Internet ralentit
Dernière réponse : dans Sécurité
Depuis quelque temps j'ressens quelques lags sur certains jeux et sur internet c'est assez ralenti :
Est ce un virus ?
Voici un rapport d'Avira :
Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 28 août 2009 12:06
La recherche porte sur 1667148 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : MUGIWARA
Informations de version :
BUILD.DAT : 9.0.0.67 17958 Bytes 04/08/2009 14:47:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 18/08/2009 18:32:55
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:22:48
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 18:18:23
ANTIVIR3.VDF : 7.1.5.174 215552 Bytes 27/08/2009 18:11:42
Version du moteur : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 18/07/2009 18:22:48
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26/08/2009 18:11:39
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:11:00
AERDL.DLL : 8.1.2.4 430452 Bytes 18/07/2009 18:22:48
AEPACK.DLL : 8.1.3.18 401783 Bytes 18/07/2009 18:22:48
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/07/2009 18:22:48
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18/08/2009 18:32:55
AEHELP.DLL : 8.1.6.0 233846 Bytes 18/08/2009 18:32:55
AEGEN.DLL : 8.1.1.59 356725 Bytes 26/08/2009 18:11:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:10:59
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 18/07/2009 18:22:47
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: h:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: H:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,
Début de la recherche : vendredi 28 août 2009 12:06
La recherche d'objets cachés commence.
'39491' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Steam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtWLan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DAP.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'UAService7.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DkService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'34' processus ont été contrôlés avec '34' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'H:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'H:\'
H:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
H:\Documents and Settings\Propriétaire\Mes documents\Jeux\rld-waor\OROCHI1.cab
[0] Type d'archive: CAB (Microsoft)
--> linkdata_ens.lnk
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
H:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Fin de la recherche : vendredi 28 août 2009 15:26
Temps nécessaire: 3:19:33 Heure(s)
La recherche a été effectuée intégralement
9199 Les répertoires ont été contrôlés
380703 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
380701 Fichiers non infectés
6162 Les archives ont été contrôlées
4 Avertissements
1 Consignes
39491 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
Est ce un virus ?
Voici un rapport d'Avira :
Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 28 août 2009 12:06
La recherche porte sur 1667148 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : MUGIWARA
Informations de version :
BUILD.DAT : 9.0.0.67 17958 Bytes 04/08/2009 14:47:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 18/08/2009 18:32:55
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:22:48
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 18:18:23
ANTIVIR3.VDF : 7.1.5.174 215552 Bytes 27/08/2009 18:11:42
Version du moteur : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 18/07/2009 18:22:48
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26/08/2009 18:11:39
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:11:00
AERDL.DLL : 8.1.2.4 430452 Bytes 18/07/2009 18:22:48
AEPACK.DLL : 8.1.3.18 401783 Bytes 18/07/2009 18:22:48
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/07/2009 18:22:48
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18/08/2009 18:32:55
AEHELP.DLL : 8.1.6.0 233846 Bytes 18/08/2009 18:32:55
AEGEN.DLL : 8.1.1.59 356725 Bytes 26/08/2009 18:11:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:10:59
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 18/07/2009 18:22:47
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: h:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: H:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,
Début de la recherche : vendredi 28 août 2009 12:06
La recherche d'objets cachés commence.
'39491' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Steam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtWLan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DAP.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'UAService7.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DkService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'34' processus ont été contrôlés avec '34' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'H:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'H:\'
H:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
H:\Documents and Settings\Propriétaire\Mes documents\Jeux\rld-waor\OROCHI1.cab
[0] Type d'archive: CAB (Microsoft)
--> linkdata_ens.lnk
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
H:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Fin de la recherche : vendredi 28 août 2009 15:26
Temps nécessaire: 3:19:33 Heure(s)
La recherche a été effectuée intégralement
9199 Les répertoires ont été contrôlés
380703 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
380701 Fichiers non infectés
6162 Les archives ont été contrôlées
4 Avertissements
1 Consignes
39491 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
Autres pages sur : internet ralentit
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Le log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-08-28 16:22:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive H: has 126 GB (53%) free of 238 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:36, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
