Bytes [01, 01, 81, 74, D3, 25, 00, ...]

.text ntkrnlpa.exe!strchr + 71 82CE7581 9 Bytes [80, 75, C4, 5E, 5F, 5B, 33, ...] {XOR BYTE [EBP-0x3c], 0x5e; POP EDI; POP EBX; XOR EAX, EAX; RET }

.text ntkrnlpa.exe!strchr + 7B 82CE758B 79 Bytes [42, FC, 3A, C3, 74, 36, 84, ...]

.text ntkrnlpa.exe!KeUpdateSystemTime + B 82CE75DB 36 Bytes [DF, FF, 8B, 79, 14, 8B, 71, ...]

.text ntkrnlpa.exe!KeUpdateSystemTime + 30 82CE7600 30 Bytes [89, 71, 10, 89, 79, 08, 89, ...]

.text ntkrnlpa.exe!KeUpdateSystemTime + 4F 82CE761F 5 Bytes [01, 15, 0C, 4B, D3]

.text ntkrnlpa.exe!KeUpdateSystemTime + 55 82CE7625 22 Bytes [8B, C8, 8B, 15, 04, 4B, D3, ...]

.text ntkrnlpa.exe!KeUpdateSystemTime + 6C 82CE763C 86 Bytes [4B, D3, 82, 89, 15, 04, 4B, ...]

.text ...

.text ntkrnlpa.exe!KeProfileInterruptWithSource 82CE7708 9 Bytes [8B, 6C, 24, 04, 64, FF, 05, ...]

.text ntkrnlpa.exe!KeProfileInterruptWithSource + B 82CE7713 34 Bytes [F7, 05, C4, 9C, D3, 82, 02, ...]

.text ntkrnlpa.exe!KeProfileInterruptWithSource + 2E 82CE7736 8 Bytes [72, 10, 81, 7D, 68, 67, 88, ...]

.text ntkrnlpa.exe!KeProfileInterruptWithSource + 37 82CE773F 14 Bytes CALL 82CE78D8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeProfileInterruptWithSource + 46 82CE774E 4 Bytes [03, 76, 05, E8]

.text ...

.text ntkrnlpa.exe!KiCheckForSListAddress + 30 82CE790C 17 Bytes [1A, D7, 82, 77, 03, 89, 41, ...] {SBB DL, BH; XOR BYTE [EDI+0x3], -0x77; INC ECX; PUSH 0x909090c3; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}

.text ntkrnlpa.exe!KiCheckForSListAddress + 42 82CE791E 26 Bytes [EC, 51, A0, 90, 1B, D7, 82, ...]

.text ntkrnlpa.exe!KiCheckForSListAddress + 5D 82CE7939 38 Bytes [3C, 01, 0F, 8E, A5, 00, 00, ...]

.text ntkrnlpa.exe!KiCheckForSListAddress + 84 82CE7960 38 Bytes [00, 64, A1, 24, 01, 00, 00, ...]

.text ntkrnlpa.exe!KiCheckForSListAddress + AB 82CE7987 26 Bytes [88, 45, 0F, 33, FF, BE, 80, ...]

.text ...

.text ntkrnlpa.exe!FsRtlResetBaseMcb + 10 82CE7BD1 45 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!FsRtlResetBaseMcb + 3E 82CE7BFF 6 Bytes [EB, 11, 8B, C3, C1, E8]

.text ntkrnlpa.exe!FsRtlResetBaseMcb + 45 82CE7C06 5 Bytes [83, E0, 0F, 74, DC] {AND EAX, 0xf; JZ 0xffffffffffffffe1}

.text ntkrnlpa.exe!FsRtlResetBaseMcb + 4B 82CE7C0C 23 Bytes [bE, 88, AC, BC, CD, 82, 83, ...]

.text ntkrnlpa.exe!FsRtlResetBaseMcb + 63 82CE7C24 67 Bytes [01, 74, 0F, 83, F9, 18, 74, ...]

.text ...

.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 53 82CE7E7C 6 Bytes [33, C0, 40, 89, 77, 18] {XOR EAX, EAX; INC EAX; MOV [EDI+0x18], ESI}

.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 5A 82CE7E83 20 Bytes [47, 1C, 89, 47, 20, 66, 89, ...]

.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 6F 82CE7E98 10 Bytes [8A, C3, 5F, 5E, 5B, 8B, E5, ...]

.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 7A 82CE7EA3 52 Bytes [FF, 47, 1C, B3, 01, EB, E4, ...]

.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + AF 82CE7ED8 55 Bytes [8B, 44, 24, 10, 89, 6C, 24, ...]

.text ...

.text ntkrnlpa.exe!SeAccessCheck + 5B 82CE8040 20 Bytes [8B, 5D, 0C, 39, 33, 74, 11, ...]

.text ntkrnlpa.exe!SeAccessCheck + 70 82CE8055 89 Bytes [C0, EB, E1, 39, 75, 14, 75, ...]

.text ntkrnlpa.exe!SeAccessCheck + CA 82CE80AF 7 Bytes [75, 88, 53, E8, 28, EF, 17]

.text ntkrnlpa.exe!SeAccessCheck + D2 82CE80B7 50 Bytes [EB, 80, FF, 75, 14, 8D, 75, ...]

.text ntkrnlpa.exe!SeAccessCheck + 105 82CE80EA 20 Bytes [00, 00, 02, 74, 49, 84, C0, ...]

.text ...

.text ntkrnlpa.exe!KeReleaseMutant + 10 82CE8358 9 Bytes [33, C9, 33, DB, FF, 15, 68, ...]

.text ntkrnlpa.exe!KeReleaseMutant + 1A 82CE8362 96 Bytes [8B, 75, 08, 8B, 56, 04, 33, ...]

.text ntkrnlpa.exe!KeReleaseMutant + 7B 82CE83C3 173 Bytes [74, 08, FF, 75, 0C, E8, 55, ...]

.text ntkrnlpa.exe!PsGetCurrentProcessId + C 82CE8471 72 Bytes [C3, 90, 90, 90, 90, 90, 85, ...]

.text ntkrnlpa.exe!PsGetCurrentProcessId + 55 82CE84BA 13 Bytes [00, 83, F8, FF, 75, 03, 33, ...]

.text ntkrnlpa.exe!PsGetCurrentProcessId + 63 82CE84C8 41 Bytes [00, 8D, 04, C1, C3, 90, 90, ...]

.text ntkrnlpa.exe!RtlEqualSid + 20 82CE84F2 1 Byte [00]

.text ntkrnlpa.exe!RtlEqualSid + 20 82CE84F2 57 Bytes [00, 00, F3, A6, 0F, 94, C0, ...]

.text ntkrnlpa.exe!RtlEqualSid + 5A 82CE852C 109 Bytes [84, C0, 74, 3F, 8D, 7E, 10, ...]

.text ntkrnlpa.exe!RtlEqualSid + C8 82CE859A 41 Bytes [00, C0, EB, 09, 8B, 45, 10, ...]

.text ntkrnlpa.exe!RtlEqualSid + F2 82CE85C4 7 Bytes [8B, C3, 5F, 5B, 5D, C2, 0C]

.text ...

.text ntkrnlpa.exe!RtlSidHashLookup + 15 82CE87A2 9 Bytes [00, 8B, 5D, 0C, 85, DB, 0F, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 1F 82CE87AC 1 Byte [00]

.text ntkrnlpa.exe!RtlSidHashLookup + 1F 82CE87AC 11 Bytes [00, 00, 0F, B6, 43, 01, 8D, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 2B 82CE87B8 527 Bytes [00, 0F, B6, 44, 83, 04, 89, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 23B 82CE89C8 101 Bytes [ED, 03, C7, 89, 44, 24, 18, ...]

.text ...

.text ntkrnlpa.exe!KeQueryDpcWatchdogInformation + F2 82CE96C7 121 Bytes [00, 89, 06, 8D, 45, F0, 50, ...]

.text ntkrnlpa.exe!KeQueryDpcWatchdogInformation + 16C 82CE9741 51 Bytes CALL 82CE85CE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeCancelTimer + 1E 82CE9775 347 Bytes [4C, 64, A1, 20, 00, 00, 00, ...]

.text ntkrnlpa.exe!KeCancelTimer + 17A 82CE98D1 32 Bytes [01, 00, 00, 00, 8B, 4D, 0C, ...]

.text ntkrnlpa.exe!KeCancelTimer + 19B 82CE98F2 31 Bytes CALL 82CE0B99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeCancelTimer + 1BB 82CE9912 18 Bytes [64, 8B, 0D, 20, 00, 00, 00, ...]

.text ntkrnlpa.exe!KeCancelTimer + 1CF 82CE9926 202 Bytes [00, 89, 5E, 48, 03, CF, E8, ...]

.text ...

.text ntkrnlpa.exe!ZwSetTimer + 71 82CE9C00 20 Bytes [C7, 45, FC, FE, FF, FF, FF, ...]

.text ntkrnlpa.exe!ZwSetTimer + 86 82CE9C15 28 Bytes [89, 45, D4, 33, C0, 40, C3, ...]

.text ntkrnlpa.exe!ZwSetTimer + A3 82CE9C32 32 Bytes [00, 8B, 45, 0C, 8B, 08, 89, ...]

.text ntkrnlpa.exe!ZwSetTimer + C4 82CE9C53 31 Bytes CALL 82E67A5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ZwSetTimer + E4 82CE9C73 1 Byte [00]

.text ...

.text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + D7 82CE9F1D 335 Bytes [8D, 46, 55, 89, 45, D4, C6, ...]

.text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + 227 82CEA06D 306 Bytes [0F, BE, C0, 8B, 4D, E0, 8B, ...]

.text ntkrnlpa.exe!ZwWaitForWorkViaWorkerFactory + 35A 82CEA1A0 108 Bytes [5F, 5E, 5B, C9, C2, 08, 00, ...]

.text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 61 82CEA20D 98 Bytes [C0, EB, 13, FF, 40, 04, 8B, ...]

.text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + C4 82CEA270 135 Bytes [8B, 3D, 50, B1, C3, 82, C6, ...]

.text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 14C 82CEA2F8 78 Bytes [20, 3D, F2, 00, 00, C0, 74, ...]

.text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 19B 82CEA347 80 Bytes [00, 88, 44, 24, 14, 8B, 46, ...]

.text ntkrnlpa.exe!ZwReleaseWorkerFactoryWorker + 1EC 82CEA398 428 Bytes [1A, 8D, 44, 24, 18, 50, 6A, ...]

.text ...

.text ntkrnlpa.exe!KeSetEventBoostPriority + 113 82CEA75C 227 Bytes CALL 82CE0B4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeSetEventBoostPriority + 1F7 82CEA840 5 Bytes [00, 8A, 8A, 31, 01]

.text ntkrnlpa.exe!KeSetEventBoostPriority + 1FD 82CEA846 11 Bytes [00, 3A, C1, 7D, 02, 8A, C1, ...] {ADD [EDX], BH; SAR DWORD [EBP+0x2], 0x8a; ROL ESI, 0x82; XOR AL, [ECX]}

.text ntkrnlpa.exe!KeSetEventBoostPriority + 209 82CEA852 1 Byte [00]

.text ntkrnlpa.exe!KeSetEventBoostPriority + 209 82CEA852 22 Bytes [00, 00, 3A, C3, 74, 56, 88, ...]

.text ...

.text ntkrnlpa.exe!KePulseEvent + 21 82CEA9F2 108 Bytes [74, 0F, FF, 75, 0C, C7, 46, ...]

.text ntkrnlpa.exe!KePulseEvent + 8E 82CEAA5F 139 Bytes [00, 8B, 0E, 33, D2, 3B, CA, ...]

.text ntkrnlpa.exe!KePulseEvent + 11A 82CEAAEB 41 Bytes [24, 2C, EB, 50, 8D, 44, 24, ...]

.text ntkrnlpa.exe!KePulseEvent + 144 82CEAB15 86 Bytes [24, 38, 8B, 7C, 24, 2C, 1B, ...]

.text ntkrnlpa.exe!KePulseEvent + 19B 82CEAB6C 137 Bytes [85, D2, 77, 05, 83, F8, FF, ...]

.text ...

.text ntkrnlpa.exe!KeReleaseSemaphore + 32 82CEAE4E 9 Bytes [74, 08, FF, 75, 0C, E8, CA, ...]

.text ntkrnlpa.exe!KeReleaseSemaphore + 3C 82CEAE58 3 Bytes [80, 7D, 14]

.text ntkrnlpa.exe!KeReleaseSemaphore + 40 82CEAE5C 7 Bytes [74, 0F, 64, A1, 24, 01, 00]

.text ntkrnlpa.exe!KeReleaseSemaphore + 48 82CEAE64 13 Bytes [83, 48, 68, 08, 88, 58, 5E, ...]

.text ntkrnlpa.exe!KeReleaseSemaphore + 56 82CEAE72 1 Byte [00]

.text ...

.text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 10 82CEAEC8 3 Bytes [00, 00, 66]

.text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 15 82CEAECD 2 Bytes [0F, B7]

.text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 18 82CEAED0 25 Bytes [66, 85, C0, 75, 1C, 8D, 41, ...]

.text ntkrnlpa.exe!ExReleaseResourceAndLeaveCriticalRegion + 32 82CEAEEA 25 Bytes JMP 82C5CCAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + D 82CEAF04 2 Bytes [88, 80]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 11 82CEAF08 3 Bytes [00, 6A, 01] {ADD [EDX+0x1], CH}

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 15 82CEAF0C 5 Bytes [75, 08, E8, 16, CF]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 1C 82CEAF13 4 Bytes [64, A1, 24, 01]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceExclusive + 21 82CEAF18 5 Bytes [00, 8B, 80, 70, 01]

.text ...

.text ntkrnlpa.exe!KeResetEvent + 2 82CEAF2A 7 Bytes [55, 8B, EC, 53, 56, 33, C9] {PUSH EBP; MOV EBP, ESP; PUSH EBX; PUSH ESI; XOR ECX, ECX}

.text ntkrnlpa.exe!KeResetEvent + A 82CEAF32 9 Bytes [15, 68, B0, C3, 82, 64, 8B, ...]

.text ntkrnlpa.exe!KeResetEvent + 16 82CEAF3E 16 Bytes [8A, D8, 8B, 45, 08, 8B, 70, ...]

.text ntkrnlpa.exe!KeResetEvent + 28 82CEAF50 3 Bytes CALL 82CE0B9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeResetEvent + 2C 82CEAF54 25 Bytes CALL 82CE2031 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeEnterCriticalRegion + 6 82CEAF6F 72 Bytes [66, FF, 88, 80, 00, 00, 00, ...]

.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 3C 82CEAFB8 13 Bytes [00, 00, 8D, 4E, 34, 8D, 55, ...]

.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 4A 82CEAFC6 61 Bytes [8B, 76, 08, 85, F6, 74, 2E, ...]

.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 88 82CEB004 9 Bytes [8B, 45, 08, 5B, 5F, 5E, C9, ...]

.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 92 82CEB00E 9 Bytes [90, 90, 90, 90, 90, 64, A1, ...]

.text ntkrnlpa.exe!IoGetCurrentProcess + 5 82CEB018 23 Bytes [00, 8B, 40, 48, C3, 90, 90, ...]

.text ntkrnlpa.exe!IoGetCurrentProcess + 1D 82CEB030 12 Bytes [00, 00, 89, 7D, F8, 8D, 5E, ...]

.text ntkrnlpa.exe!IoGetCurrentProcess + 2A 82CEB03D 7 Bytes [3B, C3, 0F, 84, 9F, 00, 00]

.text ntkrnlpa.exe!IoGetCurrentProcess + 32 82CEB045 10 Bytes [80, 78, 16, 01, 8B, 48, 08, ...]

.text ntkrnlpa.exe!IoGetCurrentProcess + 3D 82CEB050 43 Bytes [01, 00, 00, 75, 78, 0F, B7, ...]

.text ...

.text ntkrnlpa.exe!RtlSplay + 10 82CEB148 36 Bytes [56, 57, 8B, 10, 39, 42, 04, ...]

.text ntkrnlpa.exe!RtlSplay + 37 82CEB16F 63 Bytes [39, 51, 04, 75, 3D, 8B, 70, ...]

.text ntkrnlpa.exe!RtlSplay + 78 82CEB1B0 32 Bytes [00, 8B, 70, 04, 85, F6, 89, ...]

.text ntkrnlpa.exe!RtlSplay + 99 82CEB1D1 30 Bytes [EB, 10, 89, 30, 8B, 31, 8D, ...]

.text ntkrnlpa.exe!RtlSplay + B8 82CEB1F0 63 Bytes [00, 00, 3B, CA, 75, 15, 8B, ...]

.text ...

.text ntkrnlpa.exe!KeReleaseGuardedMutex + 7 82CEB2A4 45 Bytes [56, 33, D2, 57, 42, 8B, C1, ...]

.text ntkrnlpa.exe!KeReleaseGuardedMutex + 35 82CEB2D2 5 Bytes [64, 8B, 0D, 24, 01]

.text ntkrnlpa.exe!KeReleaseGuardedMutex + 3B 82CEB2D8 12 Bytes [00, 8D, 81, 82, 00, 00, 00, ...]

.text ntkrnlpa.exe!KeReleaseGuardedMutex + 48 82CEB2E5 9 Bytes [66, 85, C0, 75, 0C, 8D, 41, ...]

.text ntkrnlpa.exe!KeReleaseGuardedMutex + 52 82CEB2EF 34 Bytes CALL 82C5CCAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 13 82CEB312 7 Bytes [85, C0, 75, 0F, FF, 76, 20] {TEST EAX, EAX; JNZ 0x13; PUSH DWORD [ESI+0x20]}

.text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 1B 82CEB31A 8 Bytes [46, 10, FF, 76, 24, FF, 76, ...] {INC ESI; ADC BH, BH; JBE 0x29; PUSH DWORD [ESI+0x1c]}

.text ntkrnlpa.exe!ExAllocateFromPagedLookasideList + 24 82CEB323 24 Bytes [56, 28, 5E, 5D, C2, 04, 00, ...]

.text ntkrnlpa.exe!KeAcquireGuardedMutex + D 82CEB33C 2 Bytes [8F, 82]

.text ntkrnlpa.exe!KeAcquireGuardedMutex + 11 82CEB340 14 Bytes [00, 8B, F1, 8B, C6, F0, 0F, ...]

.text ntkrnlpa.exe!KeAcquireGuardedMutex + 20 82CEB34F 34 Bytes [F9, FF, 89, 7E, 04, 5F, 5E, ...]

.text ntkrnlpa.exe!ExFreeToPagedLookasideList + 16 82CEB372 17 Bytes [75, 0C, FF, 41, 18, FF, 51, ...]

.text ntkrnlpa.exe!ExFreeToPagedLookasideList + 28 82CEB384 3 Bytes [5D, C2, 08]

.text ntkrnlpa.exe!ExFreeToPagedLookasideList + 2C 82CEB388 38 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!ExIsResourceAcquiredExclusiveLite + 22 82CEB3AF 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!PsGetProcessImageFileName + C 82CEB3C0 4 Bytes [00, 5D, C2, 04]

.text ntkrnlpa.exe!PsGetProcessImageFileName + 11 82CEB3C5 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!EtwEventEnabled + 14 82CEB3DE 19 Bytes [73, 57, 8B, 4D, 10, 8B, 79, ...]

.text ntkrnlpa.exe!EtwEventEnabled + 28 82CEB3F2 77 Bytes [8B, 40, 08, 83, C0, 38, 83, ...]

.text ntkrnlpa.exe!EtwEventEnabled + 76 82CEB440 22 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!PsGetProcessWin32Process + 12 82CEB457 14 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + B 82CEB467 4 Bytes [8B, 88, 0C, 02]

.text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 11 82CEB46D 6 Bytes [8B, 55, 08, 89, 0A, 66]

.text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 18 82CEB474 2 Bytes [88, 80]

.text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 1C 82CEB478 5 Bytes [00, 8B, 80, 70, 01]

.text ntkrnlpa.exe!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion + 23 82CEB47F 36 Bytes [5D, C2, 04, 00, 90, 90, 90, ...]

.text ...

.text ntkrnlpa.exe!RtlLookupElementGenericTableFull + 2 82CEB4DB 39 Bytes [55, 8B, EC, 56, 8B, 75, 10, ...]

.text ntkrnlpa.exe!RtlLookupElementGenericTableFull + 2B 82CEB504 38 Bytes [89, 07, 8B, 06, 83, C0, 18, ...]

.text ntkrnlpa.exe!RtlLookupElementGenericTable + 11 82CEB52B 6 Bytes [75, 08, E8, A7, FF, FF]

.text ntkrnlpa.exe!RtlLookupElementGenericTable + 18 82CEB532 18 Bytes [5D, C2, 08, 00, 90, 90, 90, ...]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + B 82CEB546 6 Bytes [66, FF, 88, 80, 00, 00]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 12 82CEB54D 14 Bytes [6A, 01, FF, 75, 08, E8, 90, ...]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 22 82CEB55D 9 Bytes [8B, 80, 70, 01, 00, 00, 5D, ...]

.text ntkrnlpa.exe!ExEnterCriticalRegionAndAcquireResourceShared + 2C 82CEB567 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!RtlFindLeastSignificantBit + 2C 82CEB598 53 Bytes [00, FF, 00, 33, D2, 0B, CA, ...]

