Se connecter / S'enregistrer
Votre question

Internet ralentit

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
28 Août 2009 15:34:25

Depuis quelque temps j'ressens quelques lags sur certains jeux et sur internet c'est assez ralenti :


Est ce un virus ?


Voici un rapport d'Avira :



Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 28 août 2009 12:06

La recherche porte sur 1667148 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : MUGIWARA

Informations de version :
BUILD.DAT : 9.0.0.67 17958 Bytes 04/08/2009 14:47:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 18/08/2009 18:32:55
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:22:48
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 18:18:23
ANTIVIR3.VDF : 7.1.5.174 215552 Bytes 27/08/2009 18:11:42
Version du moteur : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 18/07/2009 18:22:48
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26/08/2009 18:11:39
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:11:00
AERDL.DLL : 8.1.2.4 430452 Bytes 18/07/2009 18:22:48
AEPACK.DLL : 8.1.3.18 401783 Bytes 18/07/2009 18:22:48
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/07/2009 18:22:48
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18/08/2009 18:32:55
AEHELP.DLL : 8.1.6.0 233846 Bytes 18/08/2009 18:32:55
AEGEN.DLL : 8.1.1.59 356725 Bytes 26/08/2009 18:11:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:10:59
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 18/07/2009 18:22:47
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: h:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: H:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,

Début de la recherche : vendredi 28 août 2009 12:06

La recherche d'objets cachés commence.
'39491' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Steam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtWLan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DAP.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'UAService7.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DkService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'34' processus ont été contrôlés avec '34' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'H:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'H:\'
H:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
H:\Documents and Settings\Propriétaire\Mes documents\Jeux\rld-waor\OROCHI1.cab
[0] Type d'archive: CAB (Microsoft)
--> linkdata_ens.lnk
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
H:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !


Fin de la recherche : vendredi 28 août 2009 15:26
Temps nécessaire: 3:19:33 Heure(s)

La recherche a été effectuée intégralement

9199 Les répertoires ont été contrôlés
380703 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
380701 Fichiers non infectés
6162 Les archives ont été contrôlées
4 Avertissements
1 Consignes
39491 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Autres pages sur : internet ralentit

a c 267 8 Sécurité
28 Août 2009 16:01:21

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    Anonyme
    28 Août 2009 16:25:04

    Le log :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Propriétaire at 2009-08-28 16:22:30
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive H: has 126 GB (53%) free of 238 GB
    Total RAM: 2047 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:22:36, on 28/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Avira\AntiVir Desktop\sched.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\Program Files\Avira\AntiVir Desktop\avguard.exe
    H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    H:\jre\bin\jqs.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\UAService7.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\wbem\wmiapsrv.exe
    H:\WINDOWS\RTHDCPL.EXE
    H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\DAP\DAP.EXE
    H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    H:\Program Files\Steam\Steam.exe
    H:\jre\bin\javaw.exe
    H:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
    h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe
    H:\Program Files\Steam\GameOverlayUI.exe
    H:\WINDOWS\system32\NOTEPAD.EXE
    H:\Documents and Settings\Propriétaire\Bureau\RSIT_1.exe
    H:\Program Files\Trend Micro\HijackThis\Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\jre\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TweakDUN] H:\Program Files\TweakDUN\tweakdun.exe splash
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DownloadAccelerator] "H:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
    O8 - Extra context menu item: &Clean Traces - H:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - H:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - H:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\jre\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - H:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6343 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - H:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - H:\jre\bin\jp2ssv.dll [2009-05-13 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - H:\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"=H:\WINDOWS\RaidTool\xInsIDE.exe [2009-04-05 36864]
    "RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
    "Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "TweakDUN"=H:\Program Files\TweakDUN\tweakdun.exe [2001-09-19 720896]
    "avgnt"=H:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "DownloadAccelerator"=H:\Program Files\DAP\DAP.EXE [2009-07-22 2754048]
    "SpybotSD TeaTimer"=H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
    H:\WINDOWS\system32\xRaidSetup.exe [2009-04-05 1970176]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    H:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    H:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    H:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^20dollars2surf.lnk]
    H:\PROGRA~1\20Dollars2Surf\20dollars2surf.exe [2009-04-28 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Kyuubi-Barre.lnk]
    H:\DOCUME~1\PROPRI~1\APPLIC~1\KyuubiBarre\PF\KyuubiBarre.exe [2009-01-04 61952]