H:\jre\bin\jqs.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\UAService7.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAP\DAP.EXE
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Steam\Steam.exe
H:\jre\bin\javaw.exe
H:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe
H:\Program Files\Steam\GameOverlayUI.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Documents and Settings\Propriétaire\Bureau\RSIT_1.exe
H:\Program Files\Trend Micro\HijackThis\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\jre\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TweakDUN] H:\Program Files\TweakDUN\tweakdun.exe splash
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "H:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: &Clean Traces - H:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - H:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - H:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\jre\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - H:\WINDOWS\system32\UAService7.exe
--
End of file - 6343 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\jre\bin\jp2ssv.dll [2009-05-13 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=H:\WINDOWS\RaidTool\xInsIDE.exe [2009-04-05 36864]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TweakDUN"=H:\Program Files\TweakDUN\tweakdun.exe [2001-09-19 720896]
"avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DownloadAccelerator"=H:\Program Files\DAP\DAP.EXE [2009-07-22 2754048]
"SpybotSD TeaTimer"=H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
H:\WINDOWS\system32\xRaidSetup.exe [2009-04-05 1970176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
H:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
H:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
H:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^20dollars2surf.lnk]
H:\PROGRA~1\20Dollars2Surf\20dollars2surf.exe [2009-04-28 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Kyuubi-Barre.lnk]
H:\DOCUME~1\PROPRI~1\APPLIC~1\KyuubiBarre\PF\KyuubiBarre.exe [2009-01-04 61952]
H:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
ASUS WiFi-AP Solo.lnk - H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2009-07-02 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"H:\Program Files\Steam\Steam.exe"="H:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe"="H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe:*:Enabled:left4dead"
"H:\Program Files\Garena\Garena.exe"="H:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"H:\Program Files\Saints Row 2\SR2_pc.exe"="H:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
"H:\UT2003\System\UT2003.exe"="H:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"H:\Program Files\DAP\DAP.exe"="H:\Program Files\DAP\DAP.exe:*:Enabled![:D]( ":D")
ownload Accelerator Plus (DAP)"
"H:\Program Files\mIRC\mirc.exe"="H:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"H:\jre\bin\java.exe"="H:\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c767c127-2737-11de-be0b-0015af08addc}]
shell\AutoRun\command - E:\OblivionLauncher.exe
======List of files/folders created in the last 1 months======
2009-08-28 14:38:42 ----D---- H:\WINDOWS\LastGood
2009-08-27 02:31:20 ----HDC---- H:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 18:55:55 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2009-08-25 18:55:48 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-25 18:55:47 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 18:21:06 ----D---- H:\rsit
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCR71.dll
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCP71.dll
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MFC71.dll
2009-08-25 15:57:35 ----D---- H:\Program Files\Alwil Software
2009-08-20 02:47:43 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Octoshape
2009-08-18 03:01:51 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiGame
2009-08-17 03:01:04 ----HDC---- H:\WINDOWS\$NtUninstallKB961118$
2009-08-16 01:08:47 ----D---- H:\44d38210c1f84ddaac709fa004
2009-08-16 00:29:12 ----D---- H:\Program Files\Flop
2009-08-14 02:47:02 ----HDC---- H:\WINDOWS\$NtUninstallKB960859$
2009-08-14 02:46:58 ----HDC---- H:\WINDOWS\$NtUninstallKB971657$
2009-08-14 02:46:54 ----HDC---- H:\WINDOWS\$NtUninstallKB971557$
2009-08-14 02:46:50 ----HDC---- H:\WINDOWS\$NtUninstallKB956744$
2009-08-14 02:46:45 ----HDC---- H:\WINDOWS\$NtUninstallKB973869$
2009-08-14 02:46:41 ----HDC---- H:\WINDOWS\$NtUninstallKB973507$
2009-08-14 02:46:37 ----HDC---- H:\WINDOWS\$NtUninstallKB973354$
2009-08-14 02:46:35 ----A---- H:\WINDOWS\system32\wmpns.dll
2009-08-14 02:46:32 ----HDC---- H:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 02:45:07 ----HDC---- H:\WINDOWS\$NtUninstallKB973815$
2009-08-14 02:44:59 ----HDC---- H:\WINDOWS\$NtUninstallKB968389$
2009-08-13 18:18:37 ----D---- H:\Program Files\EA Games
2009-08-13 18:17:22 ----D---- H:\Program Files\AGEIA Technologies
2009-08-09 17:19:24 ----D---- H:\Program Files\mIRC
2009-08-09 17:19:24 ----D---- H:\Documents and Settings\Propriétaire\Application Data\mIRC
2009-08-09 03:55:51 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-08-09 03:55:50 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-08-08 20:03:01 ----RA---- H:\WINDOWS\system32\LgExport.dll
2009-08-08 20:03:01 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2009-08-08 20:03:00 ----RA---- H:\WINDOWS\system32\LGDispDrv.dll
2009-08-08 20:02:52 ----D---- H:\Program Files\LG Soft India
2009-08-08 19:28:28 ----D---- H:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2009-08-08 19:14:11 ----D---- H:\Documents and Settings\Propriétaire\Application Data\ATI