.text ntkrnlpa.exe!RtlFindLeastSignificantBit + 62 82CEB5CE 49 Bytes [33, C9, 0B, CA, 74, 04, B3, ...]

.text ntkrnlpa.exe!RtlFindLeastSignificantBit + 94 82CEB600 79 Bytes [90, 90, 90, 90, 90, 8B, 11, ...]

.text ntkrnlpa.exe!ExfReleasePushLock + 4B 82CEB650 126 Bytes [7E, 0C, 83, CE, FF, F0, 0F, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 31 82CEB6D0 13 Bytes [00, 8D, 44, 24, 1C, 50, E8, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 41 82CEB6E0 146 Bytes [F6, C1, 02, 6A, 03, 5A, 89, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + D4 82CEB773 2 Bytes [b9, D3]

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + D7 82CEB776 70 Bytes [3B, C3, C6, 44, 24, 20, 07, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 11F 82CEB7BE 24 Bytes [33, DB, 8B, 37, 8B, CE, E9, ...]

.text ...

.text ntkrnlpa.exe!RtlFindClearBits + 33 82CEB96E 38 Bytes CALL 8F5C8BA6 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)

.text ntkrnlpa.exe!RtlFindClearBits + 5B 82CEB996 131 Bytes [8B, DA, 2B, 5D, 0C, 33, F6, ...]

.text ntkrnlpa.exe!RtlFindClearBits + E1 82CEBA1C 17 Bytes [8B, 55, 0C, 2B, D6, 8B, F2, ...]

.text ntkrnlpa.exe!RtlFindClearBits + F3 82CEBA2E 33 Bytes [75, B9, 83, C0, 04, 3B, C6, ...]

.text ntkrnlpa.exe!RtlFindClearBits + 115 82CEBA50 35 Bytes [00, 33, F6, 39, 75, EC, 0F, ...]

.text ...

.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 17 82CEBC2D 26 Bytes [74, 07, 83, 65, FC, 00, 83, ...]

.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 32 82CEBC48 11 Bytes [00, 89, 45, 08, 77, 0E, 3B, ...]

.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 3E 82CEBC54 14 Bytes [74, 06, 83, 45, 0C, 04, EB, ...] {JZ 0x8; ADD DWORD [EBP+0xc], 0x4; JMP 0xe; MOVZX EBX, BL; SUB EBX, 0x8}

.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 4D 82CEBC63 10 Bytes [75, 10, FF, 75, 0C, 53, E8, ...]

.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 58 82CEBC6E 5 Bytes [8B, F0, 66, F7, C6]

.text ...

.text ntkrnlpa.exe!KeUnstackDetachProcess + 15 82CEBD40 7 Bytes [53, 56, 64, 8B, 35, 24, 01]

.text ntkrnlpa.exe!KeUnstackDetachProcess + 1D 82CEBD48 7 Bytes [00, 57, 8B, 3D, 64, B0, C3]

.text ntkrnlpa.exe!KeUnstackDetachProcess + 25 82CEBD50 3 Bytes [C6, 45, FF]

.text ntkrnlpa.exe!KeUnstackDetachProcess + 29 82CEBD54 9 Bytes [8D, 5E, 54, EB, 19, 66, 83, ...]

.text ntkrnlpa.exe!KeUnstackDetachProcess + 35 82CEBD60 23 Bytes [00, 75, 1C, 80, 7D, F8, 01, ...]

.text ...

.text ntkrnlpa.exe!KeStackAttachProcess + F 82CEBED8 6 Bytes [00, 66, 64, A1, 3A, 1B]

.text ntkrnlpa.exe!KeStackAttachProcess + 17 82CEBEE0 11 Bytes [66, 85, C0, 57, 74, 25, 66, ...]

.text ntkrnlpa.exe!KeStackAttachProcess + 24 82CEBEED 47 Bytes [66, F7, D8, 1B, C0, F7, D8, ...]

.text ntkrnlpa.exe!KeStackAttachProcess + 54 82CEBF1D 18 Bytes [EB, 52, 8D, 4E, 54, 8D, 55, ...]

.text ntkrnlpa.exe!KeStackAttachProcess + 67 82CEBF30 6 Bytes [00, 00, 81, C1, 18, 04]

.text ...

.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 2 82CEC2E2 33 Bytes [55, 8B, EC, 51, 8B, 45, 08, ...]

.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 24 82CEC304 3 Bytes [b0, 18, 01]

.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 28 82CEC308 17 Bytes CALL 82CEBF7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 3A 82CEC31A 7 Bytes [55, 8B, EC, 51, 53, 56, 57] {PUSH EBP; MOV EBP, ESP; PUSH ECX; PUSH EBX; PUSH ESI; PUSH EDI}

.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 42 82CEC322 4 Bytes [15, 74, B0, C3]

.text ...

.text ntkrnlpa.exe!IoGetAttachedDevice + 35 82CEC628 15 Bytes CALL 82D07B6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!IoGetAttachedDevice + 45 82CEC638 45 Bytes [00, 8A, 46, 27, 33, D2, 33, ...]

.text ntkrnlpa.exe!IoGetAttachedDevice + 73 82CEC666 61 Bytes JMP 82CEC6EC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!IoGetAttachedDevice + B2 82CEC6A5 4 Bytes [66, 8B, 5F, 04] {MOV BX, [EDI+0x4]}

.text ntkrnlpa.exe!IoGetAttachedDevice + B7 82CEC6AA 8 Bytes [47, 14, 66, 3B, 5F, 08, 72, ...] {INC EDI; ADC AL, 0x66; CMP EBX, [EDI+0x8]; JB 0x26}

.text ...

.text ntkrnlpa.exe!IoFreeIrp + 2 82CEC6FA 9 Bytes JMP 1B8425FF

.text ntkrnlpa.exe!IoFreeIrp + C 82CEC704 6 Bytes [90, 90, 90, 90, 90, 8B]

.text ntkrnlpa.exe!IoFreeIrp + 13 82CEC70B 20 Bytes [55, 8B, EC, 85, D2, 8B, 4D, ...]

.text ntkrnlpa.exe!IoFreeIrp + 28 82CEC720 20 Bytes [00, 89, 10, 8B, 51, 2C, 89, ...]

.text ntkrnlpa.exe!IoFreeIrp + 3D 82CEC735 14 Bytes [8B, 89, 74, 01, 00, 00, F6, ...]

.text ...

.text ntkrnlpa.exe!RtlSetBits + 2D 82CEC94A 17 Bytes [8B, C8, D2, E2, 08, 16, EB, ...]

.text ntkrnlpa.exe!RtlSetBits + 3F 82CEC95C 7 Bytes [08, 06, 46, 8D, 79, F8, 83]

.text ntkrnlpa.exe!RtlSetBits + 47 82CEC964 31 Bytes [08, 76, 1B, 53, 8B, DF, C1, ...]

.text ntkrnlpa.exe!RtlSetBits + 67 82CEC984 7 Bytes [76, 08, 8A, 87, 28, B4, CD]

.text ntkrnlpa.exe!RtlSetBits + 6F 82CEC98C 7 Bytes [08, 06, 5E, 5F, 5D, C2, 0C]

.text ...

.text ntkrnlpa.exe!IoAllocateIrp + 2 82CEC99B 16 Bytes JMP 1B8025FF

.text ntkrnlpa.exe!IoAllocateIrp + 13 82CEC9AC 11 Bytes [55, 8B, EC, 83, E4, F8, 8B, ...]

.text ntkrnlpa.exe!IoAllocateIrp + 1F 82CEC9B8 10 Bytes [8B, C1, 56, C1, E0, 05, 05, ...]

.text ntkrnlpa.exe!IoAllocateIrp + 2A 82CEC9C3 6 Bytes [57, 8B, 7D, 10, BE, FF]

.text ntkrnlpa.exe!IoAllocateIrp + 32 82CEC9CB 20 Bytes [1F, 74, 23, 8B, D7, C1, EA, ...]

.text ...

.text ntkrnlpa.exe!ExiReleaseFastMutex + 36 82CECA5C 10 Bytes [8A, CB, 5F, 5E, 5B, FF, 25, ...]

.text ntkrnlpa.exe!ExiReleaseFastMutex + 41 82CECA67 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!ExiAcquireFastMutex + E 82CECA7A 21 Bytes [8A, D8, 8B, C6, F0, 0F, BA, ...]

.text ntkrnlpa.exe!ExiAcquireFastMutex + 24 82CECA90 18 Bytes [89, 46, 04, 0F, B6, C3, 89, ...]

.text ntkrnlpa.exe!IoGetRelatedDeviceObject + 2 82CECAA3 59 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]

.text ntkrnlpa.exe!IoGetRelatedDeviceObject + 3E 82CECADF 5 Bytes [74, 31, 83, 78, 7C]

.text ntkrnlpa.exe!IoGetRelatedDeviceObject + 44 82CECAE5 10 Bytes [74, 23, 6A, 01, 33, D2, E8, ...]

.text ntkrnlpa.exe!IoGetRelatedDeviceObject + 4F 82CECAF0 67 Bytes [85, C0, 74, 16, 8B, 30, 85, ...]

.text ntkrnlpa.exe!IoWithinStackLimits + 15 82CECB34 11 Bytes [00, 84, C0, 56, 57, 74, 2F, ...]

.text ntkrnlpa.exe!IoWithinStackLimits + 21 82CECB40 29 Bytes [00, 3B, 58, 0C, 74, 24, 8B, ...]

.text ntkrnlpa.exe!IoWithinStackLimits + 3F 82CECB5E 21 Bytes [D0, FF, FF, 3B, D0, 72, 3A, ...]

.text ntkrnlpa.exe!IoWithinStackLimits + 55 82CECB74 67 Bytes [FF, 8B, D0, 85, D2, 74, 24, ...]

.text ntkrnlpa.exe!IoGetTopLevelIrp + B 82CECBB8 63 Bytes [00, C3, 90, 90, 90, 90, 90, ...]

.text ntkrnlpa.exe!KeEnterGuardedRegion + 5 82CECBF8 2 Bytes [00, 66]

.text ntkrnlpa.exe!KeEnterGuardedRegion + 8 82CECBFB 2 Bytes [88, 82]

.text ntkrnlpa.exe!KeEnterGuardedRegion + D 82CECC00 11 Bytes [C3, 90, 90, 90, 90, 90, 64, ...]

.text ntkrnlpa.exe!KeLeaveGuardedRegion + 7 82CECC0D 8 Bytes [8D, 81, 82, 00, 00, 00, 66, ...]

.text ntkrnlpa.exe!KeLeaveGuardedRegion + 10 82CECC16 17 Bytes [0F, B7, 00, 66, 85, C0, 75, ...]

.text ntkrnlpa.exe!KeLeaveGuardedRegion + 22 82CECC28 9 Bytes [F7, FF, C3, 90, 90, 90, 90, ...]

.text ntkrnlpa.exe!KeLeaveGuardedRegion + 2C 82CECC32 28 Bytes [55, 8B, EC, 83, EC, 0C, 85, ...]

.text ntkrnlpa.exe!KeLeaveGuardedRegion + 49 82CECC4F 15 Bytes [C0, 00, 00, 75, 54, 8B, 86, ...]

.text ...

.text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 12 82CECE04 8 Bytes [88, 45, E7, 3C, 01, 76, 12, ...]

.text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 1B 82CECE0D 1 Byte [6A]

.text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 1B 82CECE0D 22 Bytes [6A, 00, 0F, B6, C0, 50, 6A, ...]

.text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 32 82CECE24 10 Bytes [76, 0A, B8, F1, 00, 00, C0, ...]

.text ntkrnlpa.exe!KeExpandKernelStackAndCalloutEx + 3E 82CECE30 5 Bytes [64, 8B, 3D, 24, 01]

.text ...

.text ntkrnlpa.exe!IoSetTopLevelIrp + 2 82CED05A 17 Bytes [55, 8B, EC, 64, A1, 24, 01, ...]

.text ntkrnlpa.exe!IoSetTopLevelIrp + 14 82CED06C 3 Bytes [5D, C2, 04]

.text ntkrnlpa.exe!IoSetTopLevelIrp + 18 82CED070 68 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!IoIsOperationSynchronous + 40 82CED0B5 8 Bytes [56, 8B, 70, 48, 8B, 86, 50, ...]

.text ntkrnlpa.exe!IoIsOperationSynchronous + 4A 82CED0BF 5 Bytes [81, C6, 38, 02, 00]

.text ntkrnlpa.exe!IoIsOperationSynchronous + 50 82CED0C5 34 Bytes [89, 45, FC, 85, C0, 75, 04, ...]

.text ntkrnlpa.exe!IoIsOperationSynchronous + 73 82CED0E8 97 Bytes [00, 00, 83, F8, 01, 75, DD, ...]

.text ntkrnlpa.exe!IoIsOperationSynchronous + D5 82CED14A 23 Bytes [55, 8B, EC, 53, 8B, 5D, 08, ...]

.text ...

.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 2 82CED214 11 Bytes [55, 8B, EC, 8B, 45, 08, 3B, ...]

.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + E 82CED220 38 Bytes [75, 04, 33, C0, EB, 11, FF, ...]

.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 35 82CED247 4 Bytes CALL 82C807E8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 3A 82CED24C 15 Bytes [8B, 45, 08, 8D, 70, C0, 89, ...]

.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 4A 82CED25C 18 Bytes [89, 4D, D8, 8B, 4D, 14, 8B, ...]

.text ...

.text ntkrnlpa.exe!KeInitializeApc + 2 82CEDAC4 16 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]

.text ntkrnlpa.exe!KeInitializeApc + 13 82CEDAD5 76 Bytes [12, C6, 40, 02, 30, 75, 06, ...]

.text ntkrnlpa.exe!KeInitializeApc + 60 82CEDB22 49 Bytes [55, 8B, EC, 83, E4, F8, 83, ...]

.text ntkrnlpa.exe!KeInitializeApc + 92 82CEDB54 115 Bytes [00, 8A, 5F, 2D, 74, 40, 84, ...]

.text ntkrnlpa.exe!KeInitializeApc + 106 82CEDBC8 11 Bytes [0F, BE, 4F, 2C, 3B, C8, 0F, ...]

.text ...

.text ntkrnlpa.exe!KiDeliverApc + 21 82CEDE3F 5 Bytes [66, 83, BE, 82, 00]

.text ntkrnlpa.exe!KiDeliverApc + 29 82CEDE47 31 Bytes [8B, 86, 20, 01, 00, 00, 89, ...]

.text ntkrnlpa.exe!KiDeliverApc + 4A 82CEDE68 9 Bytes [87, 44, 24, 20, 8B, 1D, 50, ...]

.text ntkrnlpa.exe!KiDeliverApc + 54 82CEDE72 12 Bytes JMP 82CEDF66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KiDeliverApc + 61 82CEDE7F 4 Bytes [15, 54, B1, C3]

.text ...

.text ntkrnlpa.exe!KeInsertQueueApc + 21 82CEE0A0 4 Bytes [8B, 87, B0, 00]

.text ntkrnlpa.exe!KeInsertQueueApc + 27 82CEE0A6 35 Bytes [A8, 40, 74, 22, B3, 01, 38, ...]

.text ntkrnlpa.exe!KeInsertQueueApc + 4B 82CEE0CA 39 Bytes [EB, 02, 32, DB, 8D, 4C, 24, ...]

.text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 2 82CEE0F2 9 Bytes [55, 8B, EC, 51, 51, 64, A1, ...]

.text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + C 82CEE0FC 19 Bytes [00, 53, 33, DB, 66, FF, 88, ...]

.text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 20 82CEE110 2 Bytes [6F, D4]

.text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 23 82CEE113 13 Bytes [59, 8B, D6, 33, C0, F0, 0F, ...] {POP ECX; MOV EDX, ESI; XOR EAX, EAX; LOCK CMPXCHG [EDX], ECX; TEST EAX, EAX; JZ 0x14}

.text ntkrnlpa.exe!SeComputeAutoInheritByObjectType + 31 82CEE121 22 Bytes CALL 82CF22C7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!SeTokenIsRestricted + C6 82CEE2E4 9 Bytes [FF, FF, 3B, D7, 0F, 85, 57, ...]

.text ntkrnlpa.exe!SeTokenIsRestricted + D0 82CEE2EE 13 Bytes [8B, 55, FC, FF, 42, 08, 8B, ...]

.text ntkrnlpa.exe!SeTokenIsRestricted + DE 82CEE2FC 63 Bytes [b0, 01, 5F, 5B, C9, C2, 04, ...]

.text ntkrnlpa.exe!SeTokenIsRestricted + 11E 82CEE33C 9 Bytes [74, 37, EB, 44, EB, 33, 8D, ...]

.text ntkrnlpa.exe!SeTokenIsRestricted + 12A 82CEE348 2 Bytes [83, C9]

.text ...

.text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 15 82CEE6EC 23 Bytes [57, 6A, 00, 8D, 7D, FC, E8, ...]

.text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 2D 82CEE704 13 Bytes [00, 83, 65, 08, 00, 53, B1, ...]

.text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 3B 82CEE712 21 Bytes [8A, D8, 8B, C6, F0, 0F, BA, ...]

.text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 51 82CEE728 20 Bytes [8B, 7D, 10, 85, FF, 8B, 55, ...]

.text ntkrnlpa.exe!FsRtlLookupPerFileObjectContext + 66 82CEE73D 50 Bytes [8D, 72, 20, 8B, 06, EB, 0F, ...]

.text ...

.text ntkrnlpa.exe!ExAcquireRundownProtectionCacheAwareEx + 4 82CEE7FC 29 Bytes [00, 00, 0F, B6, C0, 56, 8B, ...]

.text ntkrnlpa.exe!ExAcquireRundownProtectionCacheAwareEx + 23 82CEE81B 16 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!ExReleaseRundownProtectionCacheAwareEx + C 82CEE82C 163 Bytes [53, 56, 57, 89, 55, FC, 0F, ...]

.text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 1F 82CEE8D0 23 Bytes [00, 00, 8D, 4F, 34, 6A, 11, ...]

.text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 37 82CEE8E8 22 Bytes [00, EB, 2A, 8B, 77, 28, B1, ...]

.text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 4E 82CEE8FF 55 Bytes CALL 82C7B392 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + 86 82CEE937 112 Bytes [3B, C1, 74, 2B, EB, EB, EB, ...]

.text ntkrnlpa.exe!FsRtlLookupPerStreamContextInternal + F7 82CEE9A8 3 Bytes [00, 00, 66]

.text ...

.text ntkrnlpa.exe!RtlClearBits + 2D 82CEFD1B 64 Bytes [8B, C8, D2, E2, F6, D2, 20, ...]

.text ntkrnlpa.exe!RtlClearBits + 6E 82CEFD5C 14 Bytes [20, 06, 5E, 5F, 5D, C2, 0C, ...]

.text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 2 82CEFD6B 16 Bytes [55, 8B, EC, 56, 8B, 75, 08, ...]

.text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 13 82CEFD7C 7 Bytes [00, 00, 84, C0, 0F, 84, 9C]

.text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + 1B 82CEFD84 144 Bytes [00, 00, 8B, 55, 14, 85, D2, ...]

.text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + AC 82CEFE15 40 Bytes [89, 30, 8B, 45, 24, 85, C0, ...]

.text ntkrnlpa.exe!FsRtlLookupBaseMcbEntry + D5 82CEFE3E 93 Bytes [85, C9, 7C, 32, 8B, 45, FC, ...]

.text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + D 82CEFE9C 10 Bytes [66, FF, 08, 56, 8B, F1, F0, ...]

.text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 18 82CEFEA7 4 Bytes [5E, 72, 1C, 66]

.text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 1E 82CEFEAD 2 Bytes [0F, B7]

.text ntkrnlpa.exe!KeTryToAcquireGuardedMutex + 21 82CEFEB0 34 Bytes [66, 85, C0, 75, 0C, 8D, 42, ...]

.text ntkrnlpa.exe!ExReleaseFastMutexUnsafe + 2 82CEFED3 4 Bytes [51, 83, 61, 04]

.text ntkrnlpa.exe!ExReleaseFastMutexUnsafe + 7 82CEFED8 81 Bytes [56, 33, D2, 57, 42, 8B, C1, ...]

.text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 1B 82CEFF2A 92 Bytes [89, 7E, 04, 5F, 5E, C3, 90, ...]

.text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 78 82CEFF87 12 Bytes [74, 3A, 85, DB, 74, 2E, 64, ...]

.text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 85 82CEFF94 10 Bytes [8B, C3, 2B, C6, C1, F8, 03, ...]

.text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + 91 82CEFFA0 22 Bytes [00, 8B, C3, EB, 20, 64, 8B, ...]

.text ntkrnlpa.exe!ExAcquireFastMutexUnsafe + A9 82CEFFB8 3 Bytes [00, EB, 0A]

.text ...

.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 17 82CF09BB 3 Bytes [b0, 18, 01]

.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 1C 82CF09C0 3 Bytes CALL 82CEC08E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 20 82CF09C4 41 Bytes [FF, 5D, C2, 08, 00, 90, 90, ...]

.text ntkrnlpa.exe!FsRtlIsPagingFile + 20 82CF09EE 31 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!FsRtlIsPagingFile + 40 82CF0A0E 1 Byte [04]

.text ntkrnlpa.exe!FsRtlIsPagingFile + 40 82CF0A0E 14 Bytes [04, 00, 00, 6A, 00, 89, 4C, ...]