    H:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
    ASUS WiFi-AP Solo.lnk - H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    H:\WINDOWS\system32\Ati2evxx.dll [2009-07-02 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\ryosu\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "H:\Program Files\Steam\Steam.exe"="H:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe"="H:\Documents and Settings\Propriétaire\Bureau\artyshare-left[R]\Left.4.Dead.Full-Rip.Skullptura\left4dead.exe:*:Enabled:left4dead"
    "H:\Program Files\Garena\Garena.exe"="H:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
    "H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe"="H:\Program Files\Steam\steamapps\gui-gui\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
    "H:\Program Files\Saints Row 2\SR2_pc.exe"="H:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
    "H:\UT2003\System\UT2003.exe"="H:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
    "H:\Program Files\DAP\DAP.exe"="H:\Program Files\DAP\DAP.exe:*:Enabled:D ownload Accelerator Plus (DAP)"
    "H:\Program Files\mIRC\mirc.exe"="H:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "H:\jre\bin\java.exe"="H:\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="H:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
    "H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="H:\Documents and Settings\Propriétaire\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c767c127-2737-11de-be0b-0015af08addc}]
    shell\AutoRun\command - E:\OblivionLauncher.exe


    ======List of files/folders created in the last 1 months======

    2009-08-28 14:38:42 ----D---- H:\WINDOWS\LastGood
    2009-08-27 02:31:20 ----HDC---- H:\WINDOWS\$NtUninstallKB970653-v3$
    2009-08-25 18:55:55 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
    2009-08-25 18:55:48 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-08-25 18:55:47 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
    2009-08-25 18:21:06 ----D---- H:\rsit
    2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCR71.dll
    2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MSVCP71.dll
    2009-08-25 15:57:39 ----A---- H:\WINDOWS\system32\MFC71.dll
    2009-08-25 15:57:35 ----D---- H:\Program Files\Alwil Software
    2009-08-20 02:47:43 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Octoshape
    2009-08-18 03:01:51 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiGame
    2009-08-17 03:01:04 ----HDC---- H:\WINDOWS\$NtUninstallKB961118$
    2009-08-16 01:08:47 ----D---- H:\44d38210c1f84ddaac709fa004
    2009-08-16 00:29:12 ----D---- H:\Program Files\Flop
    2009-08-14 02:47:02 ----HDC---- H:\WINDOWS\$NtUninstallKB960859$
    2009-08-14 02:46:58 ----HDC---- H:\WINDOWS\$NtUninstallKB971657$
    2009-08-14 02:46:54 ----HDC---- H:\WINDOWS\$NtUninstallKB971557$
    2009-08-14 02:46:50 ----HDC---- H:\WINDOWS\$NtUninstallKB956744$
    2009-08-14 02:46:45 ----HDC---- H:\WINDOWS\$NtUninstallKB973869$
    2009-08-14 02:46:41 ----HDC---- H:\WINDOWS\$NtUninstallKB973507$
    2009-08-14 02:46:37 ----HDC---- H:\WINDOWS\$NtUninstallKB973354$
    2009-08-14 02:46:35 ----A---- H:\WINDOWS\system32\wmpns.dll
    2009-08-14 02:46:32 ----HDC---- H:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-14 02:45:07 ----HDC---- H:\WINDOWS\$NtUninstallKB973815$
    2009-08-14 02:44:59 ----HDC---- H:\WINDOWS\$NtUninstallKB968389$
    2009-08-13 18:18:37 ----D---- H:\Program Files\EA Games
    2009-08-13 18:17:22 ----D---- H:\Program Files\AGEIA Technologies
    2009-08-09 17:19:24 ----D---- H:\Program Files\mIRC
    2009-08-09 17:19:24 ----D---- H:\Documents and Settings\Propriétaire\Application Data\mIRC
    2009-08-09 03:55:51 ----A---- H:\WINDOWS\system32\ptpusb.dll
    2009-08-09 03:55:50 ----A---- H:\WINDOWS\system32\ptpusd.dll
    2009-08-08 20:03:01 ----RA---- H:\WINDOWS\system32\LgExport.dll
    2009-08-08 20:03:01 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
    2009-08-08 20:03:00 ----RA---- H:\WINDOWS\system32\LGDispDrv.dll
    2009-08-08 20:02:52 ----D---- H:\Program Files\LG Soft India
    2009-08-08 19:28:28 ----D---- H:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
    2009-08-08 19:14:11 ----D---- H:\Documents and Settings\Propriétaire\Application Data\ATI
    2009-08-08 19:14:11 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
    2009-08-08 19:09:59 ----N---- H:\WINDOWS\system32\ati2sgag.exe
    2009-08-08 19:09:45 ----D---- H:\Program Files\ATI Technologies
    2009-08-08 19:09:17 ----D---- H:\ATI
    2009-08-04 03:37:41 ----D---- H:\Documents and Settings\Propriétaire\Application Data\vlc
    2009-08-02 19:56:04 ----A---- H:\WINDOWS\system32\jniwrap.dll
    2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre
    2009-08-02 19:56:03 ----D---- H:\Documents and Settings\Propriétaire\Application Data\KyuubiBarre
    2009-08-02 14:48:32 ----D---- H:\Program Files\REALTEK RTL8187 Wireless LAN Driver
    2009-08-02 14:20:11 ----D---- H:\Program Files\REALTEK RTL8187B Wireless LAN Driver