2009-08-08 19:14:11 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2009-08-08 19:09:59 ----N---- H:\WINDOWS\system32\ati2sgag.exe
2009-08-08 19:09:45 ----D---- H:\Program Files\ATI Technologies
2009-08-08 19:09:17 ----D---- H:\ATI
2009-08-04 03:37:41 ----D---- H:\Documents and Settings\Propriétaire\Application Data\vlc
2009-08-02 19:56:04 ----A---- H:\WINDOWS\system32\jniwrap.dll
2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre
2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiBarre
2009-08-02 14:48:32 ----D---- H:\Program Files\REALTEK RTL8187 Wireless LAN Driver
2009-08-02 14:20:11 ----D---- H:\Program Files\REALTEK RTL8187B Wireless LAN Driver
======List of files/folders modified in the last 1 months======
2009-08-28 16:04:29 ----D---- H:\Program Files\Steam
2009-08-28 15:29:47 ----D---- H:\Program Files\Mozilla Firefox 3.1 Beta 3
2009-08-28 14:53:20 ----D---- H:\WINDOWS\BDOSCAN8
2009-08-28 14:45:18 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-08-28 14:45:16 ----D---- H:\WINDOWS\Temp
2009-08-28 14:45:16 ----D---- H:\WINDOWS
2009-08-28 14:45:15 ----HD---- H:\WINDOWS\inf
2009-08-28 11:55:20 ----D---- H:\WINDOWS\system32\CatRoot2
2009-08-28 11:55:17 ----A---- H:\WINDOWS\RTacDbg.txt
2009-08-28 11:55:16 ----AD---- H:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-27 23:21:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-08-27 22:16:26 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-27 02:31:22 ----D---- H:\WINDOWS\system32
2009-08-25 19:10:53 ----D---- H:\WINDOWS\system32\drivers
2009-08-25 18:55:47 ----RD---- H:\Program Files
2009-08-25 15:58:15 ----D---- H:\WINDOWS\system32\config
2009-08-25 11:44:24 ----D---- H:\Program Files\Spybot - Search & Destroy
2009-08-24 21:22:02 ----D---- H:\Program Files\DivX
2009-08-24 21:22:00 ----SHD---- H:\WINDOWS\Installer
2009-08-24 19:34:15 ----D---- H:\Documents and Settings\Propriétaire\Application Data\teamspeak2
2009-08-23 17:20:22 ----D---- H:\Documents and Settings\Propriétaire\Application Data\dvdcss
2009-08-21 02:13:20 ----D---- H:\Program Files\Fichiers communs\BioWare
2009-08-20 22:57:09 ----SD---- H:\Documents and Settings\Propriétaire\Application Data\Microsoft
2009-08-20 02:47:44 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mozilla
2009-08-18 23:26:51 ----D---- H:\WINDOWS\Debug
2009-08-17 18:06:57 ----D---- H:\WINDOWS\Microsoft.NET
2009-08-17 03:01:20 ----D---- H:\WINDOWS\system32\CatRoot
2009-08-17 03:01:11 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-08-16 05:46:52 ----RSD---- H:\WINDOWS\assembly
2009-08-16 01:11:50 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-08-16 01:11:40 ----D---- H:\WINDOWS\WinSxS
2009-08-16 01:09:23 ----D---- H:\WINDOWS\system32\XPSViewer
2009-08-16 01:09:19 ----D---- H:\WINDOWS\system32\en-us
2009-08-16 01:09:14 ----RSD---- H:\WINDOWS\Fonts
2009-08-14 02:46:49 ----HD---- H:\WINDOWS\$hf_mig$
2009-08-14 02:46:39 ----D---- H:\Program Files\Outlook Express
2009-08-13 18:18:37 ----D---- H:\WINDOWS\system32\DirectX
2009-08-13 18:17:23 ----D---- H:\WINDOWS\system32\ageia
2009-08-13 18:17:10 ----D---- H:\Program Files\Fichiers communs\Wise Installation Wizard
2009-08-13 17:08:11 ----HD---- H:\Program Files\InstallShield Installation Information
2009-08-11 03:34:47 ----D---- H:\Program Files\Rockstar Games
2009-08-10 22:36:58 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mumble
2009-08-10 22:35:54 ----D---- H:\Program Files\Mumble
2009-08-08 20:12:40 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-08-08 19:13:34 ----D---- H:\WINDOWS\Help
2009-08-06 00:41:07 ----D---- H:\UT2003
2009-08-05 11:00:38 ----A---- H:\WINDOWS\system32\mswebdvd.dll
2009-08-05 10:09:23 ----D---- H:\WINDOWS\pss
2009-08-02 14:58:45 ----D---- H:\WINDOWS\system32\fr-fr
2009-08-02 14:58:45 ----D---- H:\Program Files\Internet Explorer
2009-08-02 14:53:31 ----A---- H:\WINDOWS\system32\wpa.bak
2009-08-02 14:49:08 ----D---- H:\WINDOWS\system32\wbem
2009-08-02 14:49:08 ----D---- H:\WINDOWS\Registration
2009-08-02 14:48:32 ----D---- H:\WINDOWS\system
2009-08-02 14:48:20 ----D---- H:\WINDOWS\system32\Restore
2009-07-30 02:49:14 ----A---- H:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-18 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; H:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-05 21035]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-18 55656]
R3 Arp1394;Protocole client ARP 1394; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-02 4125696]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; H:\WINDOWS\system32\DRIVERS\RTL8187.sys [2009-04-05 332928]
R3 SjyPkt;SjyPkt; \??\H:\WINDOWS\System32\Drivers\SjyPkt.sys []
R3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); H:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
S3 a2sa6qld;a2sa6qld; H:\WINDOWS\system32\drivers\a2sa6qld.sys []
S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hamachi;Hamachi Network Interface; H:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-04 25280]
S3 MusCAudio;MusCAudio; H:\WINDOWS\system32\drivers\MusCAudio.sys [2009-06-26 23096]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; H:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S3 sony_ssm.sys;sony_ssm.sys; \??\H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\sony_ssm.sys []
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; H:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; H:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S3 zlportio;zlportio; \??\H:\Program Files\UltraStar Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-18 108289]
R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-07-02 602112]
R2 Diskeeper;Diskeeper; H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-05-21 932944]
R2 JavaQuickStarterService;Java Quick Starter; H:\jre\bin\jqs.exe [2009-05-13 152984]