.text ntkrnlpa.exe!FsRtlIsPagingFile + 50 82CF0A1E 6 Bytes [85, C9, 0F, 85, 32, 02]

.text ntkrnlpa.exe!FsRtlIsPagingFile + 58 82CF0A26 3 Bytes [25, FF, FB]

.text ...

.text ntkrnlpa.exe!RtlAreBitsSet + 47 82CF0D84 25 Bytes [22, 82, 34, B4, CD, 82, F6, ...]

.text ntkrnlpa.exe!RtlAreBitsSet + 61 82CF0D9E 27 Bytes [EB, 06, 8A, 10, 40, 80, FA, ...]

.text ntkrnlpa.exe!RtlAreBitsSet + 7D 82CF0DBA 10 Bytes [EB, CE, 32, C0, 5F, 5E, 5B, ...]

.text ntkrnlpa.exe!RtlAreBitsSet + 88 82CF0DC5 6 Bytes [90, 90, 90, 90, 90, 8B]

.text ntkrnlpa.exe!RtlFindClearBitsAndSet + 2 82CF0DCC 10 Bytes [55, 8B, EC, 56, FF, 75, 10, ...] {PUSH EBP; MOV EBP, ESP; PUSH ESI; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}

.text ntkrnlpa.exe!RtlFindClearBitsAndSet + D 82CF0DD7 11 Bytes CALL 82CEB939 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!RtlFindClearBitsAndSet + 19 82CF0DE3 6 Bytes [74, 0C, FF, 75, 0C, 56] {JZ 0xe; PUSH DWORD [EBP+0xc]; PUSH ESI}

.text ntkrnlpa.exe!RtlFindClearBitsAndSet + 20 82CF0DEA 13 Bytes CALL 82CEC91B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!RtlFindClearBitsAndSet + 2E 82CF0DF8 67 Bytes [90, 90, 90, 90, 90, 8B, 11, ...]

.text ntkrnlpa.exe!ExAcquireRundownProtection + 3F 82CF0E3C 3 Bytes [5D, C2, 04]

.text ntkrnlpa.exe!ExAcquireRundownProtection + 43 82CF0E40 18 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!ExAcquireRundownProtection + 56 82CF0E53 20 Bytes [03, 53, 8B, 5D, 08, 74, 17, ...]

.text ntkrnlpa.exe!ExAcquireRundownProtection + 6B 82CF0E68 6 Bytes [89, 06, B0, 01, E9, CF]

.text ntkrnlpa.exe!ExAcquireRundownProtection + 73 82CF0E70 7 Bytes [00, 57, 64, 8B, 3D, 24, 01]

.text ...

.text ntkrnlpa.exe!ExReleaseRundownProtection + 36 82CF0F80 3 Bytes [72, 0D, 6A]

.text ntkrnlpa.exe!ExReleaseRundownProtection + 3A 82CF0F84 121 Bytes [6A, 00, 83, C2, 04, 52, E8, ...]

.text ntkrnlpa.exe!RtlAreBitsClear + 3F 82CF0FFE 5 Bytes [22, 83, 29, B4, CD]

.text ntkrnlpa.exe!RtlAreBitsClear + 45 82CF1004 22 Bytes [22, 82, 34, B4, CD, 82, F6, ...]

.text ntkrnlpa.exe!RtlAreBitsClear + 5C 82CF101B 24 Bytes [EB, 05, 8A, 10, 40, 84, D2, ...]

.text ntkrnlpa.exe!RtlAreBitsClear + 75 82CF1034 17 Bytes [EB, D4, 32, C0, 5F, 5E, 5B, ...]

.text ntkrnlpa.exe!RtlAreBitsClear + 87 82CF1046 41 Bytes [55, 8B, EC, 8B, 52, 04, 56, ...]

.text ...

.text ntkrnlpa.exe!RtlFindSetBits + 1C 82CF14F1 4 Bytes [48, 83, 7D, 0C]

.text ntkrnlpa.exe!RtlFindSetBits + 21 82CF14F6 16 Bytes [89, 75, EC, 89, 4D, E8, 75, ...]

.text ntkrnlpa.exe!RtlFindSetBits + 33 82CF1508 34 Bytes CALL 8F5CE740 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)

.text ntkrnlpa.exe!RtlFindSetBits + 56 82CF152B 2 Bytes JMP 82CF160B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!RtlFindSetBits + 5B 82CF1530 51 Bytes [8B, DA, 2B, 5D, 0C, 33, F6, ...]

.text ...

.text ntkrnlpa.exe!RtlCopyUnicodeString + 59 82CF208C 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]

.text ntkrnlpa.exe!RtlCopyUnicodeString + 71 82CF20A4 23 Bytes [8A, D0, 8B, 45, 08, FF, 48, ...]

.text ntkrnlpa.exe!RtlCopyUnicodeString + 89 82CF20BC 25 Bytes [00, 00, F6, 41, 10, 07, 74, ...]

.text ntkrnlpa.exe!RtlCopyUnicodeString + A3 82CF20D6 24 Bytes [15, 58, B1, C3, 82, 8B, E5, ...]

.text ntkrnlpa.exe!RtlCopyUnicodeString + BC 82CF20EF 4 Bytes [15, 5C, B1, C3]

.text ...

.text ntkrnlpa.exe!ExfAcquirePushLockShared + 2 82CF22CA 13 Bytes [55, 8B, EC, 83, E4, F0, 83, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockShared + 10 82CF22D8 19 Bytes [53, 56, 57, 8B, F9, 8B, 0F, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockShared + 24 82CF22EC 18 Bytes CALL F7D10374

.text ntkrnlpa.exe!ExfAcquirePushLockShared + 38 82CF2300 25 Bytes [00, 33, F6, 6A, 02, 5A, 32, ...]

.text ntkrnlpa.exe!ExfAcquirePushLockShared + 52 82CF231A 30 Bytes [83, E0, F0, 89, 44, 24, 30, ...]

.text ...

.text ntkrnlpa.exe!RtlSubAuthoritySid + 3 82CF2412 29 Bytes [8B, EC, 8B, 45, 0C, 8B, 4D, ...]

.text ntkrnlpa.exe!IoAcquireCancelSpinLock + 9 82CF2430 35 Bytes [15, 5C, B1, C3, 82, 8B, 4D, ...]

.text ntkrnlpa.exe!IoReleaseCancelSpinLock + 11 82CF2454 3 Bytes [5D, C2, 04]

.text ntkrnlpa.exe!IoReleaseCancelSpinLock + 15 82CF2458 6 Bytes [90, 90, 90, 90, 90, 8B]

.text ntkrnlpa.exe!CcUninitializeCacheMap + 2 82CF245F 18 Bytes [55, 8B, EC, 83, E4, F8, 83, ...]

.text ntkrnlpa.exe!CcUninitializeCacheMap + 15 82CF2472 7 Bytes [24, 14, 88, 5C, 24, 0F, 89]

.text ntkrnlpa.exe!CcUninitializeCacheMap + 1D 82CF247A 7 Bytes [24, 18, FF, 15, 5C, B1, C3]

.text ntkrnlpa.exe!CcUninitializeCacheMap + 25 82CF2482 33 Bytes [8B, 55, 08, 8B, 7A, 18, 3B, ...]

.text ntkrnlpa.exe!CcUninitializeCacheMap + 47 82CF24A4 12 Bytes [00, 00, BF, 58, 04, 00, 00, ...]

.text ...

.text ntkrnlpa.exe!CcRemapBcb + 2A 82CF278F 4 Bytes [15, 5C, B1, C3]

.text ntkrnlpa.exe!CcRemapBcb + 2F 82CF2794 14 Bytes [66, FF, 46, 08, 6A, 04, 8A, ...]

.text ntkrnlpa.exe!CcRemapBcb + 3E 82CF27A3 26 Bytes [8B, C6, 83, C8, 01, 5E, 5D, ...]

.text ntkrnlpa.exe!CcRemapBcb + 59 82CF27BE 21 Bytes [53, 56, 8D, 70, 7C, 8B, 0E, ...]

.text ntkrnlpa.exe!CcRemapBcb + 70 82CF27D5 12 Bytes JMP 82CF288F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!PsIsCurrentThreadPrefetching + 7 82CF28A6 84 Bytes [80, 69, 02, 00, 00, C0, E8, ...]

.text ntkrnlpa.exe!IoSetShareAccessEx + 46 82CF28FC 83 Bytes [8B, 45, F8, F6, 00, 01, 74, ...]

.text ntkrnlpa.exe!IoSetShareAccessEx + 9A 82CF2950 3 Bytes [01, 00, 00]

.text ntkrnlpa.exe!IoSetShareAccessEx + 9E 82CF2954 79 Bytes [0F, B6, 4E, 26, 89, 48, 04, ...]

.text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 2 82CF29A4 43 Bytes [55, 8B, EC, 51, 56, 8B, 75, ...]

.text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 2E 82CF29D0 77 Bytes [83, 65, 08, 00, 53, B1, 01, ...]

.text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + 7C 82CF2A1E 65 Bytes [3B, C1, 74, 3B, EB, EB, EB, ...]

.text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + BE 82CF2A60 24 Bytes [8A, 5A, 1C, 33, C9, 41, 8B, ...]

.text ntkrnlpa.exe!FsRtlRemovePerFileObjectContext + D7 82CF2A79 29 Bytes [8B, F0, 8B, FA, 8B, C1, F0, ...]

.text ...

.text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 2 82CF2AFA 18 Bytes [55, 8B, EC, 51, 53, 56, 8B, ...]

.text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 15 82CF2B0D 23 Bytes JMP 82CF2C24 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 2E 82CF2B26 31 Bytes [8B, 7D, FC, 3B, FB, 75, 76, ...]

.text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 4F 82CF2B47 5 Bytes [C0, E9, D7, 00, 00] {SHR CL, 0xd7; ADD [EAX], AL}

.text ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 55 82CF2B4D 31 Bytes [89, 5F, 04, 89, 5F, 08, 33, ...]

.text ...

.text ntkrnlpa.exe!KeAreApcsDisabled + 6 82CF2C56 6 Bytes [83, B8, 80, 00, 00, 00]

.text ntkrnlpa.exe!KeAreApcsDisabled + D 82CF2C5D 46 Bytes [0F, 95, C0, C3, 90, 90, 90, ...]

.text ntkrnlpa.exe!KeAreApcsDisabled + 3C 82CF2C8C 16 Bytes [EB, 10, 8B, 40, 10, 85, C0, ...]

.text ntkrnlpa.exe!KeAreApcsDisabled + 4D 82CF2C9D 4 Bytes CALL 82CEAE1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!KeAreApcsDisabled + 53 82CF2CA3 10 Bytes [64, 8B, 0D, 24, 01, 00, 00, ...]

.text ...

.text ntkrnlpa.exe!IoAllocateMdl + 18 82CF2F66 8 Bytes [8B, 55, 0C, 83, 65, FC, 00, ...] {MOV EDX, [EBP+0xc]; AND DWORD [EBP-0x4], 0x0; PUSH EBX}

.text ntkrnlpa.exe!IoAllocateMdl + 21 82CF2F6F 6 Bytes [8B, 7D, 08, B8, FF, 0F]

.text ntkrnlpa.exe!IoAllocateMdl + 29 82CF2F77 40 Bytes [23, D0, 8B, CF, 23, C8, 8B, ...]

.text ntkrnlpa.exe!IoAllocateMdl + 52 82CF2FA0 7 Bytes [00, EB, 5D, 64, A1, 20, 00]

.text ntkrnlpa.exe!IoAllocateMdl + 5A 82CF2FA8 34 Bytes [00, 56, 8B, B0, B0, 06, 00, ...]

.text ...

.text ntkrnlpa.exe!IoFreeMdl + 35 82CF30A0 51 Bytes [00, 66, 8B, 51, 04, FF, 41, ...]

.text ntkrnlpa.exe!IoFreeMdl + 69 82CF30D4 3 Bytes [EB, 08, 6A]

.text ntkrnlpa.exe!IoFreeMdl + 6D 82CF30D8 5 Bytes [56, E8, 27, 3F, 03]

.text ntkrnlpa.exe!IoFreeMdl + 73 82CF30DE 6 Bytes [5E, 8B, E5, 5D, C2, 04]

.text ntkrnlpa.exe!IoFreeMdl + 7A 82CF30E5 6 Bytes [90, 90, 90, 90, 90, 8B]

.text ...

.text ntkrnlpa.exe!IoSetIoPriorityHint + 11 82CF3194 15 Bytes [C0, EB, 17, 8B, 45, 08, 8B, ...]

.text ntkrnlpa.exe!IoSetIoPriorityHint + 21 82CF31A4 10 Bytes [FF, F1, FF, 0B, CA, 89, 48, ...]

.text ntkrnlpa.exe!IoSetIoPriorityHint + 2C 82CF31AF 28 Bytes [C2, 08, 00, 90, 90, 90, 90, ...]

.text ntkrnlpa.exe!IoSetIoPriorityHint + 49 82CF31CC 15 Bytes [76, 24, FF, 76, 1C, FF, 56, ...]

.text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 2 82CF31DC 19 Bytes [55, 8B, EC, 56, 8B, 75, 10, ...]

.text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 16 82CF31F0 45 Bytes [83, F8, 01, 8B, 4D, 14, 89, ...]

.text ntkrnlpa.exe!IoGetAttachedDeviceReference + 10 82CF321E 19 Bytes [FF, 75, 08, 8A, D8, E8, CB, ...] {PUSH DWORD [EBP+0x8]; MOV BL, AL; CALL 0xffffffffffff93d5; MOV ESI, EAX; MOV ECX, ESI; CALL 0xfffffffffff8bb31}

.text ntkrnlpa.exe!IoGetAttachedDeviceReference + 24 82CF3232 9 Bytes [0A, 8A, D3, 59, FF, 15, 58, ...] {OR CL, [EDX+0x15ff59d3]; POP EAX; MOV CL, 0xc3}

.text ntkrnlpa.exe!IoGetAttachedDeviceReference + 2E 82CF323C 14 Bytes [8B, C6, 5E, 5B, 5D, C2, 04, ...]

.text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 2 82CF324B 14 Bytes [55, 8B, EC, 8D, 45, 0C, 50, ...] {PUSH EBP; MOV EBP, ESP; LEA EAX, [EBP+0xc]; PUSH EAX; LEA EAX, [EBP+0x8]; PUSH EAX; PUSH DWORD [EBP+0xc]}

.text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 11 82CF325A 10 Bytes CALL 82CF31D8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!RtlLookupElementGenericTableAvl + 1C 82CF3265 6 Bytes [90, 90, 90, 90, 90, 8B]

.text ntkrnlpa.exe!_wcsupr + 2 82CF326C 9 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...]

.text ntkrnlpa.exe!_wcsupr + C 82CF3276 54 Bytes [8B, C8, 74, 1D, 0F, B7, 11, ...]

.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 11 82CF32AF 32 Bytes [8B, 4D, 10, 8D, 41, 10, 3B, ...]

.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 32 82CF32D0 5 Bytes [00, 33, C0, E9, 98] {ADD [EBX], DH; SHR CL, 0x98}

.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 3A 82CF32D8 9 Bytes [57, 33, C0, 8B, FB, AB, AB, ...] {PUSH EDI; XOR EAX, EAX; MOV EDI, EBX; STOSD ; STOSD ; STOSD ; STOSD }

.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 44 82CF32E2 5 Bytes [46, 18, 83, 7D, 1C]

.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 4A 82CF32E8 11 Bytes [75, 0E, 89, 5E, 08, 89, 33, ...]

.text ...

.text ntkrnlpa.exe!ExInitializeRundownProtection + 1F 82CF33AE 49 Bytes JMP 82C88885 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ExInitializeRundownProtection + 51 82CF33E0 25 Bytes [00, 32, D2, 88, 56, 0C, 88, ...]

.text ntkrnlpa.exe!ExInitializeRundownProtection + 6B 82CF33FA 17 Bytes [75, 3D, 80, FB, 01, 75, 05, ...]

.text ntkrnlpa.exe!ExInitializeRundownProtection + 7D 82CF340C 51 Bytes CALL 82CF344F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!ExInitializeRundownProtection + B1 82CF3440 84 Bytes [F6, DB, 33, C0, 88, 5E, 0C, ...]

.text ...

.text ntkrnlpa.exe!EtwWrite + 30 82CF4668 145 Bytes [73, 08, C1, E1, 04, 81, C1, ...]

.text ntkrnlpa.exe!KeQueryPriorityThread + 1 82CF46FA 51 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]

.text ntkrnlpa.exe!KeQueryPriorityThread + 35 82CF472E 131 Bytes [D8, 8B, 43, 08, 85, C0, 75, ...]

.text ntkrnlpa.exe!KeQueryPriorityThread + B9 82CF47B2 201 Bytes [75, 03, 80, C2, 02, 8B, F8, ...]

.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 77 82CF487C 59 Bytes [8B, C3, C1, E0, 03, 50, 8B, ...]

.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + B3 82CF48B8 29 Bytes [FF, 52, 50, 8B, C3, C1, E0, ...]

.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + D1 82CF48D6 83 Bytes [10, 00, 00, 76, 0A, 6A, 01, ...]

.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 125 82CF492A 5 Bytes [23, CA, 23, C2, 2B]

.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 12B 82CF4930 22 Bytes [74, 3C, 8D, 58, FF, C1, EB, ...]

.text ...

.text ntkrnlpa.exe!CcSetFileSizesEx + 16 82CF4990 18 Bytes [53, 8B, 18, 89, 4C, 24, 10, ...]

.text ntkrnlpa.exe!CcSetFileSizesEx + 29 82CF49A3 99 Bytes [8B, 48, 10, 8B, 40, 14, 6A, ...]

.text ntkrnlpa.exe!CcSetFileSizesEx + 8D 82CF4A07 86 Bytes [00, FF, 46, 04, 6A, 05, 59, ...]

.text ntkrnlpa.exe!CcSetFileSizesEx + E4 82CF4A5E 20 Bytes [F8, FF, 15, 5C, B1, C3, 82, ...]

.text ntkrnlpa.exe!CcSetFileSizesEx + F9 82CF4A73 7 Bytes [46, 6C, A9, 00, 00, 01, 00] {INC ESI; INSB ; TEST EAX, 0x10000}

.text ...

.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 32 82CF4D8D 3 Bytes [45, F4, 50] {INC EBP; HLT ; PUSH EAX}

.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 36 82CF4D91 5 Bytes [C7, E8, 72, B8, F7]

.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 3C 82CF4D97 6 Bytes [85, C0, 74, E0, 80, 7D]

.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 43 82CF4D9E 188 Bytes [00, 74, 4A, 83, 7F, 10, 00, ...]

.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 100 82CF4E5B 6 Bytes [7D, E0, 8B, 45, 08, 8B]

.text ...

.text ntkrnlpa.exe!CcSetDirtyPinnedData + 2B 82CF5492 82 Bytes [D9, 8B, 0B, 8B, 49, 70, 66, ...]

.text ntkrnlpa.exe!CcSetDirtyPinnedData + 7E 82CF54E5 38 Bytes [EB, 0C, 85, C0, C6, 46, 02, ...]

.text ntkrnlpa.exe!CcSetDirtyPinnedData + A5 82CF550C 4 Bytes [bE, 40, 04, 00]

.text ntkrnlpa.exe!CcSetDirtyPinnedData + AA 82CF5511 25 Bytes CALL 82CE0B4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!CcSetDirtyPinnedData + C4 82CF552B 19 Bytes CALL 82C6FA74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!IoGetBaseFileSystemDeviceObject + 1 82CF573D 99 Bytes [FF, 55, 8B, EC, 8B, 4D, 08, ...]

.text ntkrnlpa.exe!PfFileInfoNotify + 2A 82CF57A1 2 Bytes [8B, 43]

.text ntkrnlpa.exe!PfFileInfoNotify + 2D 82CF57A4 57 Bytes [A8, 04, 0F, 84, 26, 03, 00, ...]

.text ntkrnlpa.exe!PfFileInfoNotify + 67 82CF57DE 2 Bytes [bE, 89]

.text ntkrnlpa.exe!PfFileInfoNotify + 6A 82CF57E1 31 Bytes JMP 82CF5EBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!PfFileInfoNotify + 8A 82CF5801 69 Bytes CALL 82CEB69D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ...

.text ntkrnlpa.exe!ExDeleteResourceLite + 2E 82CF5F07 69 Bytes [8B, 46, 08, 33, FF, 3B, C7, ...]

.text ntkrnlpa.exe!ExDeleteResourceLite + 74 82CF5F4D 27 Bytes [07, 8B, 4F, 04, 53, 33, DB, ...]

.text ntkrnlpa.exe!ExDeleteResourceLite + 90 82CF5F69 42 Bytes CALL 872E987E

.text ntkrnlpa.exe!ExDeleteResourceLite + BB 82CF5F94 4 Bytes [0A, 8B, 40, 10]

.text ntkrnlpa.exe!ExDeleteResourceLite + C0 82CF5F99 39 Bytes CALL BB50C5AE

.text ...

.text ntkrnlpa.exe!IoRetrievePriorityInfo + 2 82CF6AA9 104 Bytes [55, 8B, EC, 8B, 45, 08, 85, ...]