    ======List of files/folders modified in the last 1 months======

    2009-08-28 16:04:29 ----D---- H:\Program Files\Steam
    2009-08-28 15:29:47 ----D---- H:\Program Files\Mozilla Firefox 3.1 Beta 3
    2009-08-28 14:53:20 ----D---- H:\WINDOWS\BDOSCAN8
    2009-08-28 14:45:18 ----SD---- H:\WINDOWS\Downloaded Program Files
    2009-08-28 14:45:16 ----D---- H:\WINDOWS\Temp
    2009-08-28 14:45:16 ----D---- H:\WINDOWS
    2009-08-28 14:45:15 ----HD---- H:\WINDOWS\inf
    2009-08-28 11:55:20 ----D---- H:\WINDOWS\system32\CatRoot2
    2009-08-28 11:55:17 ----A---- H:\WINDOWS\RTacDbg.txt
    2009-08-28 11:55:16 ----AD---- H:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-08-27 23:21:25 ----A---- H:\WINDOWS\SchedLgU.Txt
    2009-08-27 22:16:26 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-08-27 02:31:22 ----D---- H:\WINDOWS\system32
    2009-08-25 19:10:53 ----D---- H:\WINDOWS\system32\drivers
    2009-08-25 18:55:47 ----RD---- H:\Program Files
    2009-08-25 15:58:15 ----D---- H:\WINDOWS\system32\config
    2009-08-25 11:44:24 ----D---- H:\Program Files\Spybot - Search & Destroy
    2009-08-24 21:22:02 ----D---- H:\Program Files\DivX
    2009-08-24 21:22:00 ----SHD---- H:\WINDOWS\Installer
    2009-08-24 19:34:15 ----D---- H:\Documents and Settings\Propriétaire\Application Data\teamspeak2
    2009-08-23 17:20:22 ----D---- H:\Documents and Settings\Propriétaire\Application Data\dvdcss
    2009-08-21 02:13:20 ----D---- H:\Program Files\Fichiers communs\BioWare
    2009-08-20 22:57:09 ----SD---- H:\Documents and Settings\Propriétaire\Application Data\Microsoft
    2009-08-20 02:47:44 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mozilla
    2009-08-18 23:26:51 ----D---- H:\WINDOWS\Debug
    2009-08-17 18:06:57 ----D---- H:\WINDOWS\Microsoft.NET
    2009-08-17 03:01:20 ----D---- H:\WINDOWS\system32\CatRoot
    2009-08-17 03:01:11 ----RSHDC---- H:\WINDOWS\system32\dllcache
    2009-08-16 05:46:52 ----RSD---- H:\WINDOWS\assembly
    2009-08-16 01:11:50 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
    2009-08-16 01:11:40 ----D---- H:\WINDOWS\WinSxS
    2009-08-16 01:09:23 ----D---- H:\WINDOWS\system32\XPSViewer
    2009-08-16 01:09:19 ----D---- H:\WINDOWS\system32\en-us
    2009-08-16 01:09:14 ----RSD---- H:\WINDOWS\Fonts
    2009-08-14 02:46:49 ----HD---- H:\WINDOWS\$hf_mig$
    2009-08-14 02:46:39 ----D---- H:\Program Files\Outlook Express
    2009-08-13 18:18:37 ----D---- H:\WINDOWS\system32\DirectX
    2009-08-13 18:17:23 ----D---- H:\WINDOWS\system32\ageia
    2009-08-13 18:17:10 ----D---- H:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-08-13 17:08:11 ----HD---- H:\Program Files\InstallShield Installation Information
    2009-08-11 03:34:47 ----D---- H:\Program Files\Rockstar Games
    2009-08-10 22:36:58 ----D---- H:\Documents and Settings\Propriétaire\Application Data\Mumble
    2009-08-10 22:35:54 ----D---- H:\Program Files\Mumble
    2009-08-08 20:12:40 ----D---- H:\WINDOWS\system32\ReinstallBackups
    2009-08-08 19:13:34 ----D---- H:\WINDOWS\Help