R2 UserAccess7;SecuROM User Access Service (V7); H:\WINDOWS\system32\UAService7.exe [2009-05-30 122880]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
S3 aspnet_state;Service d'état ASP.NET; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-28 16:24:35
======Uninstall list======
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
20Dollars2Surf-->"H:\WINDOWS\20Dollars2Surf\uninstall.exe" "/U:H:\Program Files\20Dollars2Surf\Uninstall\uninstall.xml"
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Archiveur WinRAR-->H:\Program Files\WinRAR\uninstall.exe
ASUS WiFi-AP Solo-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
ATI - Utilitaire de désinstallation du logiciel-->H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6476
ATI Display Driver-->rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class![:D]( ":D")
ISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->H:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"H:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows XP (KB961118)-->"H:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"H:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Counter-Strike-->"H:\Program Files\Steam\steam.exe" steam://uninstall/10
Diskeeper 2007 Professional-->MsiExec.exe /X{D4154D0C-8EE7-4E01-9999-976D8D8E5057}
DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->H:\PROGRA~1\DAP\DAPREMOVE.EXE
Dragonica(FR)-->H:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe
forteManager-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly
Fraps-->"H:\Fraps\uninstall.exe"
Free Video to Mp3 Converter version 3.1-->"H:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JMicron JMB36X Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Kyuubi-Barre-->"H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->H:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"H:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->H:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"H:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->H:\Program Files\mIRC\uninstall.exe _?=H:\Program Files\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"H:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"H:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"H:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"H:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"H:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"H:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->H:\WINDOWS\system32\MacroMed\Flash\genuinst.exe H:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"H:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"H:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"H:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"H:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"H:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"H:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"H:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"H:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"H:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->H:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.5.2)-->H:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Mumble and Murmur-->H:\Program Files\Mumble\Uninstall.exe
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
Quicksys RegDefrag 2.3-->"H:\Program Files\Quicksys\RegDefrag\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
REALTEK RTL8187 Wireless LAN Driver-->H:\Program Files\InstallShield Installation Information\{258FDE4E-EE80-4BD7-ACE1-BDAED5F22F09}\Install.exe -uninst -l0x40C
Spybot - Search & Destroy-->"H:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3-->H:\Program Files\TeamSpeak 3\uninstall.exe
TweakDUN v3.0-->H:\PROGRA~1\TweakDUN\UNWISE.EXE H:\PROGRA~1\TweakDUN\INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.1-->H:\Program Files\VideoLAN\VLC\uninstall.exe
Waver Version 2.95-->"H:\Program Files\Flop\Waver\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"H:\Program Files\Xvid\unins000.exe"
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-22]
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - H:\WINDOWS\system32\msxml71.dll [2009-07-18]
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe [2009-07-18]
O15 - Trusted Zone: *.chat-land.org [2009-08-17]
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-08-20]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: MUGIWARA
Event Code: 7036
Message: Le service Gestionnaire de connexion automatique d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7526
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service SjyPkt.
Record Number: 7525
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User: MUGIWARA\Propriétaire
Computer Name: MUGIWARA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexion automatique d'accès distant.
Record Number: 7524
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: MUGIWARA
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7523
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 7522
Source Name: avgntflt
Time Written: 20090719172344.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: MUGIWARA
Event Code: 100
Message: msnmsgr (2292) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 3365
Source Name: ESENT
Time Written: 20090713161406.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 4113
Message: AntiVir a détecté dans le fichier
H:\System Volume Information\_restore{C440A930-897C-478D-9FBD-10D7DD433768}\RP116\A0047703.exe
un code suspect avec la désignation 'TR/Renaz.366397'!
Record Number: 3364
Source Name: Avira AntiVir
Time Written: 20090713154449.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: MUGIWARA
Event Code: 101
Message: msnmsgr (2536) Le moteur de base de données est arrêté.