.text ntkrnlpa.exe!IoRetrievePriorityInfo + 6B 82CF6B12 77 Bytes [3B, F1, 75, 0B, 80, BE, 6B, ...]

.text ntkrnlpa.exe!IoRetrievePriorityInfo + B9 82CF6B60 44 Bytes [05, 77, 18, 8B, 55, 08, 8D, ...]

.text ntkrnlpa.exe!IoRetrievePriorityInfo + E6 82CF6B8D 16 Bytes [EC, 51, 51, 53, 33, DB, 38, ...] {IN AL, DX ; PUSH ECX; PUSH ECX; PUSH EBX; XOR EBX, EBX; CMP [EBP+0x10], BL; PUSH ESI; PUSH EDI; MOV [EBP-0x4], EBX; JZ 0x21}

.text ntkrnlpa.exe!IoRetrievePriorityInfo + F7 82CF6B9E 1 Byte [45]

.text ...

.text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 29 82CF6CA8 5 Bytes [01, 00, 00, 66, FF] {ADD [EAX], EAX; ADD [ESI-0x1], AH}

.text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 2F 82CF6CAE 13 Bytes [80, 00, 00, 00, 8D, 4F, 34, ...]

.text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 3D 82CF6CBC 7 Bytes CALL 82CEB69D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 45 82CF6CC4 1 Byte [2A]

.text ntkrnlpa.exe!FsRtlInsertPerStreamContext + 45 82CF6CC4 14 Bytes [2A, 8B, 77, 28, B1, 01, FF, ...] {SUB CL, [EBX+0x1b12877]; CALL [0x82c3b14c]; MOV BL, AL}

.text ...

.text ntkrnlpa.exe!ExReinitializeResourceLite + 2 82CF6DBD 61 Bytes [55, 8B, EC, 53, 56, 8B, 75, ...]

.text ntkrnlpa.exe!ExReinitializeResourceLite + 41 82CF6DFC 70 Bytes CALL 82C77EBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 4 82CF6E43 23 Bytes [EC, 8B, 45, 08, 66, 83, 78, ...]

.text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 1C 82CF6E5B 114 Bytes CALL 82CEB35C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + 8F 82CF6ECE 59 Bytes [00, 00, 89, 7D, CC, 89, 4D, ...]

.text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + CB 82CF6F0A 25 Bytes CALL 82CEC9A6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!FsRtlUninitializeBaseMcb + E6 82CF6F25 130 Bytes [90, 90, 90, 6A, 08, 68, D8, ...]

.text ntkrnlpa.exe!FsRtlUninitializeOplock + 80 82CF6FA8 65 Bytes [03, 00, EB, BA, 8D, 43, 08, ...]

.text ntkrnlpa.exe!FsRtlUninitializeOplock + C3 82CF6FEB 14 Bytes [00, 83, 66, 18, 00, B2, 01, ...] {ADD [EBX-0x4dffe79a], AL; ADD [EBX+0x7c15ffce], ECX; SBB EDX, EDI}

.text ntkrnlpa.exe!FsRtlUninitializeOplock + D2 82CF6FFA 3 Bytes [EB, B0, 8B]

.text ntkrnlpa.exe!FsRtlUninitializeOplock + D6 82CF6FFE 33 Bytes [85, F6, 74, 3D, 8D, 7E, 25, ...]

.text ntkrnlpa.exe!FsRtlUninitializeOplock + F8 82CF7020 5 Bytes [00, 00, 83, 66, 18]

.text ...

.text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 26 82CF70D1 8 Bytes [00, 83, FE, 01, 0F, 84, B8, ...]

.text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 2F 82CF70DA 8 Bytes [00, FF, 15, 60, B1, C3, 82, ...]

.text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 38 82CF70E3 68 Bytes [8D, 54, 24, 20, 0F, 92, 44, ...]

.text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + 7D 82CF7128 58 Bytes [24, 01, 88, 5C, 24, 25, C6, ...]

.text ntkrnlpa.exe!ExWaitForRundownProtectionRelease + B8 82CF7163 9 Bytes [8B, 5C, 24, 14, 33, FF, 8B, ...]

.text ...

.text ntkrnlpa.exe!RtlDeleteNoSplay + 4 82CF71BD 15 Bytes [EC, 53, 56, 8B, 75, 08, 33, ...] {IN AL, DX ; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0x8]; XOR EBX, EBX; CMP [ESI+0x4], EBX; PUSH EDI; MOV EDI, [EBP+0xc]}

.text ntkrnlpa.exe!RtlDeleteNoSplay + 14 82CF71CD 37 Bytes [18, 39, 5E, 08, 74, 13, 56, ...]

.text ntkrnlpa.exe!RtlDeleteNoSplay + 3A 82CF71F3 146 Bytes [06, 3B, C6, 75, 04, 89, 1F, ...]

.text ntkrnlpa.exe!RtlDelete + 13 82CF7286 184 Bytes CALL 82CF73FF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

.text ntkrnlpa.exe!RtlDelete + CC 82CF733F 114 Bytes [57, 8B, 39, 3B, F9, 8D, 72, ...]

.text ntkrnlpa.exe!RtlDelete + 13F 82CF73B2 37 Bytes [8B, 71, 04, 8B, 50, 04, 89, ...]

.text ntkrnlpa.exe!RtlDelete + 165 82CF73D8 22 Bytes [50, 04, 85, D2, 5E, 74, 02, ...]

.text ntkrnlpa.exe!RtlDelete + 17C 82CF73EF 37 Bytes [74, 02, 89, 08, 8B, 41, 08, ...]

.text ntkrnlpa.exe!RtlSubtreePredecessor + 13 82CF7415 110 Bytes [8B, C1, 8B, 48, 08, 85, C9, ...]

.text ntkrnlpa.exe!RtlSubtreePredecessor + 82 82CF7484 13 Bytes [A4, F7, 0C, BB, FF, 0F, 00, ...]

.text ntkrnlpa.exe!RtlSubtreePredecessor + 90 82CF7492 14 Bytes [E6, 0C, B1, 02, 0B, F0, 0B, ...] {OUT 0xc, AL; MOV CL, 0x2; OR ESI, EAX; OR EDI, EDX; CALL [0x82c3b14c]}

.text ntkrnlpa.exe!RtlSubtreePredecessor + 9F 82CF74A1 98 Bytes [4D, 08, 88, 01, 64, A1, 20, ...]

.text ntkrnlpa.exe!RtlSubtreePredecessor + 102 82CF7504 7 Bytes [25, FF, 0F, 00, 00, 81, E9]

.text ...

.text ntkrnlpa.exe!ExGetCurrentProcessorCounts 82CF7569 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP}

.text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 4 82CF756D 15 Bytes [EC, 64, A1, 20, 00, 00, 00, ...]

.text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 15 82CF757E 1 Byte [55]

.text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 15 82CF757E 16 Bytes [55, 08, 89, 0A, 8B, 88, AC, ...] {PUSH EBP; OR [ECX-0x537774f6], CL; ADD EAX, 0x88030000; TEST AL, 0x5; ADD [EAX], AL}

.text ntkrnlpa.exe!ExGetCurrentProcessorCounts + 26 82CF758F 45 Bytes [55, 0C, 89, 0A, 0F, B6, 40, ...]

.text ...

.text ntkrnlpa.exe!ZwQueryDebugFilterState + 32 82CF7B17 63 Bytes [0C, 95, C8, 1F, D3, 82, 85, ...]

.text ntkrnlpa.exe!ZwQueryDebugFilterState + 72 82CF7B57 6 Bytes [10, FF, 75, 0C, E8, 85]

.text ntkrnlpa.exe!ZwQueryDebugFilterState + 7A 82CF7B5F 11 Bytes [FF, 85, C0, 75, 07, 33, C0, ...] {INC DWORD [EBP+0x330775c0]; SHR CL, 0x8a; ADD AL, [EAX]}

.text ntkrnlpa.exe!ZwQueryDebugFilterState + 86 82CF7B6B 38 Bytes [83, 65, FC, 00, 8B, C7, 8D, ...]

.text ntkrnlpa.exe!ZwQueryDebugFilterState + AD 82CF7B92 5 Bytes [50, E8, 88, B4, FE]

.text ...

.text ntkrnlpa.exe!DbgPrint + BA 82CF7EBC 33 Bytes [b8, 68, CF, D4, 82, 33, C9, ...]

.text ntkrnlpa.exe!DbgPrint + DC 82CF7EDE 17 Bytes [84, 52, 01, 00, 00, F6, 80, ...]

.text ntkrnlpa.exe!DbgPrint + EE 82CF7EF0 55 Bytes [F6, 80, 7D, 0D, 00, 00, 01, ...]

.text ntkrnlpa.exe!DbgPrint + 127 82CF7F29 80 Bytes [FF, 03, 8B, D1, 6B, D2, 1C, ...]

.text ntkrnlpa.exe!DbgPrint + 178 82CF7F7A 12 Bytes [C1, E1, 0C, 8B, D1, 23, C6, ...]

.text ...

.text ntkrnlpa.exe!ExfTryToWakePushLock + 1 82CF85AD 54 Bytes [11, F6, C2, 05, 53, 56, 57, ...]

.text ntkrnlpa.exe!ExfTryToWakePushLock + 38 82CF85E4 25 Bytes [53, 8D, 4E, 58, 8D, 55, F0, ...]

.text ntkrnlpa.exe!ExfTryToWakePushLock + 52 82CF85FE 2 Bytes [47, 10]

.text ntkrnlpa.exe!ExfTryToWakePushLock + 55 82CF8601 66 Bytes [86, 94, 01, 00, 00, 89, 47, ...]

.text ntkrnlpa.exe!ExfTryToWakePushLock + 98 82CF8644 9 Bytes [00, 89, 47, 30, 8B, 86, B4, ...]

.text ...

.text ntkrnlpa.exe!AlpcInitializeMessageAttribute + 1C 82CF8D2D 37 Bytes [C0, EB, 0F, 8B, 45, 0C, 85, ...]

.text ntkrnlpa.exe!AlpcInitializeMessageAttribute + 42 82CF8D53 98 Bytes [A1, 34, 27, D3, 82, 33, C4, ...]

.text ntkrnlpa.exe!AlpcInitializeMessageAttribute + A5 82CF8DB6 18 Bytes [3B, C3, 75, D0, 8B, 4C, 24, ...] {CMP EAX, EBX; JNZ 0xffffffffffffffd4; MOV ECX, [ESP+0x24]; POP EDI; POP ESI; POP EBX; XOR ECX, ESP; CALL 0xfffffffffffef57a}

.text ntkrnlpa.exe!AlpcInitializeMessageAttribute + B8 82CF8DC9 16 Bytes [E5, 5D, C3, 90, 90, 90, 90, ...]

.text ntkrnlpa.exe!AlpcInitializeMessageAttribute + C9 82CF8DDA 57 Bytes [00, 83, 25, D0, 69, D4, 82, ...]

.text ...

.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 63 82CF904A 20 Bytes [8B, F0, 3B, F3, 0F, 8C, AA, ...]

.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 79 82CF9060 86 Bytes [10, 00, FF, 75, 0C, E8, F6, ...]

.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + D0 82CF90B7 20 Bytes [3B, C3, 8D, 3C, 02, 7D, 02, ...]

.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + E5 82CF90CC 22 Bytes [05, 10, 10, D7, 82, 75, 1F, ...]

.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + FC 82CF90E3 90 Bytes [00, 00, 51, 51, 52, E8, 76, ...]

.text ...

.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 4C 82CF970C 250 Bytes [00, 0F, B7, 56, 08, 66, 3B, ...]

.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 147 82CF9807 12 Bytes [39, 45, F8, 7F, 0B, EB, 7F, ...] {CMP [EBP-0x8], EAX; JG 0x10; JMP 0x86; JMP 0x10; MOV [EBP-0xc], ECX}

.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 154 82CF9814 13 Bytes [D7, 33, C0, 39, 7D, FC, 7F, ...] {XLATB ; XOR EAX, EAX; CMP [EBP-0x4], EDI; JG 0x2c; CMP EDI, [EBP+0x8]; JGE 0x2c}

.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 162 82CF9822 63 Bytes [C3, 2B, 45, 0C, 68, 20, A2, ...]

.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 1A2 82CF9862 22 Bytes [66, 8B, 04, 7E, 8A, E8, 8A, ...]

.text ...

PAGE ntkrnlpa.exe!ZwLoadDriver 82DA5DF0 7 Bytes JMP 8FF43AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E1128F 5 Bytes JMP 8FF3F5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 82E6A063 5 Bytes JMP 8FF40F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 82E6B905 7 Bytes JMP 8FF439C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ECB90A 7 Bytes JMP 8FF43BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

? System32\Drivers\sphz.sys Le chemin d'accès spécifié est introuvable. !

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F005000, 0x267978, 0xE8000020]

.text USBPORT.SYS!DllUnload 8F57C41B 5 Bytes JMP 873274E0

.text a3sb3758.SYS 8B3BF000 22 Bytes [82, E3, C0, 82, 6C, E2, C0, ...]

.text a3sb3758.SYS 8B3BF017 181 Bytes [00, 32, 47, 39, 83, 3D, 45, ...]

.text a3sb3758.SYS 8B3BF0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]

.text a3sb3758.SYS 8B3BF0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]

.text a3sb3758.SYS 8B3BF0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]

.text ...

.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA8202400, 0x7960C, 0xE8000020]

.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A4420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A4420]

.protectÿÿÿÿhardlockunknown last code section [0xA82A4200, 0x5049, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA82A4200, 0x5049, 0xE0000020]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4912] kernel32.dll!SetUnhandledExceptionFilter 7718A84F 5 Bytes JMP 5CDF5164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4912] ole32.dll!OleLoadFromStream 77921E12 5 Bytes JMP 5D8A9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs 861261F8

Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\fastfat \FatCdrom 88E39500

Device \Driver\volmgr \Device\VolMgrControl 857921F8

Device \Driver\usbohci \Device\USBPDO-0 873A5398

Device \Driver\usbohci \Device\USBPDO-1 873A5398

Device \Driver\usbehci \Device\USBPDO-2 873601F8

 

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\volmgr \Device\HarddiskVolume1 857921F8

Device \Driver\USBSTOR \Device\00000071 88DA01F8

Device \Driver\volmgr \Device\HarddiskVolume2 857921F8

Device \Driver\cdrom \Device\CdRom0 873591F8

Device \Driver\PCI_PNP5919 \Device\00000059 sphz.sys

Device \Driver\USBSTOR \Device\00000072 88DA01F8

Device \Driver\netbt \Device\NetBT_Tcpip_{C2B218E3-51B5-434A-8775-34E10D41BD45} 88D141F8

Device \Driver\volmgr \Device\HarddiskVolume3 857921F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 861251F8

Device \Driver\atapi \Device\Ide\IdePort0 861251F8

Device \Driver\atapi \Device\Ide\IdePort1 861251F8

Device \Driver\atapi \Device\Ide\IdePort2 861251F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 861251F8

Device \Driver\volmgr \Device\HarddiskVolume4 857921F8

Device \Driver\sptd \Device\3085873927 sphz.sys

Device \Driver\USBSTOR \Device\00000074 88DA01F8

Device \Driver\volmgr \Device\HarddiskVolume5 857921F8

Device \Driver\volmgr \Device\HarddiskVolume6 857921F8

Device \Driver\volmgr \Device\HarddiskVolume7 857921F8

Device \Driver\netbt \Device\NetBt_Wins_Export 88D141F8

Device \Driver\volmgr \Device\HarddiskVolume8 857921F8

Device \Driver\USBSTOR \Device\00000079 88DA01F8

Device \Driver\Smb \Device\NetbiosSmb 8777C1F8

Device \Driver\iScsiPrt \Device\RaidPort0 873CF1F8

 

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\usbohci \Device\USBFDO-0 873A5398

Device \Driver\usbohci \Device\USBFDO-1 873A5398

Device \Driver\USBSTOR \Device\0000007a 88DA01F8

Device \Driver\usbehci \Device\USBFDO-2 873601F8

Device \Driver\USBSTOR \Device\0000007b 88DA01F8

Device \Driver\USBSTOR \Device\0000007c 88DA01F8

Device \Driver\a3sb3758 \Device\Scsi\a3sb37581 873A31F8

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

Device \FileSystem\fastfat \Fat 88E39500

 

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

 

Device \FileSystem\cdfs \Cdfs 870FC1F8

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xF1 0x87 0x08 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA1 0x60 0xA0 0xC4 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x7A 0xB6 0x66 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x81 0x7A 0xB6 0x66 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0x99 0xCD 0x90 ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xE3 0xAF 0xB0 ...

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0x99 0xCD 0x90 ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x86 0x77 0xEC ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x2F 0x20 0xAB ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x4C 0x0C 0x8E ...

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xF1 0x87 0x08 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 41B208826F6EDAE005FDA11999FE00EE8443CDC03CEEB8EA392DC714A8EAAB7EF7681DC7B0252FC303E45138854E7AC328F61BBF9F4EE8B67E3AA1EEB5D9C1959B49DC7D4DCF9984F24EF31DD1ECC1812BCFB71440C9C66E1BE2A92BE02B7AE1C91F90E712A41ACC7BE5201B2386F4ECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74CA9C6AECB7A5D14070C8DF9F0FCE8F86E04F1A5B6DB11B97EF3F85677C285F547CCE7F7B6C721C19C558F257DC09481F7BF144FE6995616E545076F7F44631D5264CC526BAECE3E951857ECE94EA58CDD2E32BF9C3C9AEF61AD5154285F8A29E343443E9BA4CADB0B472730344BC92F0250EEA9E0C102FDEED301A7288A3591B7D91C6C4CBA8271153F8F544E8345447908C34234CDC2BA4143150FADE1AD913CFB7815F5A5779B00BA79C19D63EB670C1CFCC209A62863BBEB5D36D52655A713E250F4073FBDBB4A5D22667CFBA97935B43DE9C537127AF92101CBB7BAA096942A6D4B5F0300F3A7AB97B0B985FB202763F6F7458E73C5499AF981D8A717E749D36E5B53137AAD008D3F1717D8F5C54698F4B358DFD3502A72940E3798D4E3704247EBAC337F94EED24F914A73BC152B2AD26640034E685229F4AC415D8B9B7CBEBDCBA94EF218C

Reg HKLM\SOFTWARE\Classes\.pcb\PCBFile\ShellNew

Reg HKLM\SOFTWARE\Classes\.sdp\OpenWithProgIDs@soffice.StarImpressDocument.5

Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew

 

---- EOF - GMER 1.0.15 ----

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Bonjour Captainigloo :)

 

Ce scan ne m'a pas sorti ce que je pensais trouvé, j'aimerai faire une autre vérif avant d'attaquer:

 

Télécharge ZHPDiag crée par Nicolas Coolman

 

  • Enregistre le sur ton bureau
  • Double clique sur l'icône
  • Suis les instructions à l'ecran
  • Clique sur loupe.jpg pour lancer l'analyse
  • Clique sur PanelCopierPP.jpg pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

 

A++

Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

:) Re

 

Voici ce que tu m'as demandé, à plus tard.

 

Merci de ton aide

__________________________________________________________________________

Rapport de ZHPDiag v1.26.55 par Nicolas Coolman, Update du 24/08/2010

Run by Cyril at 29/08/2010 13:24:22

Web site : ZHPDiag Outil de diagnostic

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18943

MFIE: Mozilla Firefox (3.6.8)

 

---\\ System Information

Platform : Windows Vista Home Premium (6.0.6002) Service Pack 2

Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3070 MB (51% free)

System drive C: has 64 GB (44%) free of 144 GB

 

---\\ Logged in mode

Computer Name: PC-DE-CYRIL

User Name: Cyril

All Users Names: Cyril, Administrateur,

Unselected Option: O1,O45,O61,O65,O82

Logged in as Administrator

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 144 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 114 Go of 144 Go)

E:\ CD-ROM drive (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Hard drive, Flash drive, Thumb drive (Free 191 Go of 233 Go)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

 

 

---\\ Processus lancés

[MD5.CDA7716BDF23E87530AFF13E46331EEE] - (.Crawler.com - Spyware Terminator Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe [2176512]

[MD5.38AE7A942FC3FAB1C6A27EB65DE8F827] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864]

[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]

[MD5.4B7A840613734F1FE0D102346640E300] - (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3037696]

[MD5.79CC43BE17E1D1AC58844574ABD58941] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe [490952]

[MD5.B995BCBC001150974EDD1637295600BD] - (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe [1242448]

[MD5.FC611A99647705BA397EEE01713E9C92] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PowerCheck\PowerCheck.exe [979456]

[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]

[MD5.4F779AD993A2975D945EE6985CAC0FEA] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE [397312]

[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152]

[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152]

[MD5.D449C2456FCFC8DDA896F1DD27D0A476] - (.Secunia - Secunia PSI.) -- C:\Program Files\Secunia\PSI\psi.exe [911920]

[MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296]

[MD5.642FA80C2C43EE609313746AA305DC86] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [14808]

[MD5.2103C7D93D559817F293881C28F8062E] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [546816]

 

 

---\\ Plugins de navigateurs Opera/Firefox(P1/P2)

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.3.4".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll

P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.1] - (.the VideoLAN Team - Version 1.1.1, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Pas de propriétaire - Pas de description.) (No version) -- (.not file.)