    2009-08-06 00:41:07 ----D---- H:\UT2003
    2009-08-05 11:00:38 ----A---- H:\WINDOWS\system32\mswebdvd.dll
    2009-08-05 10:09:23 ----D---- H:\WINDOWS\pss
    2009-08-02 14:58:45 ----D---- H:\WINDOWS\system32\fr-fr
    2009-08-02 14:58:45 ----D---- H:\Program Files\Internet Explorer
    2009-08-02 14:53:31 ----A---- H:\WINDOWS\system32\wpa.bak
    2009-08-02 14:49:08 ----D---- H:\WINDOWS\system32\wbem
    2009-08-02 14:49:08 ----D---- H:\WINDOWS\Registration
    2009-08-02 14:48:32 ----D---- H:\WINDOWS\system
    2009-08-02 14:48:20 ----D---- H:\WINDOWS\system32\Restore
    2009-07-30 02:49:14 ----A---- H:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
    R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-18 28520]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; H:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-05 21035]
    R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-18 55656]
    R3 Arp1394;Protocole client ARP 1394; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-02 4125696]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
    R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; H:\WINDOWS\system32\DRIVERS\RTL8187.sys [2009-04-05 332928]
    R3 SjyPkt;SjyPkt; \??\H:\WINDOWS\System32\Drivers\SjyPkt.sys []
    R3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); H:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
    S3 a2sa6qld;a2sa6qld; H:\WINDOWS\system32\drivers\a2sa6qld.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hamachi;Hamachi Network Interface; H:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-04 25280]
    S3 MusCAudio;MusCAudio; H:\WINDOWS\system32\drivers\MusCAudio.sys [2009-06-26 23096]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio; H:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
    S3 sony_ssm.sys;sony_ssm.sys; \??\H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\sony_ssm.sys []
    S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Wdf01000;Kernel Mode Driver Frameworks service; H:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; H:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
    S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; H:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
    S3 zlportio;zlportio; \??\H:\Program Files\UltraStar Deluxe\zlportio.sys []
    S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-18 108289]
    R2 AntiVirService;Avira AntiVir Guard; H:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-07-02 602112]
    R2 Diskeeper;Diskeeper; H:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-05-21 932944]
    R2 JavaQuickStarterService;Java Quick Starter; H:\jre\bin\jqs.exe [2009-05-13 152984]
    R2 UserAccess7;SecuROM User Access Service (V7); H:\WINDOWS\system32\UAService7.exe [2009-05-30 122880]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
    S3 aspnet_state;Service d'état ASP.NET; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-07-22 3240876]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------