Record Number: 3363
Source Name: ESENT
Time Written: 20090713145738.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 103
Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3362
Source Name: ESENT
Time Written: 20090713145738.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 102
Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3361
Source Name: ESENT
Time Written: 20090713145717.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Fichiers communs\DivX Shared\;H:\PROGRA~1\Diskeeper Corporation\Diskeeper\;H:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-08-28 16:22:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive H: has 126 GB (53%) free of 238 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:36, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
H:\jre\bin\jqs.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\UAService7.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAP\DAP.EXE
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Steam\Steam.exe
H:\jre\bin\javaw.exe
H:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe
H:\Program Files\Steam\GameOverlayUI.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Documents and Settings\Propriétaire\Bureau\RSIT_1.exe
H:\Program Files\Trend Micro\HijackThis\Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\jre\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TweakDUN] H:\Program Files\TweakDUN\tweakdun.exe splash
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "H:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: &Clean Traces - H:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - H:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - H:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\jre\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - H:\WINDOWS\system32\UAService7.exe
--
End of file - 6343 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\jre\bin\jp2ssv.dll [2009-05-13 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=H:\WINDOWS\RaidTool\xInsIDE.exe [2009-04-05 36864]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TweakDUN"=H:\Program Files\TweakDUN\tweakdun.exe [2001-09-19 720896]
"avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DownloadAccelerator"=H:\Program Files\DAP\DAP.EXE [2009-07-22 2754048]
"SpybotSD TeaTimer"=H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
H:\WINDOWS\system32\xRaidSetup.exe [2009-04-05 1970176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
H:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
H:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
H:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^20dollars2surf.lnk]
H:\PROGRA~1\20Dollars2Surf\20dollars2surf.exe [2009-04-28 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Kyuubi-Barre.lnk]
H:\DOCUME~1\PROPRI~1\APPLIC~1\KyuubiBarre\PF\KyuubiBarre.exe [2009-01-04 61952]
H:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
ASUS WiFi-AP Solo.lnk - H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2009-07-02 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"H:\Program Files\Steam\Steam.exe"="H:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe"="H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe:*:Enabled:left4dead"
"H:\Program Files\Garena\Garena.exe"="H:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"H:\Program Files\Saints Row 2\SR2_pc.exe"="H:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
"H:\UT2003\System\UT2003.exe"="H:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"H:\Program Files\DAP\DAP.exe"="H:\Program Files\DAP\DAP.exe:*:Enabled
ownload Accelerator Plus (DAP)""H:\Program Files\mIRC\mirc.exe"="H:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"H:\jre\bin\java.exe"="H:\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c767c127-2737-11de-be0b-0015af08addc}]
shell\AutoRun\command - E:\OblivionLauncher.exe
======List of files/folders created in the last 1 months======
2009-08-28 14:38:42 ----D---- H:\WINDOWS\LastGood
2009-08-27 02:31:20 ----HDC---- H:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 18:55:55 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2009-08-25 18:55:48 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-25 18:55:47 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 18:21:06 ----D---- H:\rsit
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCR71.dll
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCP71.dll
2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MFC71.dll
2009-08-25 15:57:35 ----D---- H:\Program Files\Alwil Software
2009-08-20 02:47:43 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Octoshape
2009-08-18 03:01:51 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiGame
2009-08-17 03:01:04 ----HDC---- H:\WINDOWS\$NtUninstallKB961118$
2009-08-16 01:08:47 ----D---- H:\44d38210c1f84ddaac709fa004
2009-08-16 00:29:12 ----D---- H:\Program Files\Flop
2009-08-14 02:47:02 ----HDC---- H:\WINDOWS\$NtUninstallKB960859$
2009-08-14 02:46:58 ----HDC---- H:\WINDOWS\$NtUninstallKB971657$
2009-08-14 02:46:54 ----HDC---- H:\WINDOWS\$NtUninstallKB971557$
2009-08-14 02:46:50 ----HDC---- H:\WINDOWS\$NtUninstallKB956744$
2009-08-14 02:46:45 ----HDC---- H:\WINDOWS\$NtUninstallKB973869$
2009-08-14 02:46:41 ----HDC---- H:\WINDOWS\$NtUninstallKB973507$
2009-08-14 02:46:37 ----HDC---- H:\WINDOWS\$NtUninstallKB973354$
2009-08-14 02:46:35 ----A---- H:\WINDOWS\system32\wmpns.dll
2009-08-14 02:46:32 ----HDC---- H:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 02:45:07 ----HDC---- H:\WINDOWS\$NtUninstallKB973815$
2009-08-14 02:44:59 ----HDC---- H:\WINDOWS\$NtUninstallKB968389$
2009-08-13 18:18:37 ----D---- H:\Program Files\EA Games
2009-08-13 18:17:22 ----D---- H:\Program Files\AGEIA Technologies
2009-08-09 17:19:24 ----D---- H:\Program Files\mIRC
2009-08-09 17:19:24 ----D---- H:\Documents and Settings\Propriétaire\Application Data\mIRC