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} . (.RapidSolution Software - WebRip Plugin for Internet Explorer.) -- C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Inc. - WR_PopUp.) -- C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [spywareTerminator] . (.Crawler.com - Spyware Terminator Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

O4 - HKLM\..\Run: [NPSStartup] Clé orpheline

O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] . (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

O4 - HKCU\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe

O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [spywareTerminatorUpdate] . (.Crawler.com - Crawler Spyware Terminator.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Valve\Steam\Steam.exe

O4 - HKUS\S-1-5-21-2684771895-3763166589-4040009352-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Empowering Technology Launcher.lnk . (.Acer Inc. - Acer eAP Launch Tool.) -- C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: PowerCheck.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PowerCheck\PowerCheck.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\Windows\system32\GPhotos.scr

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FsUsbExService (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\Windows\system32\FsUsbExService.exe

O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 197.4.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag (O&O Defrag) . (.O&O Software GmbH - O&O Defrag Agent (Win32).) - C:\Windows\system32\oodag.exe

O23 - Service: PnkBstrA (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB (PnkBstrB) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrB.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) . (.Crawler.com - Spyware Terminator Realtime Shield Service.) - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Maintenance en 1 clic.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PCConfidential.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegPowerClean.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RPCReminder.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: PixiePack Codec Pack 1.0.100.0 - {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Macromedia, Inc. - Macromedia Flash Player 7.0 r19.) -- C:\Windows\system32\macromed\flash\Flash.ocx

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: Spyware Terminator Driver 2 (sp_rsdrv2) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\sp_rsdrv2.sys

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}

O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager

O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95}

O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394}

O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23}

O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E}

O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {73B5D990-04EA-4751-B10F-5534770B91F2}

O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B}

O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {04AF207D-9A77-465A-8B76-991F6AB66245}

O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078}

O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_32e9033392a51340b32fdc6ad893ab7

O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {BF794769-8875-4E01-B7BE-E00104604F4A}

O42 - Logiciel: Adobe Reader 9.3.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001}

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183}

O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8}

O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5}

O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923}

O42 - Logiciel: Assistant de connexion Windows Live ID - (.Microsoft Corporation.) [HKLM] -- {10A44844-4465-456E-8C97-80BDD4F68845}

O42 - Logiciel: Autopano Giga - (.Kolor.) [HKLM] -- Autopano Giga

O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {8D7133DE-27D2-47E5-B248-4180278D32AA}

O42 - Logiciel: Combined Community Codec Pack 2009-09-09 - (.CCCP Project.) [HKLM] -- Combined Community Codec Pack

O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM] -- DivX Setup.divx.com

O42 - Logiciel: Counter-Strike - (.Valve.) [HKLM] -- {DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}

O42 - Logiciel: DIGIPILLS Miniphoto - (.Pas de propriétaire.) [HKLM] -- Miniphoto

O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink

O42 - Logiciel: ERUNT 1.1j - (.Lars Hederer.) [HKLM] -- ERUNT

O42 - Logiciel: Enemy Territory - QUAKE Wars Demo 2 - (.Activision.) [HKLM] -- InstallShield_{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}

O42 - Logiciel: Enemy Territory - QUAKE Wars Demo 2 Lite Server - (.Activision.) [HKLM] -- InstallShield_{C96F54F5-6904-4B36-8422-F060F867C8A6}

O42 - Logiciel: Eraser - (.Heidi Computers Ltd..) [HKLM] -- Eraser

O42 - Logiciel: Eraser - (.Heidi Computers Ltd..) [HKLM] -- {F850707C-B6A0-4B56-8709-F89CF8F9AC6D}

O42 - Logiciel: FairUse Wizard 2 - (.FairUse Wizard.) [HKLM] -- FairUse Wizard 2

O42 - Logiciel: FileZilla Client 3.3.4.1 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client

O42 - Logiciel: Free Video to Mp3 Converter version 2.7 - (.DVD Video Soft Limited..) [HKLM] -- Free Video to Mp3 Converter

O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities

O42 - Logiciel: HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 - (.HP.) [HKLM] -- {CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}

O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions

O42 - Logiciel: HP Print Projects 1.0 - (.HP.) [HKLM] -- HP Print Projects

O42 - Logiciel: HP Smart Web Printing 4.60 - (.HP.) [HKLM] -- HP Smart Web Printing

O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools

O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {818ABC3C-635C-4651-8183-D0E9640B7DD1}

O42 - Logiciel: Hercules Classic Link Webcam - (.Hercules.) [HKLM] -- {FD4FE0F7-91FC-43A2-9C3A-187553991FFF}

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}

O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF}

O42 - Logiciel: Lame ACM MP3 Codec - (.Pas de propriétaire.) [HKLM] -- LameACM

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}

O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] -- {C523D256-313D-4866-B36A-F3DE528246EF}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {207BB01A-0163-43E0-8CE9-BE494505BE0F}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Money - (.Microsoft.) [HKLM] -- Money2005b

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Live Add-in 1.4 - (.Microsoft Corporation.) [HKLM] -- {AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 - (.Microsoft Corporation.) [HKLM] -- {E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.8)

O42 - Logiciel: Mozilla Thunderbird (3.0.6) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (3.0.6)

O42 - Logiciel: MySQL Connector/ODBC 3.51 - (.MySQL AB.) [HKLM] -- {0CB3C535-1171-4A20-B549-E2CB5DEB9723}

O42 - Logiciel: NTI Backup NOW! 4.7 - (.NewTech Infosystems.) [HKLM] -- {67ADE9AF-5CD9-4089-8825-55DE4B366799}

O42 - Logiciel: NTI CD & DVD-Maker - (.NewTech Infosystems.) [HKLM] -- InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel

O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers

O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}

O42 - Logiciel: O&O Defrag Professional Edition - (.O&O Software GmbH.) [HKLM] -- {53480330-E1D1-41CA-B8F8-7F78644F7F50}

O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {BEFBEDDF-1417-4C8A-92FB-F003C0D41199}

O42 - Logiciel: OpenOffice.org 3.2 Language Pack (French) - (.OpenOffice.org.) [HKLM] -- {EC0C8044-B973-4703-931D-DF45840A47AA}

O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}

O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930}

O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}

O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}

O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F

O42 - Logiciel: Photomatix Pro version 3.1.3 - (.HDRsoft Sarl.) [HKLM] -- PhotomatixPro3

O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3

O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] -- {87441A59-5E64-4096-A170-14EFE67200C3}

O42 - Logiciel: PixiePack Codec Pack - (.None.) [HKLM] -- {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}

O42 - Logiciel: PowerCheck 4.2.3 - (.Pas de propriétaire.) [HKLM] -- PowerCheck

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Revo Uninstaller 1.89 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: Secunia PSI - (.Pas de propriétaire.) [HKLM] -- Secunia PSI

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2277947) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5857EE21-03D0-482E-9620-5A30B314A2AE}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982312) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982331) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E8766951-2B6C-4022-86E8-80D2D1762B76}

O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906

O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}

O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB982308) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB980376) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{48113C06-9BA2-4D54-A731-D1D2C5B3144A}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB982124) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2251419) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7E9103DA-253F-41FF-9E83-7C83806C77DA}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

O42 - Logiciel: Spyware Terminator - (.Crawler Inc..) [HKLM] -- Spyware Terminator

O42 - Logiciel: Steam - (.Valve.) [HKLM] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3}

O42 - Logiciel: Tunebite - (.RapidSolution Software AG.) [HKLM] -- {1442BD5B-64FC-434E-942C-F2310C720C8D}

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb2279264) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{01D475AB-57B1-44CC-8A8F-3A6B0FA4989F}

O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421}

O42 - Logiciel: VC80_CRT_x86 - (.kolor.) [HKLM] -- {AFC02C27-473F-4EC5-9372-30771EFFB35F}

O42 - Logiciel: VLC media player 1.1.1 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}

O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

O42 - Logiciel: XnView 1.97.6 - (.Gougelet Pierre-e.) [HKLM] -- XnView

O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AC3Filter]

[HKCU\Software\ALWIL Software]

[HKCU\Software\ATI Technologies Inc.]

[HKCU\Software\ATI]

[HKCU\Software\AVS4YOU]

[HKCU\Software\AcerUtil]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\Alex Feinman]

[HKCU\Software\AppDataLow\Aurigma]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Yahoo]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\ArcSoft]

[HKCU\Software\Binary Noise]

[HKCU\Software\Blizzard Entertainment]

[HKCU\Software\Bugsplat]

[HKCU\Software\CESYAM]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CoreAAC]

[HKCU\Software\CoyoteReplay]

[HKCU\Software\CyberLink]

[HKCU\Software\DT Soft]

[HKCU\Software\DVD Decrypter]

[HKCU\Software\DVD Shrink]

[HKCU\Software\DVDVIDEOSOFT]

[HKCU\Software\DivXNetworks]

[HKCU\Software\DivX]

[HKCU\Software\EPSON]

[HKCU\Software\FUW]

[HKCU\Software\FairUse Wizard 2]

[HKCU\Software\FairUseW]

[HKCU\Software\Freeware]

[HKCU\Software\Fridgesoft]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GameShadow]

[HKCU\Software\Google]

[HKCU\Software\HP]

[HKCU\Software\Haali]

[HKCU\Software\Heidi Computers Ltd]

[HKCU\Software\Hercules]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\HookNetwork]

[HKCU\Software\IE]

[HKCU\Software\IGA]

[HKCU\Software\IM Providers]

[HKCU\Software\Illustrate]

[HKCU\Software\ImageViewer]

[HKCU\Software\JEDI-VCL]

[HKCU\Software\JavaSoft]

[HKCU\Software\Kolor]

[HKCU\Software\Macromedia]

[HKCU\Software\Magix]

[HKCU\Software\Magnet]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MimarSinan]

[HKCU\Software\Mozilla]

[HKCU\Software\MultimediaPhoto]

[HKCU\Software\NVIDIA Corporation]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\NewTech Infosystems]

[HKCU\Software\Nikon]

[HKCU\Software\O&O]

[HKCU\Software\ODBC]

[HKCU\Software\OpenOffice.org]

[HKCU\Software\PDFCreator]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\RapidSolution]

[HKCU\Software\RealNetworks]

[HKCU\Software\Realtek]

[HKCU\Software\Ripp-it]

[HKCU\Software\RocketDock]

[HKCU\Software\SIComponents]

[HKCU\Software\Safer Networking Limited]

[HKCU\Software\SecuROM]

[HKCU\Software\Secunia]

[HKCU\Software\Skyline]

[HKCU\Software\Softonic]

[HKCU\Software\Software]

[HKCU\Software\Spyware Terminator]

[HKCU\Software\Sysinternals]

[HKCU\Software\Trolltech]

[HKCU\Software\TuneUp]

[HKCU\Software\Ubisoft]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\Valve]

[HKCU\Software\VideoToMp3]

[HKCU\Software\W3i, LLC]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\Yahoo]

[HKCU\Software\acer]

[HKCU\Software\cybelsoft]

[HKCU\Software\etoro]

[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]

[HKLM\Software\ALWIL Software]

[HKLM\Software\AMD]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\AVS4YOU]

[HKLM\Software\AVS]

[HKLM\Software\Acer]

[HKLM\Software\Adaptec]

[HKLM\Software\Adobe]

[HKLM\Software\Aladdin Knowledge Systems]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\ArcSoft]

[HKLM\Software\Avg]

[HKLM\Software\CDDB]

[HKLM\Software\Caphyon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Combined-Community-Codec-Pack]

[HKLM\Software\CyberLink]

[HKLM\Software\DT Soft]

[HKLM\Software\DVDVIDEOSOFT]

[HKLM\Software\Dealio]

[HKLM\Software\DivXNetworks]

[HKLM\Software\DivX]

[HKLM\Software\DivoGames]

[HKLM\Software\EPSON]

[HKLM\Software\Electronic Arts]

[HKLM\Software\Even Balance]

[HKLM\Software\FairUse Wizard]

[HKLM\Software\FarStone]

[HKLM\Software\FileZilla 3]

[HKLM\Software\Freeze.com]

[HKLM\Software\GNU]

[HKLM\Software\Gabest]

[HKLM\Software\GameHouse]

[HKLM\Software\Google]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hercules]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\Id]

[HKLM\Software\ImInstaller]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\InterVideo]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Khronos]

[HKLM\Software\LightScribe]

[HKLM\Software\MCCI]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Magix]

[HKLM\Software\MarkAny]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\MySQL AB]

[HKLM\Software\NVIDIA Corporation]

[HKLM\Software\Nero]

[HKLM\Software\NewTech Infosystems]

[HKLM\Software\Nikon]

[HKLM\Software\O&O]

[HKLM\Software\ODBC]

[HKLM\Software\OpenOffice.org]

[HKLM\Software\PDFCreator]

[HKLM\Software\PixArt]

[HKLM\Software\Policies]

[HKLM\Software\PopCap]

[HKLM\Software\Python]

[HKLM\Software\RapidSolution]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Secunia]

[HKLM\Software\Sierra]

[HKLM\Software\Sonic]

[HKLM\Software\Sun Microsystems]

[HKLM\Software\SymNRT]

[HKLM\Software\TrendMicro]

[HKLM\Software\Trymedia Systems]

[HKLM\Software\TuneUp]

[HKLM\Software\Ubisoft]

[HKLM\Software\Valve]

[HKLM\Software\VideoLAN]

[HKLM\Software\Volatile]

[HKLM\Software\Windows]

[HKLM\Software\Xara]

[HKLM\Software\Yahoo]

[HKLM\Software\ZSMC]

[HKLM\Software\ahead]

[HKLM\Software\cybelsoft]

[HKLM\Software\mozilla.org]

[HKLM\Software\muvee Technologies]

 

 

---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Arcade Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\AGI

O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software

O43 - CFD:Common File Directory ----D- C:\Program Files\Apowersoft

O43 - CFD:Common File Directory ----D- C:\Program Files\ATI

O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Autopano Giga 2

O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5

O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU

O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour

O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink

O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite

O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX

O43 - CFD:Common File Directory ----D- C:\Program Files\DivX

O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink

O43 - CFD:Common File Directory ----D- C:\Program Files\DVDVIDEOSOFT

O43 - CFD:Common File Directory ----D- C:\Program Files\eMule

O43 - CFD:Common File Directory ----D- C:\Program Files\Eraser

O43 - CFD:Common File Directory ----D- C:\Program Files\ERUNT

O43 - CFD:Common File Directory ----D- C:\Program Files\FairUse Wizard 2

O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs

O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client

O43 - CFD:Common File Directory ----D- C:\Program Files\Google

O43 - CFD:Common File Directory ----D- C:\Program Files\Hercules

O43 - CFD:Common File Directory ----D- C:\Program Files\HP

O43 - CFD:Common File Directory ----D- C:\Program Files\id Software

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com

O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files\MediaCoder iPod Edition

O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files\Miniphoto

O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Thunderbird

O43 - CFD:Common File Directory ----D- C:\Program Files\mp3DirectCut

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems

O43 - CFD:Common File Directory ----D- C:\Program Files\NOS

O43 - CFD:Common File Directory ----D- C:\Program Files\NVIDIA Corporation

O43 - CFD:Common File Directory ----D- C:\Program Files\OO Software

O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator

O43 - CFD:Common File Directory ----D- C:\Program Files\PhotomatixPro3

O43 - CFD:Common File Directory ----D- C:\Program Files\PixiePack Codec Pack

O43 - CFD:Common File Directory ----D- C:\Program Files\PowerCheck

O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime

O43 - CFD:Common File Directory ----D- C:\Program Files\RapidSolution

O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files\RegCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\RegSeeker

O43 - CFD:Common File Directory ----D- C:\Program Files\Secunia

O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy

O43 - CFD:Common File Directory ----D- C:\Program Files\Spyware Terminator

O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Valve

O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN

O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar

O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR

O43 - CFD:Common File Directory ----D- C:\Program Files\XnView

O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!

O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DivX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DVDVIDEOSOFT

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Hewlett-Packard

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\HP

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MAGIX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Games

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nikon

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Steam

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno

O43 - CFD:Common File Directory ----D- C:\ProgramData\Adobe

O43 - CFD:Common File Directory ----D- C:\ProgramData\agi

O43 - CFD:Common File Directory ----D- C:\ProgramData\Alwil Software

O43 - CFD:Common File Directory ----D- C:\ProgramData\Apple Computer

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Application Data

O43 - CFD:Common File Directory ----D- C:\ProgramData\ArcSoft

O43 - CFD:Common File Directory ----D- C:\ProgramData\ATI

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Bureau

O43 - CFD:Common File Directory ----D- C:\ProgramData\BVRP Software

O43 - CFD:Common File Directory --H-D- C:\ProgramData\CanonBJ

O43 - CFD:Common File Directory ----D- C:\ProgramData\CyberLink

O43 - CFD:Common File Directory ----D- C:\ProgramData\DAEMON Tools Lite

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Desktop

O43 - CFD:Common File Directory ----D- C:\ProgramData\DivX

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Documents

O43 - CFD:Common File Directory ----D- C:\ProgramData\DVD Shrink

O43 - CFD:Common File Directory ----D- C:\ProgramData\eMule

O43 - CFD:Common File Directory ----D- C:\ProgramData\EnterNHelp

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favoris

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Favorites

O43 - CFD:Common File Directory ----D- C:\ProgramData\Google

O43 - CFD:Common File Directory ----D- C:\ProgramData\Google Updater

O43 - CFD:Common File Directory ----D- C:\ProgramData\HP

O43 - CFD:Common File Directory ----D- C:\ProgramData\HP Product Assistant

O43 - CFD:Common File Directory ----D- C:\ProgramData\HPSSUPPLY

O43 - CFD:Common File Directory ----D- C:\ProgramData\LightScribe

O43 - CFD:Common File Directory ----D- C:\ProgramData\ma-config.com

O43 - CFD:Common File Directory ----D- C:\ProgramData\Malwarebytes

O43 - CFD:Common File Directory ----D- C:\ProgramData\McAfee

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft

O43 - CFD:Common File Directory ----D- C:\ProgramData\Microsoft Help

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Modèles

O43 - CFD:Common File Directory ----D- C:\ProgramData\Nero

O43 - CFD:Common File Directory ----D- C:\ProgramData\NOS

O43 - CFD:Common File Directory ----D- C:\ProgramData\NtiDvdCopy

O43 - CFD:Common File Directory ----D- C:\ProgramData\NVIDIA

O43 - CFD:Common File Directory ----D- C:\ProgramData\PC Suite

O43 - CFD:Common File Directory ----D- C:\ProgramData\RapidSolution

O43 - CFD:Common File Directory ----D- C:\ProgramData\SiComponents

O43 - CFD:Common File Directory ----D- C:\ProgramData\Spybot - Search & Destroy

O43 - CFD:Common File Directory ----D- C:\ProgramData\Spyware Terminator

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Start Menu

O43 - CFD:Common File Directory ----D- C:\ProgramData\Sun

O43 - CFD:Common File Directory ----D- C:\ProgramData\Temp

O43 - CFD:Common File Directory -SH-D- C:\ProgramData\Templates

O43 - CFD:Common File Directory ----D- C:\ProgramData\Ultima_T15

O43 - CFD:Common File Directory ----D- C:\ProgramData\WEBREG

O43 - CFD:Common File Directory ----D- C:\ProgramData\WindowsSearch

O43 - CFD:Common File Directory ----D- C:\ProgramData\WLInstaller

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ArcSoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DivX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DVDVIDEOSOFT

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Hewlett-Packard

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\HP

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LightScribe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MAGIX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Games

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nikon

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Steam

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.00000000000000000000000000000000] - 29/08/2010 - 11:15:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1860876]

O44 - LFC:[MD5.96FCD0D39185C757BA66A89D144B0730] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1495948]

O44 - LFC:[MD5.ABD7C4D7E75C299683859F32AA1AA702] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [103872]

O44 - LFC:[MD5.E13D61A645B48995AED7B33B63F1212D] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat [126420]

O44 - LFC:[MD5.2E0124CA26280513EF98A4525A2112F3] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [595798]

O44 - LFC:[MD5.B1D976C31501B124123F9416C476652A] - 29/08/2010 - 10:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat [678804]

O44 - LFC:[MD5.7166304C56D7254ED93059FDBFADFB98] - 29/08/2010 - 10:18:48 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.D59CD2EDB678E851203F87907A2DC00A] - 29/08/2010 - 10:18:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\oodbs.lor [517185]

O44 - LFC:[MD5.3BBC89C606AD1D545F18F4483553C0BA] - 27/08/2010 - 15:13:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DPINST.LOG [121122]

O44 - LFC:[MD5.C0DFA45133A61E81A7BB4D84EEB71D2E] - 25/08/2010 - 12:23:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\RUNNABLE.TLB [1308]

O44 - LFC:[MD5.BB864A0B62B7AC010491C06AFDCF7C85] - 25/08/2010 - 12:23:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\shlctxmnu2.tlb [17804]

O44 - LFC:[MD5.DC7A3BC0FC185CD68848DC6F7D7B026B] - 25/08/2010 - 12:23:58 ---A- . (.vbAccelerator - Subclassing and Timer Assistant, modified f.) -- C:\Windows\System32\SSubTmr6.dll [40960]

O44 - LFC:[MD5.4EF7BF165DAB0359D6C17A36A8EC90FC] - 25/08/2010 - 12:23:57 ---A- . (.NCT - NCTAudioCDWriter2 ActiveX DLL.) -- C:\Windows\System32\Waudio.dll [655360]