    info.txt logfile of random's system information tool 1.06 2009-08-28 16:24:35

    ======Uninstall list======

    -->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
    20Dollars2Surf-->"H:\WINDOWS\20Dollars2Surf\uninstall.exe" "/U:H:\Program Files\20Dollars2Surf\Uninstall\uninstall.xml"
    Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Archiveur WinRAR-->H:\Program Files\WinRAR\uninstall.exe
    ASUS WiFi-AP Solo-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
    ATI - Utilitaire de désinstallation du logiciel-->H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6476
    ATI Display Driver-->rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Avira AntiVir Personal - Free Antivirus-->H:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"H:\Program Files\CCleaner\uninst.exe"
    Correctif pour Windows XP (KB961118)-->"H:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB970653-v3)-->"H:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Counter-Strike-->"H:\Program Files\Steam\steam.exe" steam://uninstall/10
    Diskeeper 2007 Professional-->MsiExec.exe /X{D4154D0C-8EE7-4E01-9999-976D8D8E5057}
    DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Download Accelerator Plus (DAP)-->H:\PROGRA~1\DAP\DAPREMOVE.EXE
    Dragonica(FR)-->H:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe
    forteManager-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly
    Fraps-->"H:\Fraps\uninstall.exe"
    Free Video to Mp3 Converter version 3.1-->"H:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
    HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    JMicron JMB36X Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
    Kyuubi-Barre-->"H:\Documents and Settings\Propriétaire\Application Data\Kyuubi-Barre\unins000.exe"
    Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
    Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Marvell Miniport Driver-->H:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Messenger Plus! Live-->"H:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->H:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
    Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"H:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    mIRC-->H:\Program Files\mIRC\uninstall.exe _?=H:\Program Files\mIRC
    Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
    Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"H:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"H:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"H:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"H:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"H:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"H:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->H:\WINDOWS\system32\MacroMed\Flash\genuinst.exe H:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956744)-->"H:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960859)-->"H:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB971557)-->"H:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB971657)-->"H:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973354)-->"H:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973507)-->"H:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973869)-->"H:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB968389)-->"H:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB973815)-->"H:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->H:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.5.2)-->H:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    Mumble and Murmur-->H:\Program Files\Mumble\Uninstall.exe
    NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    Quicksys RegDefrag 2.3-->"H:\Program Files\Quicksys\RegDefrag\unins000.exe"
    Realtek High Definition Audio Driver-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    REALTEK RTL8187 Wireless LAN Driver-->H:\Program Files\InstallShield Installation Information\{258FDE4E-EE80-4BD7-ACE1-BDAED5F22F09}\Install.exe -uninst -l0x40C
    Spybot - Search & Destroy-->"H:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    TeamSpeak 3-->H:\Program Files\TeamSpeak 3\uninstall.exe
    TweakDUN v3.0-->H:\PROGRA~1\TweakDUN\UNWISE.EXE H:\PROGRA~1\TweakDUN\INSTALL.LOG
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->H:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VLC media player 1.0.1-->H:\Program Files\VideoLAN\VLC\uninstall.exe
    Waver Version 2.95-->"H:\Program Files\Flop\Waver\unins000.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Xvid 1.1.3 final uninstall-->"H:\Program Files\Xvid\unins000.exe"

    =====HijackThis Backups=====

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-22]
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - H:\WINDOWS\system32\msxml71.dll [2009-07-18]
    O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe [2009-07-18]
    O15 - Trusted Zone: *.chat-land.org [2009-08-17]
    O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-08-20]

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AntiVir Desktop

    ======System event log======

    Computer Name: MUGIWARA
    Event Code: 7036
    Message: Le service Gestionnaire de connexion automatique d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 7526
    Source Name: Service Control Manager
    Time Written: 20090719172349.000000+120
    Event Type: Informations
    User:

    Computer Name: MUGIWARA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service SjyPkt.

    Record Number: 7525
    Source Name: Service Control Manager
    Time Written: 20090719172349.000000+120
    Event Type: Informations
    User: MUGIWARA\Propriétaire

    Computer Name: MUGIWARA
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexion automatique d'accès distant.