2009-08-09 03:55:51 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-08-09 03:55:50 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-08-08 20:03:01 ----RA---- H:\WINDOWS\system32\LgExport.dll
2009-08-08 20:03:01 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2009-08-08 20:03:00 ----RA---- H:\WINDOWS\system32\LGDispDrv.dll
2009-08-08 20:02:52 ----D---- H:\Program Files\LG Soft India
2009-08-08 19:28:28 ----D---- H:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2009-08-08 19:14:11 ----D---- H:\Documents and Settings\Propriétaire\Application Data\ATI
2009-08-08 19:14:11 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2009-08-08 19:09:59 ----N---- H:\WINDOWS\system32\ati2sgag.exe
2009-08-08 19:09:45 ----D---- H:\Program Files\ATI Technologies
2009-08-08 19:09:17 ----D---- H:\ATI
2009-08-04 03:37:41 ----D---- H:\Documents and Settings\Propriétaire\Application Data\vlc
2009-08-02 19:56:04 ----A---- H:\WINDOWS\system32\jniwrap.dll
2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre
2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiBarre
2009-08-02 14:48:32 ----D---- H:\Program Files\REALTEK RTL8187 Wireless LAN Driver
2009-08-02 14:20:11 ----D---- H:\Program Files\REALTEK RTL8187B Wireless LAN Driver
======List of files/folders modified in the last 1 months======
2009-08-28 16:04:29 ----D---- H:\Program Files\Steam
2009-08-28 15:29:47 ----D---- H:\Program Files\Mozilla Firefox 3.1 Beta 3
2009-08-28 14:53:20 ----D---- H:\WINDOWS\BDOSCAN8
2009-08-28 14:45:18 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-08-28 14:45:16 ----D---- H:\WINDOWS\Temp
2009-08-28 14:45:16 ----D---- H:\WINDOWS
2009-08-28 14:45:15 ----HD---- H:\WINDOWS\inf
2009-08-28 11:55:20 ----D---- H:\WINDOWS\system32\CatRoot2
2009-08-28 11:55:17 ----A---- H:\WINDOWS\RTacDbg.txt
2009-08-28 11:55:16 ----AD---- H:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-27 23:21:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-08-27 22:16:26 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-27 02:31:22 ----D---- H:\WINDOWS\system32
2009-08-25 19:10:53 ----D---- H:\WINDOWS\system32\drivers
2009-08-25 18:55:47 ----RD---- H:\Program Files
2009-08-25 15:58:15 ----D---- H:\WINDOWS\system32\config
2009-08-25 11:44:24 ----D---- H:\Program Files\Spybot - Search & Destroy
2009-08-24 21:22:02 ----D---- H:\Program Files\DivX
2009-08-24 21:22:00 ----SHD---- H:\WINDOWS\Installer
2009-08-24 19:34:15 ----D---- H:\Documents and Settings\Propriétaire\Application Data\teamspeak2
2009-08-23 17:20:22 ----D---- H:\Documents and Settings\Propriétaire\Application Data\dvdcss
2009-08-21 02:13:20 ----D---- H:\Program Files\Fichiers communs\BioWare
2009-08-20 22:57:09 ----SD---- H:\Documents and Settings\Propriétaire\Application Data\Microsoft
2009-08-20 02:47:44 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mozilla
2009-08-18 23:26:51 ----D---- H:\WINDOWS\Debug
2009-08-17 18:06:57 ----D---- H:\WINDOWS\Microsoft.NET
2009-08-17 03:01:20 ----D---- H:\WINDOWS\system32\CatRoot
2009-08-17 03:01:11 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-08-16 05:46:52 ----RSD---- H:\WINDOWS\assembly
2009-08-16 01:11:50 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-08-16 01:11:40 ----D---- H:\WINDOWS\WinSxS
2009-08-16 01:09:23 ----D---- H:\WINDOWS\system32\XPSViewer
2009-08-16 01:09:19 ----D---- H:\WINDOWS\system32\en-us
2009-08-16 01:09:14 ----RSD---- H:\WINDOWS\Fonts
2009-08-14 02:46:49 ----HD---- H:\WINDOWS\$hf_mig$
2009-08-14 02:46:39 ----D---- H:\Program Files\Outlook Express
2009-08-13 18:18:37 ----D---- H:\WINDOWS\system32\DirectX
2009-08-13 18:17:23 ----D---- H:\WINDOWS\system32\ageia
2009-08-13 18:17:10 ----D---- H:\Program Files\Fichiers communs\Wise Installation Wizard
2009-08-13 17:08:11 ----HD---- H:\Program Files\InstallShield Installation Information
2009-08-11 03:34:47 ----D---- H:\Program Files\Rockstar Games
2009-08-10 22:36:58 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mumble
2009-08-10 22:35:54 ----D---- H:\Program Files\Mumble
2009-08-08 20:12:40 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-08-08 19:13:34 ----D---- H:\WINDOWS\Help
2009-08-06 00:41:07 ----D---- H:\UT2003
2009-08-05 11:00:38 ----A---- H:\WINDOWS\system32\mswebdvd.dll
2009-08-05 10:09:23 ----D---- H:\WINDOWS\pss
2009-08-02 14:58:45 ----D---- H:\WINDOWS\system32\fr-fr
2009-08-02 14:58:45 ----D---- H:\Program Files\Internet Explorer
2009-08-02 14:53:31 ----A---- H:\WINDOWS\system32\wpa.bak
2009-08-02 14:49:08 ----D---- H:\WINDOWS\system32\wbem
2009-08-02 14:49:08 ----D---- H:\WINDOWS\Registration
2009-08-02 14:48:32 ----D---- H:\WINDOWS\system
2009-08-02 14:48:20 ----D---- H:\WINDOWS\system32\Restore
2009-07-30 02:49:14 ----A---- H:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-18 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; H:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-05 21035]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-18 55656]
R3 Arp1394;Protocole client ARP 1394; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-02 4125696]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; H:\WINDOWS\system32\DRIVERS\RTL8187.sys [2009-04-05 332928]
R3 SjyPkt;SjyPkt; \??\H:\WINDOWS\System32\Drivers\SjyPkt.sys []
R3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); H:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
S3 a2sa6qld;a2sa6qld; H:\WINDOWS\system32\drivers\a2sa6qld.sys []
S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hamachi;Hamachi Network Interface; H:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-04 25280]
S3 MusCAudio;MusCAudio; H:\WINDOWS\system32\drivers\MusCAudio.sys [2009-06-26 23096]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; H:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S3 sony_ssm.sys;sony_ssm.sys; \??\H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\sony_ssm.sys []
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; H:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; H:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S3 zlportio;zlportio; \??\H:\Program Files\UltraStar Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-18 108289]