O44 - LFC:[MD5.941EC87930F0E6F04593909FC85442F6] - 25/08/2010 - 12:23:57 ---A- . (.Online Media Technologies Ltd. - NCTDataCDWriter2.dll.) -- C:\Windows\System32\WDataCD.dll [811008]

O44 - LFC:[MD5.B80E32346C5629400E649AEC348601EF] - 25/08/2010 - 12:23:57 ---A- . (.Online Media Technologies Ltd. - NCTDataDVDWriter2.dll.) -- C:\Windows\System32\WDataDVD.dll [823421]

O44 - LFC:[MD5.FB00273CF7CE639C136853F3FC04B10C] - 25/08/2010 - 12:23:57 ---A- . (.Pas de propriétaire - Gif89 Module.) -- C:\Windows\System32\GIF89.DLL [44544]

O44 - LFC:[MD5.07934C956B971F10B7F73D55239AB976] - 25/08/2010 - 12:23:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ISHF_Ex.tlb [18728]

O44 - LFC:[MD5.D34D1DB92FF97C4E477DC0EC8DE3CF96] - 25/08/2010 - 12:23:56 ---A- . (.NCT Company Ltd. - NCTWMAFile2 ActiveX DLL.) -- C:\Windows\System32\WMAFile.dll [348160]

O44 - LFC:[MD5.1574DD9D409F2DC45CF82C22B99164A4] - 15/08/2010 - 19:43:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\pdfcmnnt.dll [116224]

O44 - LFC:[MD5.8A98241E75F876050610EB60AE598A0C] - 14/08/2010 - 22:59:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FeAnim.ini [497]

O44 - LFC:[MD5.C7B5C1D376542A1E5518A2BA1656D8B5] - 14/08/2010 - 22:59:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FeMakro.ini [571]

O44 - LFC:[MD5.F8854BDCD55ECCF24F077981ADFE6B9A] - 14/08/2010 - 22:59:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\vbrun60.inf [1069]

O44 - LFC:[MD5.A8D88F8F5B7ACD863C92C138B469D445] - 14/08/2010 - 22:53:58 ---A- . (.ELECO Software GmbH - o2c simple object construction module.) -- C:\Windows\System32\o2cAreas.OCX [933888]

O44 - LFC:[MD5.B77E1AFD4A79C9847EE687537E2F0D2E] - 14/08/2010 - 22:53:58 ---A- . (.Eleco plc - O2C 3D objektai.) -- C:\Windows\System32\O2CPlayerAC.OCX [1209512]

O44 - LFC:[MD5.609FCB19EEEE6EB1FF57EC14DDDE0D01] - 14/08/2010 - 22:53:58 ---A- . (.Pas de propriétaire - Infragistics Numeric Control.) -- C:\Windows\System32\PVNum.ocx [163840]

O44 - LFC:[MD5.D5A05EB14FEA2A52A1CE8580B3FF7486] - 14/08/2010 - 22:53:57 ---A- . (.Infragistics, Inc. - ActiveThreed Controls.) -- C:\Windows\System32\IGThreed40.ocx [349840]

O44 - LFC:[MD5.79C7F1AE292CC1C027058FFC856A7996] - 14/08/2010 - 22:53:57 ---A- . (.Infragistics, Inc. - ActiveToolBars Plus Control.) -- C:\Windows\System32\IGToolBars50.ocx [497288]

O44 - LFC:[MD5.CF3003C6C8C1340AA0864FD2BBDC20AD] - 14/08/2010 - 22:53:56 ---A- . (.FlexCell Studio - XLS DLL.) -- C:\Windows\System32\xls.dll [110592]

O44 - LFC:[MD5.49278B08E16800C3E7C59616FD779A45] - 14/08/2010 - 22:53:55 ---A- . (.Infragistics, Inc. - ActiveThreed Controls.) -- C:\Windows\System32\ssa3d30.ocx [349968]

O44 - LFC:[MD5.049E80F4167A1156854A6062A86C1F43] - 14/08/2010 - 22:53:53 ---A- . (.Microsoft - MSFlexGrid.) -- C:\Windows\System32\msflxgrd.ocx [227600]

O44 - LFC:[MD5.D4EF656D9C071154E0DFD6743F44FF3F] - 14/08/2010 - 22:53:53 ---A- . (.Mücke Software GmbH - mbctrl ActiveX Control Module.) -- C:\Windows\System32\Mbctrl.ocx [77312]

O44 - LFC:[MD5.AF18A47087A012C469381B6759AAF6F3] - 14/08/2010 - 22:53:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\iobjsafe.tlb [1764]

O44 - LFC:[MD5.8B1259955295F0610577C25D010891FF] - 14/08/2010 - 22:53:52 ---A- . (.FlexCell Studio - Pas de description.) -- C:\Windows\System32\FlexCell.ocx [1921024]

O44 - LFC:[MD5.87A2ADF125BE51CDD5D8D3843E0F0B7E] - 14/08/2010 - 22:53:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\dao2535.tlb [73184]

O44 - LFC:[MD5.C6C5F8144F37B4A3F24D5040A18CF6F4] - 12/08/2010 - 00:06:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NTIWVEDT.INI [783]

O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 11/08/2010 - 21:07:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\NeroDigital.ini [69]

O44 - LFC:[MD5.EC2DE6B9D5C739C2005CC71FEBA8482B] - 11/08/2010 - 13:08:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\FNTCACHE.DAT [1877936]

O44 - LFC:[MD5.3F337DD54339BEAF26917D3A0A32C1DE] - 11/08/2010 - 12:59:17 ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll [81920]

 

 

---\\ MountPoints2 Shell Key (MPSK) (O51)

O51 - MPSK:{7ec758f3-4061-11de-bb25-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- M:\LaunchU3.exe -a (.not file.)

O51 - MPSK:{86a55ce9-728a-11dd-a09f-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- L:\SETUP.EXE (.not file.)

O51 - MPSK:{9eab1496-17e7-11df-9494-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\launcher.exe (.not file.)

O51 - MPSK:{ec83ee85-a61c-11df-ba6b-001c2557e85b}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\setup.exe (.not file.)

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"vidc.i420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\Windows\System32\i420vfw.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"msacm.voxacm160"="vct3216.acm" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm

O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\Windows\System32\scg726.acm

O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm

O52 - TDSD: \Drivers32\"msacm.ac3acm"="AC3ACM.acm" . (.fccHandler - AC-3 ACM Decompressor.) -- C:\Windows\System32\AC3ACM.acm

O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll

O52 - TDSD: \Drivers32\"vidc.xvid"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll

O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll

O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\LameACM.acm

O52 - TDSD: \Drivers32\"vidc.ffds"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"vct3216.acm"="Voxware Compression Toolkit" . (.Voxware, Inc. - Voxware Audio Compression Manager Driver.) -- C:\Windows\System32\vct3216.acm

O52 - TDSD: \drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm

O52 - TDSD: \drivers.desc\"AC3ACM.acm"="AC-3 ACM Decompressor" . (.fccHandler - AC-3 ACM Decompressor.) -- C:\Windows\System32\AC3ACM.acm

O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll

O52 - TDSD: \drivers.desc\"xvidvfw.dll"="XviD MPEG-4 Video Codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \drivers.desc\"mpg4c32.dll"="MS MPEG-4 v1,2,3 driver 4.1.0.3927" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"LameACM.acm"="Lame ACM MP3 Codec" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\LameACM.acm

O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\DivXUpdate [Key] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O53 - SMSR:HKLM\...\startupreg\NBKeyScan [Key] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O53 - SMSR:HKLM\...\startupreg\OODefragTray [Key] . (.O&O Software GmbH - O&O Defrag TrayIcon (Win32).) -- C:\Windows\system32\oodtray.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys

O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 02/11/2006 - 10:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys

O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 02/11/2006 - 10:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys

O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 02/11/2006 - 10:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys

O58 - SDL:[MD5.90395B64600EBB4552E26E178C94B2E4] - 02/11/2006 - 10:49:20 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys

O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 02/11/2006 - 10:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys

O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 02/11/2006 - 10:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys

O58 - SDL:[MD5.B979979AB8027F7F53FB16EC4229B7DB] - 10/09/1999 - 12:06:00 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\Windows\system32\drivers\Aspi32.sys

O58 - SDL:[MD5.0C0B08847F2F24BAA7BD43D8F2C6C8B0] - 28/06/2010 - 21:32:33 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys

O58 - SDL:[MD5.EFFC39A1EDF04E83A42279D9DAA696A7] - 28/06/2010 - 21:32:56 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys

O58 - SDL:[MD5.F385FFD39165453FDA96736AA3EDFD9D] - 28/06/2010 - 21:33:13 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys

O58 - SDL:[MD5.45ADEA26BF613A54FED64ECDD12E58A7] - 28/06/2010 - 21:37:30 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys

O58 - SDL:[MD5.C4EE975C87176F1900662D2874233C7F] - 28/06/2010 - 21:37:52 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys

O58 - SDL:[MD5.7DB96C2801A78513BDC133C25D07929E] - 11/02/2010 - 08:42:22 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys

O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys

O58 - SDL:[MD5.5BC2E26075304E762FE442C78168B8AB] - 27/02/2008 - 14:27:38 ---A- . (.Guillemot Corporation - Filter Driver for the Hercules Webcams (MJPG).) -- C:\Windows\system32\drivers\camfilt2.sys

O58 - SDL:[MD5.45201046C776FFDAF3FC8A0029C581C8] - 02/11/2006 - 10:49:28 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys

O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys

O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 02/11/2006 - 08:30:54 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G60I32.sys

O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys

O58 - SDL:[MD5.C1CC0C9742B881C42F1CC628E6F9EBD1] - 28/07/2005 - 07:18:40 ---A- . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) -- C:\Windows\system32\drivers\hardlock.sys

O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 02/11/2006 - 10:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys

O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 02/11/2006 - 10:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys

O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys

O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys

O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys

O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 02/11/2006 - 10:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys

O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys

O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 02/11/2006 - 10:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys

O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys

O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys

O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 02/11/2006 - 10:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys

O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys

O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys

O58 - SDL:[MD5.7F1C1F78D709C4A54CBB46EDE7E0B48D] - 10/07/2007 - 14:36:42 ---A- . (.NewTech Infosystems, Inc. - NTI CD-ROM Filter Driver.) -- C:\Windows\system32\drivers\NTIDrvr.sys

O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys

O58 - SDL:[MD5.C8CB6135884CBC2A10225C4C3CEF0F95] - 03/04/2010 - 21:55:32 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 197.45.) -- C:\Windows\system32\drivers\nvlddmkm.sys

O58 - SDL:[MD5.E69E946F80C1C31C53003BFBF50CBB7C] - 02/11/2006 - 10:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys

O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 02/11/2006 - 10:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys

O58 - SDL:[MD5.B2A8C9EAF4FF38CB29DBF06EEFA737D2] - 10/05/2007 - 22:19:26 ---A- . (.O&O Software GmbH - O&O TextMode Driver (Win32).) -- C:\Windows\system32\drivers\oobctm.sys

O58 - SDL:[MD5.81A0921E2A3FDCF840E43AF64BF96EA2] - 10/09/2007 - 07:50:56 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\system32\drivers\PAC7302.SYS

O58 - SDL:[MD5.5AABA5388B4F72B8BF72EA922D1CBD38] - 20/07/2010 - 14:16:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\PnkBstrK.sys

O58 - SDL:[MD5.E801D5CC24E1CF18FA87D24D7074B876] - 25/04/2007 - 15:34:38 ---A- . (.HiTRUST - PSD Filter Driver.) -- C:\Windows\system32\drivers\psdfilter.sys

O58 - SDL:[MD5.14E6FB92F1788982E2BBC81D915B1F02] - 28/05/2010 - 12:04:52 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\system32\drivers\psi_mf.sys

O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 02/11/2006 - 10:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys

O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys

O58 - SDL:[MD5.75334ECEEF6F39EEC569F2F445254EDA] - 22/06/2007 - 10:34:12 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys

O58 - SDL:[MD5.59509AD6CBC28F2C73056268985B3E48] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 Driver.) -- C:\Windows\system32\drivers\s0016bus.sys

O58 - SDL:[MD5.8C4A9024CF84D61D4BC07F06DDF7B2D1] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cm.sys

O58 - SDL:[MD5.8C4A9024CF84D61D4BC07F06DDF7B2D1] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cmnt.sys

O58 - SDL:[MD5.44D115C6BE5DF0F32338DA1032923644] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (WDM class reg.) -- C:\Windows\system32\drivers\s0016cr.sys

O58 - SDL:[MD5.B98C3A6F91F4FBA285AF9606A240C6B4] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s0016mdfl.sys

O58 - SDL:[MD5.8A83426F4FB7B5212825D9DE76368B1A] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s0016mdm.sys

O58 - SDL:[MD5.7A78BBA97FEB5E6D24C49E93A3BF7287] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s0016mgmt.sys

O58 - SDL:[MD5.34EF7B5F611957B73E7219DD5A222AD1] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (NDIS 5 Minipo.) -- C:\Windows\system32\drivers\s0016nd5.sys

O58 - SDL:[MD5.36792935847143E4A3CDA0DC87248487] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s0016obex.sys

O58 - SDL:[MD5.927208754FB27FC3E7A659E77500C5D1] - 16/05/2008 - 11:33:14 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s0016unic.sys

O58 - SDL:[MD5.DA9BB7BCBB5F3D4B4E9B1E767278259D] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016wh.sys

O58 - SDL:[MD5.DA9BB7BCBB5F3D4B4E9B1E767278259D] - 16/05/2008 - 11:33:12 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016whnt.sys

O58 - SDL:[MD5.6C1BEC4E12B4ED714E5F8065F680E9C2] - 05/09/2006 - 18:58:26 ---A- . (.MCCI - Sony Ericsson Device 088 Driver.) -- C:\Windows\system32\drivers\se58bus.sys

O58 - SDL:[MD5.D0CFFF25CCEA4B1F3C12F335F950EC93] - 05/09/2006 - 18:58:22 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\se58wh.sys

O58 - SDL:[MD5.D0CFFF25CCEA4B1F3C12F335F950EC93] - 05/09/2006 - 18:58:22 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\se58whnt.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys

O58 - SDL:[MD5.E5B56569A9F79B70314FEDE6C953641E] - 09/01/2008 - 10:28:34 ---A- . (.Sony Ericsson Mobile Communications - seehcri Driver.) -- C:\Windows\system32\drivers\seehcri.sys

O58 - SDL:[MD5.DF1AF7F5F1EC7800B3AC398ACC06C754] - 24/01/2007 - 10:08:06 ---A- . (.Silicon Integrated Systems Corporation - SiS AGPv3.5 Filter.) -- C:\Windows\system32\drivers\SISAGPX.SYS

O58 - SDL:[MD5.42C5DE6854F32E6FD399AC8F69FD5FA8] - 09/09/2008 - 11:15:26 ---A- . (.Silicon Integrated Systems Corp. - NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device.) -- C:\Windows\system32\drivers\SiSGB6.sys

O58 - SDL:[MD5.4FBD2C53C1E04F8E35C96747984FDE13] - 05/06/2007 - 12:08:56 ---A- . (.Silicon Integrated Systems Corporation - SiS VGA Kernal Mode Vista Driver.) -- C:\Windows\system32\drivers\SISGRKMD.sys

O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 02/11/2006 - 10:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys

O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 02/11/2006 - 10:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys

O58 - SDL:[MD5.00000000000000000000000000000000] - 22/11/2009 - 02:50:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys

O58 - SDL:[MD5.8831252BCF05FCFB5ABD116A22E552D8] - 09/05/2009 - 22:11:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sp_rsdrv2.sys

O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 17/01/2010 - 15:38:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\StarOpen.sys

O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys

O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys

O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys

O58 - SDL:[MD5.63D3F89F4736A6DA5260177E38D5C26B] - 04/11/2008 - 09:37:28 ---A- . (.RapidSolution Software AG - Tunebite High-Speed Dubbing.) -- C:\Windows\system32\drivers\tbhsd.sys

O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys

O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys

O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys

O58 - SDL:[MD5.FD2E3175FCADA350C7AB4521DCA187EC] - 02/11/2006 - 10:49:30 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys

O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 02/11/2006 - 10:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\system32\drivers\vsmraid.sys

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys

O58 - SDL:[MD5.790A4CA68F44BE35967B3DF61F3E4675] - 07/04/2009 - 09:39:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\FsUsbExDisk.Sys

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.)

O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.)

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - Bing

O69 - SBI: SearchScopes [HKCU] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com

O69 - SBI: SearchScopes [HKCU] {4609763A-F40B-49A4-B012-D162E722DE2D} - (Yahoo! Search) - Yahoo! Search - Recherche Web

O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Live Search) - Bing

O69 - SBI: SearchScopes [HKCU] {ACEB429B-458F-4713-A206-F9D2C140FDCB} - (Dealio) - Online Coupon Codes, Discount Coupons, Proflowers Coupon, Coupon & Online Shopping Deals by Dealio

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - Bing

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - Bing

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - Crawler.com

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

Run by Cyril at 29/08/2010 13:43:43

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x861251F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\atapi -> 0x861251f8

Warning: possible MBR rootkit infection !

user & kernel MBR OK

Use "Recovery Console" command "fixmbr" to clear infection !

Use "ZHPFix" command "MBRFix" to clear infection !

 

Message: Certains émulateurs de CD/DVD peuvent hooker le pilote atapi de façon légitime. Voici quelques émulateurs :

Message: Alcohol xx%, CDSpace, Circle Virtual CD, CloneCD, Daemon Tools, Virtual CloneDrive, Virtual CD, VirtualDrive, WinCDEmu,...

 

 

---\\ Recherche des services démarrés par Svchost (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [24576]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [62976]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [247296]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [122880]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [576512]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [438784]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [315392]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\System32\rasmans.dll [262144]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [68608]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [47104]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [288256]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242688]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1929952]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [758784]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247296]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [19968]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [33280]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [111616]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [45056]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [153088]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [57344]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [162304]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [595456]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service de configuration des services Terminal Server.) -- C:\Windows\system32\sessenv.dll [84992]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [81920]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [68096]

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 11/02/2010 733184 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\system32\Ati2evxx.exe

SR - | Auto 28/06/2010 40384 | avast! Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SR - | Demand 28/06/2010 40384 | avast! Mail Scanner (avast! Mail Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SR - | Demand 28/06/2010 40384 | avast! Web Scanner (avast! Web Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SR - | Auto 28/02/2006 229376 | ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 03/07/2007 53248 | eRecovery Service (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

SS - | Demand 30/01/2010 654848 | FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SR - | Auto 07/04/2009 233472 | FsUsbExService (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe

SS - | Auto 15/09/2009 194032 | Google Software Updater (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 04/04/2005 69632 | InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

SR - | Auto 17/01/2007 61440 | LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

SS - | Demand 19/07/2010 259440 | Ma-Config Service (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe

SR - | Auto 08/08/2007 836904 | Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

SS - | Demand 03/08/2007 382248 | NMIndexingService (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

SR - | Auto 03/04/2010 129640 | NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 11/05/2007 1050120 | O&O Defrag (O&O Defrag) . (.O&O Software GmbH.) - C:\Windows\system32\oodag.exe

SR - | Auto 03/08/2009 66872 | PnkBstrA (PnkBstrA) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrA.exe

SR - | Auto 20/07/2010 103736 | PnkBstrB (PnkBstrB) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrB.exe

SR - | Auto 26/01/2009 1153368 | SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

SS - | Demand 07/04/2008 430592 | ServiceLayer (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

SR - | Auto 10/04/2010 488960 | Spyware Terminator Realtime Shield Service (sp_rssrv) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\sp_rsser.exe

SS - | Demand 09/07/2010 395048 | Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe

 

 

 

End of the scan (1129 lines in 19mn 22s)(0)

Florinator Extrem Member

Florinator

Posté(e)
Posté(e) (modifié)

Télécharge Tdsskiller sur ton Bureau

 

  • Décompresse le fichier en faisant un clique droit dessus
  • Double clique dessus
  • Clique sur "StartScan"
  • Si des nuisibles sont trouvés (Malicious Objects), vérifie que l'option "Cure" est selectionné (ou "delete")
  • Si des objects suspects (Suspicious objects) ont été détectés, sur l'écran de demande de confirmation appuie sur "Skip"
  • Clique alors sur le bouton "continu" puis "RebootNow"
  • Copie-colle le rapport qui apparait

 

NB:Le fichier est également présent ici : C:\tdsskiller\report.txt

 

A++

Modifié par Florinator
Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e) (modifié)

Salut, je n'ai pas pu suivre toute ta procédure :chpas:

 

#Clique alors sur le bouton "continu" puis "RebootNow" aprés "continu" il n'y a pas "rebootnow"

 

# Copie-colle le rapport qui apparait et pas d'apparition de rapport

Aprés le scan, j'ai eu ça

© CJoint.com, 2008

 

En cliquant sur "continu", j'ai eu ça

© CJoint.com, 2008

 

Autre Infos, il semble que mon navigateur "Mozilla" reste ouvert, alors que je le ferme, car ccleaner au cours du nettoyage me demande de le fermer ???? (Le nettoyage du cache de Firefox/Mozilla a été ignoré.)