    Record Number: 7524
    Source Name: Service Control Manager
    Time Written: 20090719172349.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: MUGIWARA
    Event Code: 7036
    Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 7523
    Source Name: Service Control Manager
    Time Written: 20090719172349.000000+120
    Event Type: Informations
    User:

    Computer Name: MUGIWARA
    Event Code: 17
    Message: AVGNTFLT successfully loaded

    Record Number: 7522
    Source Name: avgntflt
    Time Written: 20090719172344.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: MUGIWARA
    Event Code: 100
    Message: msnmsgr (2292) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 3365
    Source Name: ESENT
    Time Written: 20090713161406.000000+120
    Event Type: Informations
    User:

    Computer Name: MUGIWARA
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    H:\System Volume Information\_restore{C440A930-897C-478D-9FBD-10D7DD433768}\RP116\A0047703.exe
    un code suspect avec la désignation 'TR/Renaz.366397'!

    Record Number: 3364
    Source Name: Avira AntiVir
    Time Written: 20090713154449.000000+120
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: MUGIWARA
    Event Code: 101
    Message: msnmsgr (2536) Le moteur de base de données est arrêté.

    Record Number: 3363
    Source Name: ESENT
    Time Written: 20090713145738.000000+120
    Event Type: Informations
    User:

    Computer Name: MUGIWARA
    Event Code: 103
    Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 3362
    Source Name: ESENT
    Time Written: 20090713145738.000000+120
    Event Type: Informations
    User:

    Computer Name: MUGIWARA
    Event Code: 102
    Message: msnmsgr (2536) \\.\H:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\onepiecenokaizoku91@hotmail.fr\SharingMetadata\Working\database_54B0_801C_B080_728\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 3361
    Source Name: ESENT
    Time Written: 20090713145717.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Fichiers communs\DivX Shared\;H:\PROGRA~1\Diskeeper Corporation\Diskeeper\;H:\Program Files\ATI Technologies\ATI.ACE\Core-Static
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------

    Contenus similaires
    a c 267 8 Sécurité
    31 Août 2009 15:24:05

  • Télécharge Gmer sur ton Bureau.
  • Extrais l'archive (Clic droit > Extraire) puis renomme gmer.exe en IDN.exe (Le .exe n'est pas forcément visible).
  • Double-clique sur IDN.exe.
  • Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
  • En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".
  • Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
    31 Août 2009 16:40:27

    GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
    Rootkit scan 2009-08-31 16:32:26
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT B85CA8DE ZwCreateKey
    SSDT B85CA8D4 ZwCreateThread
    SSDT B85CA8E3 ZwDeleteKey
    SSDT B85CA8ED ZwDeleteValueKey
    SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
    SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
    SSDT B85CA8F2 ZwLoadKey
    SSDT spkj.sys ZwOpenKey [0xF74D60C0]
    SSDT B85CA8C0 ZwOpenProcess
    SSDT B85CA8C5 ZwOpenThread
    SSDT spkj.sys ZwQueryKey [0xF74F510A]
    SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
    SSDT B85CA8FC ZwReplaceKey
    SSDT B85CA8F7 ZwRestoreKey
    SSDT B85CA8E8 ZwSetValueKey
    SSDT B85CA8CF ZwTerminateProcess