R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-07-02 602112]
R2 Diskeeper;Diskeeper; H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-05-21 932944]
R2 JavaQuickStarterService;Java Quick Starter; H:\jre\bin\jqs.exe [2009-05-13 152984]
R2 UserAccess7;SecuROM User Access Service (V7); H:\WINDOWS\system32\UAService7.exe [2009-05-30 122880]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
S3 aspnet_state;Service d'état ASP.NET; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-28 16:24:35
======Uninstall list======
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
20Dollars2Surf-->"H:\WINDOWS\20Dollars2Surf\uninstall.exe" "/U:H:\Program Files\20Dollars2Surf\Uninstall\uninstall.xml"
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Archiveur WinRAR-->H:\Program Files\WinRAR\uninstall.exe
ASUS WiFi-AP Solo-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
ATI - Utilitaire de désinstallation du logiciel-->H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6476
ATI Display Driver-->rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class
ISPLAY -cleanAvira AntiVir Personal - Free Antivirus-->H:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"H:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows XP (KB961118)-->"H:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"H:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Counter-Strike-->"H:\Program Files\Steam\steam.exe" steam://uninstall/10
Diskeeper 2007 Professional-->MsiExec.exe /X{D4154D0C-8EE7-4E01-9999-976D8D8E5057}
DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->H:\PROGRA~1\DAP\DAPREMOVE.EXE
Dragonica(FR)-->H:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe
forteManager-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly
Fraps-->"H:\Fraps\uninstall.exe"
Free Video to Mp3 Converter version 3.1-->"H:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JMicron JMB36X Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Kyuubi-Barre-->"H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->H:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"H:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->H:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"H:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->H:\Program Files\mIRC\uninstall.exe _?=H:\Program Files\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"H:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"H:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"H:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"H:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"H:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"H:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->H:\WINDOWS\system32\MacroMed\Flash\genuinst.exe H:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"H:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"H:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"H:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"H:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"H:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"H:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"H:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"H:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"H:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->H:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.5.2)-->H:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Mumble and Murmur-->H:\Program Files\Mumble\Uninstall.exe
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
Quicksys RegDefrag 2.3-->"H:\Program Files\Quicksys\RegDefrag\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
REALTEK RTL8187 Wireless LAN Driver-->H:\Program Files\InstallShield Installation Information\{258FDE4E-EE80-4BD7-ACE1-BDAED5F22F09}\Install.exe -uninst -l0x40C
Spybot - Search & Destroy-->"H:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3-->H:\Program Files\TeamSpeak 3\uninstall.exe
TweakDUN v3.0-->H:\PROGRA~1\TweakDUN\UNWISE.EXE H:\PROGRA~1\TweakDUN\INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.1-->H:\Program Files\VideoLAN\VLC\uninstall.exe
Waver Version 2.95-->"H:\Program Files\Flop\Waver\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"H:\Program Files\Xvid\unins000.exe"
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-22]
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - H:\WINDOWS\system32\msxml71.dll [2009-07-18]
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe [2009-07-18]
O15 - Trusted Zone: *.chat-land.org [2009-08-17]
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-08-20]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: MUGIWARA
Event Code: 7036
Message: Le service Gestionnaire de connexion automatique d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7526
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service SjyPkt.
Record Number: 7525
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User: MUGIWARA\Propriétaire
Computer Name: MUGIWARA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexion automatique d'accès distant.
Record Number: 7524
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: MUGIWARA
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7523
Source Name: Service Control Manager
Time Written: 20090719172349.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 7522
Source Name: avgntflt
Time Written: 20090719172344.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: MUGIWARA
Event Code: 100
Message: msnmsgr (2292) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 3365
Source Name: ESENT
Time Written: 20090713161406.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 4113
Message: AntiVir a détecté dans le fichier
H:\System Volume Information\_restore{C440A930-897C-478D-9FBD-10D7DD433768}\RP116\A0047703.exe
un code suspect avec la désignation 'TR/Renaz.366397'!
Record Number: 3364
Source Name: Avira AntiVir
Time Written: 20090713154449.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: MUGIWARA
Event Code: 101
Message: msnmsgr (2536) Le moteur de base de données est arrêté.
Record Number: 3363
Source Name: ESENT
Time Written: 20090713145738.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 103
Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a arrêté une instance (0).
Record Number: 3362
Source Name: ESENT
Time Written: 20090713145738.000000+120
Event Type: Informations
User:
Computer Name: MUGIWARA
Event Code: 102
Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3361
Source Name: ESENT
Time Written: 20090713145717.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Fichiers communs\DivX Shared\;H:\PROGRA~1\Diskeeper Corporation\Diskeeper\;H:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A61F1F8
Device \FileSystem\Fastfat \FatCdrom 89A111F8
Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
Device \Driver\USBSTOR \Device\00000073 89A161F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A17B500
Device \Driver\USBSTOR \Device\00000077 89A161F8
Device \Driver\NetBT \Device\NetbiosSmb 8A17B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4E7595A6-2EA1-4309-8BAF-98B87E874D42} 8A17B500
Device \Driver\usbuhci \Device\USBFDO-0 8A3491F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3491F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1AF500
Device \Driver\usbuhci \Device\USBFDO-3 8A3491F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1AF500
Device \Driver\Ftdisk \Device\FtControl 8A6211F8
Device \Driver\usbehci \Device\USBFDO-4 8A31C1F8
Device \Driver\sptd \Device\2776089028 spkj.sys
Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1Port5Path0Target0Lun0 8A3AA1F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A6201F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A6201F8
Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1 8A3AA1F8
Device \FileSystem\Fastfat \Fat 89A111F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A171500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x84 0x76 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A61F1F8
Device \FileSystem\Fastfat \FatCdrom 89A111F8
Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
Device \Driver\USBSTOR \Device\00000073 89A161F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A17B500
Device \Driver\USBSTOR \Device\00000077 89A161F8
Device \Driver\NetBT \Device\NetbiosSmb 8A17B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4E7595A6-2EA1-4309-8BAF-98B87E874D42} 8A17B500
Device \Driver\usbuhci \Device\USBFDO-0 8A3491F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3491F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1AF500
Device \Driver\usbuhci \Device\USBFDO-3 8A3491F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1AF500
Device \Driver\Ftdisk \Device\FtControl 8A6211F8
Device \Driver\usbehci \Device\USBFDO-4 8A31C1F8
Device \Driver\sptd \Device\2776089028 spkj.sys
Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1Port5Path0Target0Lun0 8A3AA1F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A6201F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A6201F8
Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1 8A3AA1F8
Device \FileSystem\Fastfat \Fat 89A111F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A171500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x84 0x76 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A61F1F8
Device \FileSystem\Fastfat \FatCdrom 89A111F8
Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
Device \Driver\USBSTOR \Device\00000073
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A61F1F8
Device \FileSystem\Fastfat \FatCdrom 89A111F8
Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
Device \Driver\USBSTOR \Device\00000073
GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll
Rootkit scan 2009-08-31 16:32:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT B85CA8DE ZwCreateKey
SSDT B85CA8D4 ZwCreateThread
SSDT B85CA8E3 ZwDeleteKey
SSDT B85CA8ED ZwDeleteValueKey
SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
SSDT B85CA8F2 ZwLoadKey
SSDT spkj.sys ZwOpenKey [0xF74D60C0]
SSDT B85CA8C0 ZwOpenProcess
SSDT B85CA8C5 ZwOpenThread
SSDT spkj.sys ZwQueryKey [0xF74F510A]
SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
SSDT B85CA8FC ZwReplaceKey
SSDT B85CA8F7 ZwRestoreKey
SSDT B85CA8E8 ZwSetValueKey
SSDT B85CA8CF ZwTerminateProcess
INT 0x62 ? 8A692BF8
INT 0x63 ? 8A623DD8
INT 0x63 ? 8A34ABF8
INT 0x63 ? 8A623DD8
INT 0x82 ? 8A692BF8
INT 0x84 ? 8A34ABF8
INT 0x94 ? 8A34ABF8
INT 0xA4 ? 8A692BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
? spkj.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
.text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aubnbxoq.SYS B792F3C9 1 Byte [30]
.text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
.text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- User IAT/EAT - GMER 1.0.15 ----
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll
20dollars2surf et KyuubiBarre, ça te dit quelque chose ?
Fais un scan en ligne avec Kaspersky Online Scanner et poste le rapport.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- SolutionsRalentissement internet
- SolutionsProblème de ralentissement d'internet
- ForumConnexion internet et pc ralenti
- SolutionsConnexion internet ralentie et déconnexions de MSN insupportables
- ForumOuverture fenêtre internet non désirées PC ralenti
- ForumAccés internet ralenti
- ForumD-link routeur wifi ralentissement de la connexion internet
- ForumConnection Internet ralentie.
- ForumRalentissement internet explorer
- Voir plus