 

 

J'ai cependant un rapport a te donner par le chemin que tu m'as transmis, le voici

A plus tard et merci

________________________________________________________________________________________________________________________

2010/08/29 23:34:42.0441 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42

2010/08/29 23:34:42.0441 ================================================================================

2010/08/29 23:34:42.0442 SystemInfo:

2010/08/29 23:34:42.0442

2010/08/29 23:34:42.0442 OS Version: 6.0.6002 ServicePack: 2.0

2010/08/29 23:34:42.0442 Product type: Workstation

2010/08/29 23:34:42.0442 ComputerName: PC-DE-CYRIL

2010/08/29 23:34:42.0442 UserName: Cyril

2010/08/29 23:34:42.0442 Windows directory: C:\Windows

2010/08/29 23:34:42.0442 System windows directory: C:\Windows

2010/08/29 23:34:42.0442 Processor architecture: Intel x86

2010/08/29 23:34:42.0442 Number of processors: 2

2010/08/29 23:34:42.0442 Page size: 0x1000

2010/08/29 23:34:42.0442 Boot type: Normal boot

2010/08/29 23:34:42.0442 ================================================================================

2010/08/29 23:34:44.0866 Initialize success

2010/08/29 23:34:51.0677 ================================================================================

2010/08/29 23:34:51.0678 Scan started

2010/08/29 23:34:51.0678 Mode: Manual;

2010/08/29 23:34:51.0678 ================================================================================

2010/08/29 23:34:52.0066 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/08/29 23:34:52.0141 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/08/29 23:34:52.0214 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/08/29 23:34:52.0273 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/08/29 23:34:52.0320 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/08/29 23:34:52.0441 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/08/29 23:34:52.0677 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/08/29 23:34:52.0739 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/08/29 23:34:52.0802 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/08/29 23:34:52.0828 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/08/29 23:34:52.0886 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/08/29 23:34:52.0915 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/08/29 23:34:52.0995 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/08/29 23:34:53.0058 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/08/29 23:34:53.0117 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys

2010/08/29 23:34:53.0181 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys

2010/08/29 23:34:53.0223 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys

2010/08/29 23:34:53.0284 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys

2010/08/29 23:34:53.0326 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys

2010/08/29 23:34:53.0363 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys

2010/08/29 23:34:53.0422 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/29 23:34:53.0473 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/08/29 23:34:53.0694 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/08/29 23:34:53.0937 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/08/29 23:34:54.0050 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/29 23:34:54.0120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/29 23:34:54.0171 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/08/29 23:34:54.0314 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/08/29 23:34:54.0364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/08/29 23:34:54.0413 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/29 23:34:54.0463 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/08/29 23:34:54.0523 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/08/29 23:34:54.0597 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys

2010/08/29 23:34:54.0652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/29 23:34:54.0706 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/29 23:34:54.0765 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/08/29 23:34:54.0806 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/08/29 23:34:54.0906 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/08/29 23:34:54.0980 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2010/08/29 23:34:55.0048 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/08/29 23:34:55.0090 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/08/29 23:34:55.0210 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/08/29 23:34:55.0286 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/08/29 23:34:55.0408 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/08/29 23:34:55.0456 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/08/29 23:34:55.0510 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/08/29 23:34:55.0596 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2010/08/29 23:34:55.0720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/08/29 23:34:55.0794 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/29 23:34:55.0921 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/08/29 23:34:56.0007 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/08/29 23:34:56.0092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/08/29 23:34:56.0326 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/08/29 23:34:56.0392 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/08/29 23:34:56.0482 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/29 23:34:56.0542 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/08/29 23:34:56.0580 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/08/29 23:34:56.0639 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/29 23:34:56.0689 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/08/29 23:34:57.0069 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2010/08/29 23:34:57.0194 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/29 23:34:57.0254 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/29 23:34:57.0376 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys

2010/08/29 23:34:57.0460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/08/29 23:34:57.0542 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/29 23:34:57.0593 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/08/29 23:34:57.0654 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/08/29 23:34:57.0758 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/29 23:34:57.0830 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/08/29 23:34:57.0926 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/08/29 23:34:57.0997 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/08/29 23:34:58.0052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/29 23:34:58.0111 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/08/29 23:34:58.0231 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/08/29 23:34:58.0389 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

2010/08/29 23:34:59.0006 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys

2010/08/29 23:34:59.0483 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2010/08/29 23:34:59.0564 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/29 23:34:59.0648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/29 23:34:59.0738 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/29 23:34:59.0816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/29 23:34:59.0856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/08/29 23:34:59.0906 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/08/29 23:34:59.0956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/29 23:35:00.0039 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/08/29 23:35:00.0103 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/08/29 23:35:00.0168 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/29 23:35:00.0220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/29 23:35:00.0291 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/29 23:35:00.0521 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/29 23:35:00.0603 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/29 23:35:00.0651 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/29 23:35:00.0712 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/29 23:35:00.0773 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/08/29 23:35:00.0841 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/08/29 23:35:00.0901 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/08/29 23:35:00.0980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/29 23:35:01.0042 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/29 23:35:01.0104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/29 23:35:01.0169 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/08/29 23:35:01.0217 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/08/29 23:35:01.0295 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/29 23:35:01.0370 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/29 23:35:01.0414 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/08/29 23:35:01.0456 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/29 23:35:01.0484 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/29 23:35:01.0544 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/29 23:35:01.0581 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2010/08/29 23:35:01.0643 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/08/29 23:35:01.0721 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/08/29 23:35:01.0771 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/08/29 23:35:01.0835 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/29 23:35:01.0899 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/29 23:35:01.0943 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/08/29 23:35:01.0996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/08/29 23:35:02.0065 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/29 23:35:02.0108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/08/29 23:35:02.0138 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/08/29 23:35:02.0202 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/29 23:35:02.0269 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/08/29 23:35:02.0322 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/29 23:35:02.0370 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/29 23:35:02.0420 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/29 23:35:02.0476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/08/29 23:35:02.0577 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/29 23:35:02.0653 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/29 23:35:02.0728 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/08/29 23:35:02.0786 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/08/29 23:35:02.0845 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/29 23:35:02.0928 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/08/29 23:35:02.0994 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2010/08/29 23:35:03.0047 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/08/29 23:35:03.0089 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/08/29 23:35:03.0412 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/08/29 23:35:03.0721 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/08/29 23:35:03.0770 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/08/29 23:35:03.0827 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/08/29 23:35:03.0986 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/08/29 23:35:04.0092 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS

2010/08/29 23:35:04.0156 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2010/08/29 23:35:04.0228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/08/29 23:35:04.0269 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2010/08/29 23:35:04.0317 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/08/29 23:35:04.0383 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2010/08/29 23:35:04.0419 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/08/29 23:35:04.0537 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/08/29 23:35:04.0719 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys

2010/08/29 23:35:04.0799 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/29 23:35:04.0839 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/08/29 23:35:04.0904 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/29 23:35:04.0973 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys

2010/08/29 23:35:05.0037 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2010/08/29 23:35:05.0110 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/08/29 23:35:05.0209 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/08/29 23:35:05.0280 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/29 23:35:05.0331 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/29 23:35:05.0396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/29 23:35:05.0446 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/29 23:35:05.0484 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/29 23:35:05.0541 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/29 23:35:05.0590 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/29 23:35:05.0635 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/08/29 23:35:05.0689 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/29 23:35:05.0740 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/08/29 23:35:05.0883 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/29 23:35:05.0927 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

2010/08/29 23:35:05.0990 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

2010/08/29 23:35:06.0028 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

2010/08/29 23:35:06.0098 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

2010/08/29 23:35:06.0154 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

2010/08/29 23:35:06.0195 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

2010/08/29 23:35:06.0233 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

2010/08/29 23:35:06.0283 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/08/29 23:35:06.0428 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys

2010/08/29 23:35:06.0468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/08/29 23:35:06.0531 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2010/08/29 23:35:06.0595 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/29 23:35:06.0653 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2010/08/29 23:35:06.0699 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/08/29 23:35:06.0800 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2010/08/29 23:35:06.0851 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/29 23:35:06.0897 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/29 23:35:06.0938 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/08/29 23:35:07.0018 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys

2010/08/29 23:35:07.0066 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys

2010/08/29 23:35:07.0124 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys

2010/08/29 23:35:07.0167 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/08/29 23:35:07.0213 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/08/29 23:35:07.0285 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/08/29 23:35:07.0544 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/08/29 23:35:07.0650 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/08/29 23:35:07.0651 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/08/29 23:35:07.0659 sptd - detected Locked file (1)

2010/08/29 23:35:07.0750 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys

2010/08/29 23:35:07.0819 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/08/29 23:35:07.0867 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/29 23:35:07.0925 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/29 23:35:08.0045 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/29 23:35:08.0141 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/08/29 23:35:08.0187 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/08/29 23:35:08.0240 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/08/29 23:35:08.0336 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys

2010/08/29 23:35:08.0418 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/08/29 23:35:08.0509 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/29 23:35:08.0631 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/29 23:35:08.0699 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/08/29 23:35:08.0736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/08/29 23:35:08.0799 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/29 23:35:08.0863 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/29 23:35:08.0939 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/29 23:35:08.0999 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/29 23:35:09.0049 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/29 23:35:09.0083 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys

2010/08/29 23:35:09.0146 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/29 23:35:09.0234 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/29 23:35:09.0299 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/08/29 23:35:09.0361 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/08/29 23:35:09.0412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/08/29 23:35:09.0478 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/29 23:35:09.0574 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/08/29 23:35:09.0631 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/29 23:35:09.0671 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/08/29 23:35:09.0730 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/29 23:35:09.0790 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/29 23:35:09.0834 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2010/08/29 23:35:09.0887 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/08/29 23:35:09.0950 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/08/29 23:35:10.0013 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/29 23:35:10.0055 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/29 23:35:10.0124 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/29 23:35:10.0186 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/08/29 23:35:10.0233 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/08/29 23:35:10.0282 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/08/29 23:35:10.0331 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/08/29 23:35:10.0384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/08/29 23:35:10.0429 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/08/29 23:35:10.0482 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/08/29 23:35:10.0547 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/08/29 23:35:10.0672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/08/29 23:35:10.0732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:35:10.0766 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:35:10.0851 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/08/29 23:35:10.0959 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/29 23:35:11.0122 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/29 23:35:11.0216 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/29 23:35:11.0286 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/29 23:35:11.0398 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/29 23:35:11.0539 ================================================================================

2010/08/29 23:35:11.0540 Scan finished

2010/08/29 23:35:11.0540 ================================================================================

2010/08/29 23:35:11.0579 Detected object count: 1

2010/08/29 23:36:03.0796 Locked file(sptd) - User select action: Skip

2010/08/29 23:36:35.0375 ================================================================================

2010/08/29 23:36:35.0375 Scan started

2010/08/29 23:36:35.0375 Mode: Manual;

2010/08/29 23:36:35.0375 ================================================================================

2010/08/29 23:36:35.0695 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/08/29 23:36:35.0756 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/08/29 23:36:35.0818 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/08/29 23:36:35.0868 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/08/29 23:36:35.0915 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/08/29 23:36:36.0011 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/08/29 23:36:36.0064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/08/29 23:36:36.0110 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/08/29 23:36:36.0155 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/08/29 23:36:36.0190 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/08/29 23:36:36.0223 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/08/29 23:36:36.0252 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/08/29 23:36:36.0299 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/08/29 23:36:36.0362 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/08/29 23:36:36.0421 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys

2010/08/29 23:36:36.0468 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys

2010/08/29 23:36:36.0508 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys

2010/08/29 23:36:36.0554 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys

2010/08/29 23:36:36.0589 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys

2010/08/29 23:36:36.0620 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys

2010/08/29 23:36:36.0668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/29 23:36:36.0727 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/08/29 23:36:36.0957 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/08/29 23:36:37.0199 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/08/29 23:36:37.0329 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/29 23:36:37.0373 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/29 23:36:37.0417 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/08/29 23:36:37.0476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/08/29 23:36:37.0526 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/08/29 23:36:37.0575 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/29 23:36:37.0616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/08/29 23:36:37.0660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/08/29 23:36:37.0743 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys

2010/08/29 23:36:37.0788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/29 23:36:37.0844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/29 23:36:37.0902 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/08/29 23:36:37.0952 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/08/29 23:36:38.0010 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/08/29 23:36:38.0034 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2010/08/29 23:36:38.0076 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/08/29 23:36:38.0111 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/08/29 23:36:38.0222 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/08/29 23:36:38.0286 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/08/29 23:36:38.0362 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/08/29 23:36:38.0410 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/08/29 23:36:38.0439 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/08/29 23:36:38.0516 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2010/08/29 23:36:38.0582 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/08/29 23:36:38.0648 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/29 23:36:38.0714 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/08/29 23:36:38.0778 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/08/29 23:36:38.0862 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/08/29 23:36:38.0971 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/08/29 23:36:39.0046 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/08/29 23:36:39.0103 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/29 23:36:39.0167 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/08/29 23:36:39.0217 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/08/29 23:36:39.0276 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/29 23:36:39.0343 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/08/29 23:36:39.0431 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2010/08/29 23:36:39.0515 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/29 23:36:39.0583 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/29 23:36:39.0689 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys

2010/08/29 23:36:39.0763 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/08/29 23:36:39.0854 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/29 23:36:39.0923 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/08/29 23:36:39.0983 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/08/29 23:36:40.0029 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/29 23:36:40.0101 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/08/29 23:36:40.0188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/08/29 23:36:40.0218 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/08/29 23:36:40.0256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/29 23:36:40.0307 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/08/29 23:36:40.0369 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/08/29 23:36:40.0444 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

2010/08/29 23:36:40.0566 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys

2010/08/29 23:36:40.0621 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2010/08/29 23:36:40.0685 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/29 23:36:40.0753 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/29 23:36:40.0851 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/29 23:36:40.0904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/29 23:36:40.0952 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/08/29 23:36:40.0994 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/08/29 23:36:41.0077 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/29 23:36:41.0127 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/08/29 23:36:41.0175 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/08/29 23:36:41.0240 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/29 23:36:41.0283 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/29 23:36:41.0354 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/29 23:36:41.0466 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/29 23:36:41.0533 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/29 23:36:41.0597 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/29 23:36:41.0642 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/29 23:36:41.0703 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/08/29 23:36:41.0771 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/08/29 23:36:41.0848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/08/29 23:36:41.0926 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/29 23:36:41.0964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/29 23:36:42.0001 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/29 23:36:42.0057 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/08/29 23:36:42.0097 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/08/29 23:36:42.0149 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/29 23:36:42.0200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/29 23:36:42.0252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/08/29 23:36:42.0286 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/29 23:36:42.0312 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/29 23:36:42.0349 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/29 23:36:42.0403 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2010/08/29 23:36:42.0456 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/08/29 23:36:42.0559 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/08/29 23:36:42.0600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/08/29 23:36:42.0673 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/29 23:36:42.0704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/29 23:36:42.0773 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/08/29 23:36:42.0835 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/08/29 23:36:42.0903 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/29 23:36:42.0963 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/08/29 23:36:43.0018 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/08/29 23:36:43.0074 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/29 23:36:43.0141 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/08/29 23:36:43.0211 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/29 23:36:43.0259 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/29 23:36:43.0292 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/29 23:36:43.0357 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/08/29 23:36:43.0441 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/29 23:36:43.0483 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/29 23:36:43.0708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/08/29 23:36:43.0808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/08/29 23:36:43.0858 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/29 23:36:43.0942 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/08/29 23:36:43.0974 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2010/08/29 23:36:44.0010 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/08/29 23:36:44.0052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/08/29 23:36:44.0384 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/08/29 23:36:44.0660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/08/29 23:36:44.0725 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/08/29 23:36:44.0790 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/08/29 23:36:44.0966 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/08/29 23:36:45.0114 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS

2010/08/29 23:36:45.0211 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2010/08/29 23:36:45.0258 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/08/29 23:36:45.0307 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2010/08/29 23:36:45.0363 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/08/29 23:36:45.0463 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2010/08/29 23:36:45.0540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/08/29 23:36:45.0593 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/08/29 23:36:45.0732 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys

2010/08/29 23:36:45.0812 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/29 23:36:45.0877 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/08/29 23:36:45.0950 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/29 23:36:46.0002 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys

2010/08/29 23:36:46.0059 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2010/08/29 23:36:46.0132 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/08/29 23:36:46.0205 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/08/29 23:36:46.0268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/29 23:36:46.0320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/29 23:36:46.0384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/29 23:36:46.0426 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/29 23:36:46.0461 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/29 23:36:46.0529 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/29 23:36:46.0578 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/29 23:36:46.0640 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/08/29 23:36:46.0685 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/29 23:36:46.0736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/08/29 23:36:46.0813 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/29 23:36:46.0848 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

2010/08/29 23:36:46.0887 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

2010/08/29 23:36:46.0933 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

2010/08/29 23:36:46.0986 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

2010/08/29 23:36:47.0034 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

2010/08/29 23:36:47.0083 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

2010/08/29 23:36:47.0129 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

2010/08/29 23:36:47.0205 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/08/29 23:36:47.0316 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys

2010/08/29 23:36:47.0356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/08/29 23:36:47.0419 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2010/08/29 23:36:47.0483 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/29 23:36:47.0533 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2010/08/29 23:36:47.0588 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/08/29 23:36:47.0672 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2010/08/29 23:36:47.0723 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/29 23:36:47.0768 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/29 23:36:47.0818 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/08/29 23:36:47.0888 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys

2010/08/29 23:36:47.0937 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys

2010/08/29 23:36:47.0996 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys

2010/08/29 23:36:48.0047 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/08/29 23:36:48.0093 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/08/29 23:36:48.0174 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/08/29 23:36:48.0274 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/08/29 23:36:48.0346 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/08/29 23:36:48.0346 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/08/29 23:36:48.0355 sptd - detected Locked file (1)

2010/08/29 23:36:48.0413 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys

2010/08/29 23:36:48.0465 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/08/29 23:36:48.0538 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/29 23:36:48.0605 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/29 23:36:48.0691 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/29 23:36:48.0746 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/08/29 23:36:48.0792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/08/29 23:36:48.0837 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/08/29 23:36:48.0933 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys

2010/08/29 23:36:49.0057 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/08/29 23:36:49.0123 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/29 23:36:49.0186 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/29 23:36:49.0229 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/08/29 23:36:49.0300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/08/29 23:36:49.0379 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/29 23:36:49.0418 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/29 23:36:49.0553 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/29 23:36:49.0629 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/29 23:36:49.0680 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/29 23:36:49.0730 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys

2010/08/29 23:36:49.0792 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/29 23:36:49.0872 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/29 23:36:49.0930 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/08/29 23:36:49.0983 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/08/29 23:36:50.0034 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/08/29 23:36:50.0108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/29 23:36:50.0187 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/08/29 23:36:50.0228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/29 23:36:50.0277 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/08/29 23:36:50.0552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/29 23:36:50.0645 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/29 23:36:50.0697 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2010/08/29 23:36:50.0775 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/08/29 23:36:50.0830 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/08/29 23:36:50.0884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/29 23:36:50.0969 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/29 23:36:51.0021 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/29 23:36:51.0099 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/08/29 23:36:51.0146 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/08/29 23:36:51.0195 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/08/29 23:36:51.0252 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/08/29 23:36:51.0297 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/08/29 23:36:51.0343 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/08/29 23:36:51.0378 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/08/29 23:36:51.0425 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/08/29 23:36:51.0502 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/08/29 23:36:51.0571 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:36:51.0589 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:36:51.0656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/08/29 23:36:51.0730 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/29 23:36:51.0877 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/29 23:36:52.0004 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/29 23:36:52.0066 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/29 23:36:52.0153 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/29 23:36:52.0270 ================================================================================

2010/08/29 23:36:52.0270 Scan finished

2010/08/29 23:36:52.0270 ================================================================================

2010/08/29 23:36:52.0288 Detected object count: 1

2010/08/29 23:37:58.0369 Locked file(sptd) - User select action: Skip

2010/08/29 23:38:41.0518 ================================================================================

2010/08/29 23:38:41.0518 Scan started

2010/08/29 23:38:41.0518 Mode: Manual;

2010/08/29 23:38:41.0518 ================================================================================

2010/08/29 23:38:41.0828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/08/29 23:38:41.0890 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/08/29 23:38:41.0950 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/08/29 23:38:42.0001 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/08/29 23:38:42.0048 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/08/29 23:38:42.0138 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/08/29 23:38:42.0214 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/08/29 23:38:42.0268 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/08/29 23:38:42.0314 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/08/29 23:38:42.0357 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/08/29 23:38:42.0406 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/08/29 23:38:42.0452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/08/29 23:38:42.0540 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/08/29 23:38:42.0595 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/08/29 23:38:42.0654 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys

2010/08/29 23:38:42.0935 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys

2010/08/29 23:38:43.0007 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys

2010/08/29 23:38:43.0062 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys

2010/08/29 23:38:43.0096 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys

2010/08/29 23:38:43.0117 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys

2010/08/29 23:38:43.0176 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/29 23:38:43.0226 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/08/29 23:38:43.0429 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/08/29 23:38:43.0590 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/08/29 23:38:43.0695 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/29 23:38:43.0748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/29 23:38:43.0791 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/08/29 23:38:43.0842 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/08/29 23:38:43.0893 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/08/29 23:38:43.0942 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/29 23:38:44.0024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/08/29 23:38:44.0068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/08/29 23:38:44.0134 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\Windows\system32\DRIVERS\camfilt2.sys

2010/08/29 23:38:44.0188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/29 23:38:44.0235 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/29 23:38:44.0277 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/08/29 23:38:44.0318 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/08/29 23:38:44.0426 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/08/29 23:38:44.0467 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2010/08/29 23:38:44.0509 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/08/29 23:38:44.0560 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/08/29 23:38:44.0647 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/08/29 23:38:44.0712 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/08/29 23:38:44.0789 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/08/29 23:38:44.0868 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/08/29 23:38:44.0914 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/08/29 23:38:44.0991 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2010/08/29 23:38:45.0082 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/08/29 23:38:45.0148 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/29 23:38:45.0289 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/08/29 23:38:45.0377 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/08/29 23:38:45.0470 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/08/29 23:38:45.0579 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/08/29 23:38:45.0637 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/08/29 23:38:45.0711 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/29 23:38:45.0771 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/08/29 23:38:45.0817 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/08/29 23:38:45.0884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/29 23:38:45.0951 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/08/29 23:38:46.0039 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2010/08/29 23:38:46.0124 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/29 23:38:46.0166 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/29 23:38:46.0247 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys

2010/08/29 23:38:46.0306 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/08/29 23:38:46.0379 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/29 23:38:46.0422 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/08/29 23:38:46.0466 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/08/29 23:38:46.0520 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/29 23:38:46.0576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/08/29 23:38:46.0647 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/08/29 23:38:46.0709 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/08/29 23:38:46.0814 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/29 23:38:46.0865 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/08/29 23:38:46.0935 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/08/29 23:38:47.0027 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

2010/08/29 23:38:47.0174 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys

2010/08/29 23:38:47.0246 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2010/08/29 23:38:47.0318 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/29 23:38:47.0386 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/29 23:38:47.0509 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/29 23:38:47.0562 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/29 23:38:47.0610 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/08/29 23:38:47.0677 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/08/29 23:38:47.0744 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/29 23:38:47.0794 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/08/29 23:38:47.0850 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/08/29 23:38:47.0922 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/29 23:38:47.0991 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/29 23:38:48.0063 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/29 23:38:48.0148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/29 23:38:48.0224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/29 23:38:48.0289 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/29 23:38:48.0333 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/29 23:38:48.0394 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/08/29 23:38:48.0454 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/08/29 23:38:48.0522 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/08/29 23:38:48.0576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/29 23:38:48.0621 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/29 23:38:48.0684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/29 23:38:48.0724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/08/29 23:38:48.0755 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/08/29 23:38:48.0799 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/29 23:38:48.0883 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/29 23:38:48.0943 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/08/29 23:38:48.0994 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/29 23:38:49.0024 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/29 23:38:49.0081 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/29 23:38:49.0119 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2010/08/29 23:38:49.0172 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/08/29 23:38:49.0267 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/08/29 23:38:49.0300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/08/29 23:38:49.0414 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/29 23:38:49.0461 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/29 23:38:49.0514 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/08/29 23:38:49.0584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/08/29 23:38:49.0686 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/29 23:38:49.0738 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/08/29 23:38:49.0784 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/08/29 23:38:49.0840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/29 23:38:49.0890 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/08/29 23:38:49.0969 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/29 23:38:50.0017 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/29 23:38:50.0066 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/29 23:38:50.0131 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/08/29 23:38:50.0207 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/29 23:38:50.0266 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/29 23:38:50.0374 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/08/29 23:38:50.0424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/08/29 23:38:50.0516 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/29 23:38:50.0593 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/08/29 23:38:50.0632 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2010/08/29 23:38:50.0668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/08/29 23:38:50.0710 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/08/29 23:38:51.0007 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/08/29 23:38:51.0251 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/08/29 23:38:51.0358 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/08/29 23:38:51.0398 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/08/29 23:38:51.0557 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/08/29 23:38:51.0655 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS

2010/08/29 23:38:51.0690 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2010/08/29 23:38:51.0741 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/08/29 23:38:51.0774 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2010/08/29 23:38:51.0825 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/08/29 23:38:51.0863 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2010/08/29 23:38:51.0923 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/08/29 23:38:51.0990 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/08/29 23:38:52.0115 PnkBstrK (5aaba5388b4f72b8bf72ea922d1cbd38) C:\Windows\system32\drivers\PnkBstrK.sys

2010/08/29 23:38:52.0187 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/29 23:38:52.0219 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/08/29 23:38:52.0284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/29 23:38:52.0352 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\Windows\system32\DRIVERS\psi_mf.sys

2010/08/29 23:38:52.0558 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2010/08/29 23:38:52.0639 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/08/29 23:38:52.0697 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/08/29 23:38:52.0751 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/29 23:38:52.0836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/29 23:38:52.0884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/29 23:38:52.0943 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/29 23:38:52.0977 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/29 23:38:53.0120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/29 23:38:53.0236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/29 23:38:53.0306 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/08/29 23:38:53.0368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/29 23:38:53.0453 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/08/29 23:38:53.0554 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/29 23:38:53.0615 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

2010/08/29 23:38:53.0653 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

2010/08/29 23:38:53.0708 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

2010/08/29 23:38:53.0777 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

2010/08/29 23:38:53.0825 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

2010/08/29 23:38:53.0874 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

2010/08/29 23:38:53.0920 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

2010/08/29 23:38:53.0980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/08/29 23:38:54.0082 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\Windows\system32\DRIVERS\se58bus.sys

2010/08/29 23:38:54.0122 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/08/29 23:38:54.0193 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2010/08/29 23:38:54.0258 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/29 23:38:54.0299 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2010/08/29 23:38:54.0346 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/08/29 23:38:54.0579 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2010/08/29 23:38:54.0614 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/29 23:38:54.0651 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/29 23:38:54.0701 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/08/29 23:38:54.0755 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys

2010/08/29 23:38:54.0793 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys

2010/08/29 23:38:54.0845 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys

2010/08/29 23:38:54.0880 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/08/29 23:38:54.0968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/08/29 23:38:55.0039 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/08/29 23:38:55.0165 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/08/29 23:38:55.0238 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/08/29 23:38:55.0238 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/08/29 23:38:55.0247 sptd - detected Locked file (1)

2010/08/29 23:38:55.0296 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys

2010/08/29 23:38:55.0372 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/08/29 23:38:55.0428 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/29 23:38:55.0488 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/29 23:38:55.0591 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/29 23:38:55.0662 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/08/29 23:38:55.0708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/08/29 23:38:55.0745 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/08/29 23:38:55.0824 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys

2010/08/29 23:38:55.0939 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/08/29 23:38:55.0997 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/29 23:38:56.0052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/29 23:38:56.0095 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/08/29 23:38:56.0157 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/08/29 23:38:56.0229 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/29 23:38:56.0267 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/29 23:38:56.0352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/29 23:38:56.0404 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/29 23:38:56.0454 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/29 23:38:56.0496 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys

2010/08/29 23:38:56.0542 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/29 23:38:56.0638 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/29 23:38:56.0680 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/08/29 23:38:56.0716 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/08/29 23:38:56.0750 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/08/29 23:38:56.0808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/29 23:38:56.0920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/08/29 23:38:56.0969 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/29 23:38:57.0018 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/08/29 23:38:57.0068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/29 23:38:57.0128 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/29 23:38:57.0180 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2010/08/29 23:38:57.0233 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/08/29 23:38:57.0288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/08/29 23:38:57.0342 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/29 23:38:57.0393 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/29 23:38:57.0462 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/29 23:38:57.0516 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/08/29 23:38:57.0562 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/08/29 23:38:57.0620 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/08/29 23:38:57.0652 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/08/29 23:38:57.0689 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/08/29 23:38:57.0735 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/08/29 23:38:57.0778 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/08/29 23:38:57.0841 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/08/29 23:38:57.0902 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/08/29 23:38:57.0945 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:38:57.0970 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/29 23:38:58.0030 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/08/29 23:38:58.0080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/29 23:38:58.0226 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/29 23:38:58.0329 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/29 23:38:58.0382 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/29 23:38:58.0503 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/29 23:38:58.0603 ================================================================================

2010/08/29 23:38:58.0604 Scan finished

2010/08/29 23:38:58.0604 ================================================================================

2010/08/29 23:38:58.0624 Detected object count: 1

2010/08/29 23:40:10.0219 Locked file(sptd) - User select action: Skip

Modifié par Captainigloo
Florinator Extrem Member

Florinator

Posté(e)
Posté(e) (modifié)

Bonjour :)

 

C'est ok, il n'a rien trouvé.

On va continuer à le chercher:

 

Attention:Combofix est un outil que vous ne devez utiliser seulement si une personne formée à l'outil vous demande de le passer.

 

Nous allons utiliser un outil puissant, rends sur cette page web pour éxécuter l'outil dans les meilleures recommandations:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 

Penses à bien vérifier que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

 

Poste moi le rapport C:\ComboFix.txt

 

A++

Modifié par Florinator
Captainigloo Member

Captainigloo

Posté(e)
  • Auteur
Posté(e)

:) Bonjour,

 

Bien, un peu complexe le fonctionnement, stressant en tout cas.

Je ne sais pas si j'ai bien suivi les recommandations, mon PC a redémarré, avec la fenêtre détection de nouveau matériel.

Et j'ai eu du mal a me connecter sur le forum. En cliquant sur connexion j'obtenais une page avec des hiéroglyphe ???

 

Enfin bref, voici le log de combofix

______________________________________________________________________________________________________________________________

ComboFix 10-08-29.04 - Cyril 30/08/2010 19:02:37.1.2 - x86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1888 [GMT 2:00]

Lancé depuis: c:\users\Cyril\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1229 [VPS 081119-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1229 [VPS 081119-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\hpe605C.dll

c:\users\Cyril\saeji.exe

c:\users\Cyril\usmon.exe

c:\windows\system32\%appdata%

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\scrrnfr.dll

c:\windows\system32\SrchSTS.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-28 au 2010-08-30 ))))))))))))))))))))))))))))))))))))

.

 

2010-08-30 17:10 . 2010-08-30 17:12 -------- d-----w- c:\users\Cyril\AppData\Local\temp

2010-08-30 17:10 . 2010-08-30 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-29 11:24 . 2010-08-29 11:43 -------- d-----w- c:\program files\ZHPDiag

2010-08-27 19:02 . 2010-08-27 19:07 -------- d-----w- C:\HiJackThis

2010-08-26 20:31 . 2010-08-23 16:33 110592 ----a-w- c:\users\Cyril\immom.exe

2010-08-26 10:35 . 2010-08-26 10:35 -------- d-----w- C:\OutputFolder

2010-08-25 17:51 . 2010-08-25 17:53 -------- d-----w- c:\users\Cyril\AppData\Roaming\Broad Intelligence

2010-08-25 17:51 . 2010-08-25 17:53 -------- d-----w- c:\program files\MediaCoder iPod Edition

2010-08-25 12:25 . 2010-08-25 15:05 -------- d-----w- c:\program files\AVS4YOU

2010-08-25 11:50 . 2010-08-25 11:50 -------- d-----w- c:\users\Cyril\AppData\Roaming\Apowersoft

2010-08-25 11:50 . 2010-08-25 12:02 -------- d-----w- c:\program files\Apowersoft

2010-08-25 11:23 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2010-08-25 11:23 . 2005-03-04 08:25 823421 ----a-w- c:\windows\system32\WDataDVD.dll

2010-08-25 11:23 . 2005-03-04 08:25 811008 ----a-w- c:\windows\system32\WDataCD.dll

2010-08-25 11:23 . 2005-02-22 13:21 655360 ----a-w- c:\windows\system32\Waudio.dll

2010-08-25 11:23 . 1998-07-13 15:53 44544 ----a-w- c:\windows\system32\GIF89.DLL

2010-08-25 11:23 . 1998-07-12 18:00 28672 ----a-w- c:\windows\system32\CMCT3FR.DLL

2010-08-25 11:23 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll

2010-08-15 18:43 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-08-15 18:43 . 2010-08-15 18:44 -------- d-----w- c:\program files\PDFCreator

2010-08-15 18:43 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-08-14 22:02 . 2010-08-14 22:02 -------- d-----w- c:\users\Cyril\AppData\Roaming\EASYTools

2010-08-14 21:59 . 2002-11-27 11:12 4608 ----a-w- c:\windows\system32\W95INF32.DLL

2010-08-14 21:59 . 2002-11-27 11:12 2272 ----a-w- c:\windows\system32\W95INF16.DLL

2010-08-11 11:59 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-08-11 11:59 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 11:59 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 11:59 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 11:56 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-11 07:34 . 2010-08-12 22:55 -------- d-----w- c:\users\Cyril\AppData\Roaming\Media Player Classic

2010-08-11 06:50 . 2010-08-11 06:50 -------- d-----w- c:\program files\Combined Community Codec Pack

2010-08-10 20:23 . 2010-08-10 21:58 -------- d-----w- c:\users\Cyril\AppData\Roaming\DeepBurner

2010-08-10 07:50 . 2010-08-17 12:15 -------- d-----w- c:\program files\PowerCheck

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 17:06 . 2006-11-02 15:48 678804 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-30 17:06 . 2006-11-02 15:48 126420 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-30 10:38 . 2009-12-08 14:00 1 ----a-w- c:\users\Cyril\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-08-30 10:15 . 2009-05-09 21:11 -------- d-----w- c:\programdata\Spyware Terminator

2010-08-29 22:56 . 2008-09-25 20:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-08-29 22:44 . 2008-07-17 12:14 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-08-28 23:22 . 2009-05-09 21:11 -------- d-----w- c:\program files\Spyware Terminator

2010-08-28 06:26 . 2009-05-09 21:11 -------- d-----w- c:\users\Cyril\AppData\Roaming\Spyware Terminator

2010-08-25 15:03 . 2009-12-20 17:10 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-08-25 12:27 . 2009-12-20 17:11 -------- d-----w- c:\users\Cyril\AppData\Roaming\AVS4YOU

2010-08-25 10:17 . 2009-10-22 17:56 -------- d-----w- c:\users\Cyril\AppData\Roaming\XnView

2010-08-22 20:54 . 2009-09-06 08:02 -------- d-----w- c:\users\Cyril\AppData\Roaming\FileZilla

2010-08-21 21:21 . 2010-04-22 15:37 -------- d-----w- c:\program files\FairUse Wizard 2

2010-08-21 13:13 . 2008-10-11 08:32 -------- d-----w- c:\users\Cyril\AppData\Roaming\dvdcss

2010-08-18 20:05 . 2010-07-23 22:28 -------- d-----w- c:\users\Cyril\AppData\Roaming\vlc

2010-08-17 10:13 . 2010-05-09 08:46 -------- d-----w- c:\program files\FileZilla FTP Client

2010-08-15 10:08 . 2010-05-08 08:43 -------- d-----w- c:\program files\ERUNT

2010-08-14 21:53 . 2010-08-14 21:53 -------- d-----w- c:\program files\Micro Application

2010-08-14 21:53 . 2007-07-10 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-11 12:01 . 2007-07-10 13:14 -------- d-----w- c:\programdata\Microsoft Help

2010-08-11 12:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-07-31 11:12 . 2008-07-17 09:54 156352 ----a-w- c:\users\Cyril\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-31 09:54 . 2009-12-08 13:57 -------- d-----w- c:\program files\OpenOffice.org 3

2010-07-20 13:16 . 2009-06-06 19:31 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-20 13:16 . 2009-06-06 19:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-07-20 13:10 . 2010-07-20 13:10 0 ----a-w- c:\windows\ativpsrm.bin

2010-07-20 13:09 . 2010-07-20 13:09 -------- d-----w- c:\users\Cyril\AppData\Roaming\ATI

2010-07-20 13:09 . 2010-07-20 13:09 -------- d-----w- c:\programdata\ATI

2010-07-20 13:08 . 2010-07-20 13:04 -------- d-----w- c:\program files\ATI Technologies

2010-07-20 13:04 . 2010-07-20 13:04 10134 ----a-r- c:\users\Cyril\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe

2010-07-20 13:04 . 2010-07-20 13:04 -------- d-----w- c:\program files\ATI

2010-07-20 12:40 . 2008-07-19 19:56 -------- d-----w- c:\programdata\ma-config.com

2010-07-20 12:40 . 2008-07-19 19:56 -------- d-----w- c:\program files\ma-config.com

2010-07-20 12:38 . 2010-03-22 00:27 1356 ----a-w- c:\users\Cyril\AppData\Local\d3d9caps.dat

2010-07-16 21:50 . 2010-04-22 00:37 34901 ----a-w- c:\programdata\nvModes.dat

2010-07-09 18:56 . 2010-07-09 18:56 -------- d-----w- c:\program files\Common Files\Steam

2010-07-09 18:05 . 2010-07-09 18:05 -------- d-----w- c:\program files\Valve

2010-06-28 20:57 . 2010-07-09 16:59 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2008-07-17 21:52 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2009-05-09 20:24 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2009-05-09 20:24 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2009-05-09 20:24 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2008-07-17 21:52 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2009-05-09 20:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-26 06:02 . 2010-08-11 11:58 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-11 11:58 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-11 11:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-11 11:58 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-11 11:58 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-18 15:04 . 2010-08-11 11:58 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 15:04 . 2010-08-11 11:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-11 16:16 . 2010-08-11 11:58 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-11 16:15 . 2010-08-11 11:58 1248768 ----a-w- c:\windows\system32\msxml3.dll

2007-12-10 19:24 . 2007-12-10 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-26 3037696]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"Steam"="c:\program files\Valve\Steam\Steam.exe" [2010-08-24 1242448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-10 2176512]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336]

PowerCheck.lnk - c:\program files\PowerCheck\PowerCheck.exe [2003-6-20 979456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-08-08 07:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2007-05-11 00:08 2512392 ----a-w- c:\windows\System32\oodtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-06-20 08:56 4493312 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):9a,5e,93,12,df,4c,ca,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684771895-3763166589-4040009352-1000]

"EnableNotificationsRef"=dword:00000006

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-07-19 259440]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-22 691696]

S1 aswSP;aswSP; [x]

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-05-09 142592]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - FSUSBEXDISK

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]

2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contenu du dossier 'Tâches planifiées'

 

2010-08-30 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 14:01]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://fr.fr.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {C2B218E3-51B5-434A-8775-34E10D41BD45} = 208.67.222.222,212.27.53.252

FF - ProfilePath - c:\users\Cyril\AppData\Roaming\Mozilla\Firefox\Profiles\e3r8f633.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)

HKLM-Run-NPSStartup - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-30 19:11

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,83,50,b6,c1,5c,86,45,90,07,58,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,83,50,b6,c1,5c,86,45,90,07,58,\

 

[HKEY_USERS\.Default\Software\RapidSolution\RSconfig]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\*& à**H* à** *z*à**ø*o*à**e*p*o*s*i*t*i*o*n*\resvars]

"HLISTOFFSET"="284.000000"

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SocialNews]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SoundEvents]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\1776247538\SoundEvents\MSNMSGR_NewAlert]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:cf,46,74,95,5f,38,16,3d,b8,b3,bc,5c,db,e6,59,c0,81,1b,c0,45,57,ae,d5,

55,d5,47,7e,75,a6,18,57,d9,4a,e5,03,a0,82,4f,75,c6,f2,0d,72,ea,14,df,92,e5,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_USERS\S-1-5-21-2684771895-3763166589-4040009352-1000\Software\W3i, LLC\Playalot Games]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]

@DACL=(02 0000)

"CL1FCS"="2"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT &F<cr>"

"3"="AT V1E0S0=0&D2&C1<cr>"

"4"="AT +CMEE=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]

@DACL=(02 0000)

"Compression_Off"="+DS=0;+DR=0;"

"Compression_On"="+DS=3,0,2048,32;+DR=1;"

"CompatibilityFlags"=hex:01,00,00,00

"CallSetupFailTimer"="S7=<#>;"

"DialPrefix"="D"

"DialSuffix"=";"

"Prefix"="AT"

"Terminator"="<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]

@DACL=(02 0000)

"CL1FCS"="2"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT &F<cr>"

"3"="AT V1E0S0=0&D2&C1<cr>"

"4"="AT +CMEE=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]

@DACL=(02 0000)

"Compression_Off"="+DS=0;+DR=0;"

"Compression_On"="+DS=3,0,2048,32;+DR=1;"

"CompatibilityFlags"=hex:01,00,00,00

"CallSetupFailTimer"="S7=<#>;"

"DialPrefix"="D"

"DialSuffix"=";"

"Prefix"="AT"

"Terminator"="<cr>"

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\conime.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\oodag.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Heure de fin: 2010-08-30 19:26:36 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-08-30 17:26

 

Avant-CF: 68 554 207 232 octets libres

Après-CF: 68 364 525 568 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 7CE3CB1BFA69AC6B7754670B727E3377

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)
Bien, un peu complexe le fonctionnement, stressant en tout cas

L'outil est à utiliser avec précaution.

 

 

Ok,mets à jour Mbam et rescan la machine stp.

Poste moi ensuite le rapport.

 

Pour le périphérique on verra à la fin.

 

A++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...