    INT 0x62 ? 8A692BF8
    INT 0x63 ? 8A623DD8
    INT 0x63 ? 8A34ABF8
    INT 0x63 ? 8A623DD8
    INT 0x82 ? 8A692BF8
    INT 0x84 ? 8A34ABF8
    INT 0x94 ? 8A34ABF8
    INT 0xA4 ? 8A692BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
    .text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
    ? spkj.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
    .text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aubnbxoq.SYS B792F3C9 1 Byte [30]
    .text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A61F1F8
    Device \FileSystem\Fastfat \FatCdrom 89A111F8
    Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
    Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
    Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
    Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
    Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
    Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
    Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
    Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
    Device \Driver\USBSTOR \Device\00000073 89A161F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A17B500
    Device \Driver\USBSTOR \Device\00000077 89A161F8
    Device \Driver\NetBT \Device\NetbiosSmb 8A17B500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4E7595A6-2EA1-4309-8BAF-98B87E874D42} 8A17B500
    Device \Driver\usbuhci \Device\USBFDO-0 8A3491F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A3491F8
    Device \Driver\usbuhci \Device\USBFDO-2 8A3491F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1AF500
    Device \Driver\usbuhci \Device\USBFDO-3 8A3491F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1AF500
    Device \Driver\Ftdisk \Device\FtControl 8A6211F8
    Device \Driver\usbehci \Device\USBFDO-4 8A31C1F8
    Device \Driver\sptd \Device\2776089028 spkj.sys
    Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1Port5Path0Target0Lun0 8A3AA1F8
    Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A6201F8
    Device \Driver\JRAID \Device\Scsi\JRAID1 8A6201F8
    Device \Driver\aubnbxoq \Device\Scsi\aubnbxoq1 8A3AA1F8
    Device \FileSystem\Fastfat \Fat 89A111F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8A171500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x84 0x76 0x54 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0x4E 0xC9 0x4F ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xDF 0x14 0x6A ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x67 0xEF 0x88 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x6C 0x60 0xC7 ...

    ---- EOF - GMER 1.0.15 ----
    31 Août 2009 16:41:49

    GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
    Rootkit scan 2009-08-31 16:32:26
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT B85CA8DE ZwCreateKey
    SSDT B85CA8D4 ZwCreateThread
    SSDT B85CA8E3 ZwDeleteKey
    SSDT B85CA8ED ZwDeleteValueKey
    SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
    SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
    SSDT B85CA8F2 ZwLoadKey
    SSDT spkj.sys ZwOpenKey [0xF74D60C0]
    SSDT B85CA8C0 ZwOpenProcess
    SSDT B85CA8C5 ZwOpenThread
    SSDT spkj.sys ZwQueryKey [0xF74F510A]
    SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
    SSDT B85CA8FC ZwReplaceKey
    SSDT B85CA8F7 ZwRestoreKey
    SSDT B85CA8E8 ZwSetValueKey
    SSDT B85CA8CF ZwTerminateProcess

    INT 0x62 ? 8A692BF8
    INT 0x63 ? 8A623DD8
    INT 0x63 ? 8A34ABF8
    INT 0x63 ? 8A623DD8
    INT 0x82 ? 8A692BF8
    INT 0x84 ? 8A34ABF8
    INT 0x94 ? 8A34ABF8
    INT 0xA4 ? 8A692BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
    .text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
    ? spkj.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
    .text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aubnbxoq.SYS B792F3C9 1 Byte [30]
    .text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A61F1F8
    Device \FileSystem\Fastfat \FatCdrom 89A111F8
    Device \Driver\usbuhci \Device\USBPDO-0 8A3491F8
    Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
    Device \Driver\PCI_PNP9028 \Device\00000045 spkj.sys
    Device \Driver\usbuhci \Device\USBPDO-1 8A3491F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A3491F8
    Device \Driver\usbuhci \Device\USBPDO-3 8A3491F8
    Device \Driver\usbehci \Device\USBPDO-4 8A31C1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6211F8
    Device \Driver\Cdrom \Device\CdRom0 8A34C1F8
    Device \Driver\Cdrom \Device\CdRom1 8A34C1F8
    Device \Driver\USBSTOR \Device\00000073
    31 Août 2009 16:50:07

    GMER 1.0.15.15077 [IDN.exe] - http://www.gmer.net
    Rootkit scan 2009-08-31 16:32:26
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT B85CA8DE ZwCreateKey
    SSDT B85CA8D4 ZwCreateThread
    SSDT B85CA8E3 ZwDeleteKey
    SSDT B85CA8ED ZwDeleteValueKey
    SSDT spkj.sys ZwEnumerateKey [0xF74F4CA4]
    SSDT spkj.sys ZwEnumerateValueKey [0xF74F5032]
    SSDT B85CA8F2 ZwLoadKey
    SSDT spkj.sys ZwOpenKey [0xF74D60C0]
    SSDT B85CA8C0 ZwOpenProcess
    SSDT B85CA8C5 ZwOpenThread
    SSDT spkj.sys ZwQueryKey [0xF74F510A]
    SSDT spkj.sys ZwQueryValueKey [0xF74F4F8A]
    SSDT B85CA8FC ZwReplaceKey
    SSDT B85CA8F7 ZwRestoreKey
    SSDT B85CA8E8 ZwSetValueKey
    SSDT B85CA8CF ZwTerminateProcess

    INT 0x62 ? 8A692BF8
    INT 0x63 ? 8A623DD8
    INT 0x63 ? 8A34ABF8
    INT 0x63 ? 8A623DD8
    INT 0x82 ? 8A692BF8
    INT 0x84 ? 8A34ABF8
    INT 0x94 ? 8A34ABF8
    INT 0xA4 ? 8A692BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 2 Bytes [F2, A8]
    .text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL 6E06A939
    ? spkj.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload B79908AC 5 Bytes JMP 8A34A1D8
    .text aubnbxoq.SYS B792F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aubnbxoq.SYS B792F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aubnbxoq.SYS B792F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aubnbxoq.SYS B792F3C9 1 Byte [30]
    .text aubnbxoq.SYS B792F3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012760 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 100127F0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012900 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10012980 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10012880 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageW 7E398A01 5 Bytes JMP 10010DB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!DispatchMessageA 7E3996B8 5 Bytes JMP 10010D50 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 10010BB0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 10010BE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyState 7E3A9ED9 5 Bytes JMP 10010C80 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetAsyncKeyState 7E3AA78F 5 Bytes JMP 10010C60 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCapture 7E3AC35E 5 Bytes JMP 10010C10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ReleaseCapture 7E3AC37A 5 Bytes JMP 10010C40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetKeyboardState 7E3AD226 5 Bytes JMP 10010CA0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ShowCursor 7E3AFA6E 5 Bytes JMP 10010B70 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!ClipCursor 7E3BFDC5 5 Bytes JMP 10010E40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!SetCursorPos 7E3D61B3 5 Bytes JMP 10010B40 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetRawInputBuffer 7E3E0DCD 5 Bytes JMP 10010E10 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!GetClipCursor 7E3ECBA6 5 Bytes JMP 10010E90 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text h:\program files\steam\steamapps\ryosu\counter-strike\hl.exe[2180] USER32.dll!RegisterRawInputDevices 7E3ECE0E 5 Bytes JMP 10010EE0 H:\Program Files\Steam\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindowAsync 7E3A337D 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0048B870 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetActiveWindow 7E3A7822 5 Bytes JMP 0048B920 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0048B9A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 0048B970 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0048B890 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!GetFocus 7E3A98C8 5 Bytes JMP 0048B960 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetCursor 7E3A9930 5 Bytes JMP 0048BA00 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0048B8F0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!ShowWindow 7E3AAF56 5 Bytes JMP 0048B8D0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SetFocus 7E3AB112 5 Bytes JMP 0048B930 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!BringWindowToTop 7E3B03A8 5 Bytes JMP 0048B8A0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)
    .text H:\Program Files\Steam\GameOverlayUI.exe[3940] USER32.dll!SwitchToThisWindow 7E3D581C 5 Bytes JMP 004A6EE0 H:\Program Files\Steam\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6234B8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkj.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkj.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A34A2D8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!swprintf] 001CB286
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!sprintf] 968D5140
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartTimer] 00002230
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeSetTimer] F6317300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_allmul] 74070647
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_aulldiv] 03087408
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!strstr] 72F93B3F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!memmove] 18C48300
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfRaiseIrql] 00001CA9
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\aubnbxoq.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
    IAT H:\Program Files\DAP\DAP.EXE[1864] @ H:\WINDOWS\system32\msvcrt.dll
    a c 267 8 Sécurité
    1 Septembre 2009 13:36:08

    20dollars2surf et KyuubiBarre, ça te dit quelque chose ?

  • Fais un scan en ligne avec Kaspersky Online Scanner et poste le rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS