Mon pc rame
Résolu
mister1616
Messages postés
299
Date d'inscription
Statut
Membre
Dernière intervention
-
mister1616 Messages postés 299 Date d'inscription Statut Membre Dernière intervention -
mister1616 Messages postés 299 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
depuis quelques jours mon pc rame un temps fou pour ouvrir google chrome et des fois il va vite.
D'avance merci de votre aide
depuis quelques jours mon pc rame un temps fou pour ouvrir google chrome et des fois il va vite.
D'avance merci de votre aide
A voir également:
- Mon pc rame
- Pc qui rame - Guide
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Plus de son sur mon pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
96 réponses
Oui c'est ma boite mail, justement je le soupçonne de ralentir mon pc surtout le matin quand je l'allume, ici je viens de poster via un autre pc car il bloque encore
Non tu ne l'as pas dit je sais mais comme il est désactivé :D
Ici j'avais éteind mon pc puis rallumer là incredimail s'allume de nouveau et un temps fou pour savoir aller dessus, ici je poste avec l'autre pc avec incredimail aussi et là pas de problème.
Ici j'avais éteind mon pc puis rallumer là incredimail s'allume de nouveau et un temps fou pour savoir aller dessus, ici je poste avec l'autre pc avec incredimail aussi et là pas de problème.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
▶ Télécharge : Gmer (by Przemyslaw Gmerek) clique sur "Download EXE" et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-09 15:31:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJB-00J3A0 rev.01.03E01
Running: xddlcp2d.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
SSDT 8CCC84CE ZwCreateSection
SSDT 8CCC84D8 ZwRequestWaitReplyPort
SSDT 8CCC84D3 ZwSetContextThread
SSDT 8CCC84DD ZwSetSecurityObject
SSDT 8CCC84E2 ZwSystemDebugControl
SSDT 8CCC846F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A523C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A92EAC 4 Bytes [CE, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A93208 4 Bytes [D8, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A9324C 4 Bytes [D3, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A932C8 4 Bytes [DD, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A9331C 4 Bytes [E2, 84, CC, 8C]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 64, 32, 00] {SUB [EDX+ESI+0x0], AH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 67, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 64, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 65, 32, 00] {TEST AL, 0x65; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 66, 32, 00] {TEST AL, 0x66; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 65, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 66, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 64, 32, 00] {TEST AL, 0x64; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 65, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 66, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 67, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1768] ntdll.dll!DbgUiRemoteBreakin 7729F17D 1 Byte [C3]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 50, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 53, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 50, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 51, 6A, 00] {TEST AL, 0x51; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 52, 6A, 00] {TEST AL, 0x52; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 51, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 52, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 50, 6A, 00] {TEST AL, 0x50; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 51, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 52, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 53, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 53, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 53, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 6C, 7A, 00] {SUB [EDX+EDI*2+0x0], CH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 6F, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 6C, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 6D, 7A, 00] {TEST AL, 0x6d; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 6E, 7A, 00] {TEST AL, 0x6e; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 6D, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 6E, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 6C, 7A, 00] {TEST AL, 0x6c; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 6D, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 6E, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 6F, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 74, 11, 00] {SUB [ECX+EDX+0x0], DH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 77, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 74, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 75, 11, 00] {TEST AL, 0x75; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 76, 11, 00] {TEST AL, 0x76; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 75, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 76, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 74, 11, 00] {TEST AL, 0x74; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 75, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 76, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 77, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, BB, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, BB, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 5B, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 5B, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A22QX9W4\www.coca-cola.be.\analytics.sol 475 bytes
File C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.coca-cola.be.\settings.sol 87 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2012-10-09 15:31:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJB-00J3A0 rev.01.03E01
Running: xddlcp2d.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
SSDT 8CCC84CE ZwCreateSection
SSDT 8CCC84D8 ZwRequestWaitReplyPort
SSDT 8CCC84D3 ZwSetContextThread
SSDT 8CCC84DD ZwSetSecurityObject
SSDT 8CCC84E2 ZwSystemDebugControl
SSDT 8CCC846F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A523C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A92EAC 4 Bytes [CE, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A93208 4 Bytes [D8, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A9324C 4 Bytes [D3, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A932C8 4 Bytes [DD, 84, CC, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A9331C 4 Bytes [E2, 84, CC, 8C]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 64, 32, 00] {SUB [EDX+ESI+0x0], AH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 67, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 64, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 65, 32, 00] {TEST AL, 0x65; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 66, 32, 00] {TEST AL, 0x66; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 65, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 66, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 64, 32, 00] {TEST AL, 0x64; XOR AL, [EAX]}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 65, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 66, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 67, 32, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1768] ntdll.dll!DbgUiRemoteBreakin 7729F17D 1 Byte [C3]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 50, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 53, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 50, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 51, 6A, 00] {TEST AL, 0x51; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 52, 6A, 00] {TEST AL, 0x52; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 51, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 52, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 50, 6A, 00] {TEST AL, 0x50; PUSH 0x0}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 51, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 52, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 53, 6A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 53, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 50, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 51, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 52, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 53, 6E, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2056] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 6C, 7A, 00] {SUB [EDX+EDI*2+0x0], CH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 6F, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 6C, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 6D, 7A, 00] {TEST AL, 0x6d; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 6E, 7A, 00] {TEST AL, 0x6e; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 6D, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 6E, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 6C, 7A, 00] {TEST AL, 0x6c; JP 0x4}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 6D, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 6E, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 6F, 7A, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 74, 11, 00] {SUB [ECX+EDX+0x0], DH}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 77, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 74, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 75, 11, 00] {TEST AL, 0x75; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 76, 11, 00] {TEST AL, 0x76; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 75, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 76, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 74, 11, 00] {TEST AL, 0x74; ADC [EAX], EAX}
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 75, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 76, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 77, 11, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, BB, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, B8, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, B9, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, BA, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, BB, 81, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + 6 772455CE 4 Bytes [28, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + B 772455D3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 77245C2E 4 Bytes [28, 5B, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + B 77245C33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + 6 77245CDE 4 Bytes [68, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + B 77245CE3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + 6 77245D8E 4 Bytes [A8, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + B 77245D93 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + B 77245DA3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 77245DAE 4 Bytes [A8, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 77245DB3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + 6 77245E0E 4 Bytes [68, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + B 77245E13 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + 6 77245E1E 4 Bytes [68, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + B 77245E23 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 77245E33 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 77245F3E 4 Bytes [A8, 58, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + B 77245F43 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 77245FF3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + 6 7724663E 4 Bytes [28, 59, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + B 77246643 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + 6 7724669E 4 Bytes [28, 5A, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + B 772466A3 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 772469BE 4 Bytes [68, 5B, 4B, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 772469C3 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A22QX9W4\www.coca-cola.be.\analytics.sol 475 bytes
File C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.coca-cola.be.\settings.sol 87 bytes
---- EOF - GMER 1.0.15 ----
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\Windows\System32\drivers\fvevol.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\Windows\System32\drivers\fvevol.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Bonjour,
je crois que c'est bon bin comme on dit touchons du bois, le pc allumé depuis ce matin et tout fonctionne.
je crois que c'est bon bin comme on dit touchons du bois, le pc allumé depuis ce matin et tout fonctionne.
Ai oubliai de le dire par contre j'ai tjs cette fenêtre à l'ouverture
http://tinypic.com/images/goodbye.jpg
http://tinypic.com/images/goodbye.jpg
Crier victoire trop vite ça recommence
ai même ça des fois avec google chrome
http://tinypic.com/images/goodbye.jpg
ai même ça des fois avec google chrome
http://tinypic.com/images/goodbye.jpg
OUI je le faisais quasi 2 heures pour tout faire
ComboFix 12-10-09.01 - user 10/10/2012 12:07:46.3.1 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.1471.701 [GMT 2:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\users\user\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-10 au 2012-10-10 ))))))))))))))))))))))))))))))))))))
.
.
8212-02-07 06:30 . 8212-02-07 06:30 -------- d-----w- c:\windows\msdownld.tmp
8212-02-07 06:17 . 2012-02-09 09:14 -------- d-----w- c:\programdata\AVAST Software
2012-10-10 10:18 . 2012-10-10 10:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-10 10:18 . 2012-10-10 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:23 . 2012-10-10 10:18 -------- d-----w- c:\users\user\AppData\Local\temp
2012-10-02 08:00 . 2012-06-27 08:37 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-10-02 08:00 . 2012-06-27 08:37 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-10-02 08:00 . 2012-06-27 08:37 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-10-02 08:00 . 2012-06-27 08:37 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-10-02 08:00 . 2012-06-27 08:37 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-10-02 08:00 . 2012-06-27 08:37 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-10-01 09:04 . 2012-10-06 17:08 -------- d-----w- C:\Pre_Scan
2012-09-26 04:40 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 15:00 . 2012-09-22 15:00 -------- d-----w- c:\programdata\CreativePark
2012-09-22 15:00 . 2012-09-30 12:06 -------- d-----w- C:\feuvert
2012-09-22 14:58 . 2012-10-01 09:47 -------- d-----w- c:\users\user\AppData\Roaming\ProtectDISC
2012-09-15 05:23 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-15 05:23 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-15 05:23 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-15 05:23 . 2012-09-29 06:12 -------- d-----w- c:\windows\system32\ARFC
2012-09-15 05:23 . 2012-09-13 13:26 1006448 ----a-w- C:\dmwu.exe
2012-09-15 05:23 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-15 05:23 . 2012-09-30 06:40 -------- d-----w- c:\windows\system32\WNLT
2012-09-12 04:36 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:36 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:36 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:36 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:36 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:36 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 07:58 . 2012-09-11 07:58 -------- d-----w- c:\windows\fr
2012-09-11 07:57 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-09-11 07:55 . 2012-09-11 07:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 05:43 . 2012-04-01 09:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 05:43 . 2011-05-21 05:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-11 07:51 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 15:04 . 2010-12-16 18:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 05:16 . 2012-09-01 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 05:16 . 2012-05-29 13:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 05:16 . 2010-05-18 04:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-14 06:23 . 2012-02-08 12:43 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-14 06:23 . 2012-02-08 12:43 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 17:47 . 2012-08-15 04:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 12:29 . 2012-09-30 12:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-15 366576]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-14 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-09 04:17 116648 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 ovt530;TM507A USB Camera;c:\windows\system32\Drivers\ov530vid.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 05:48]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 11:11]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 11:11]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3096423070-2644274965-933376917-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 04:17]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3096423070-2644274965-933376917-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 04:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bwguf087.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.be
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=NUYisZvANM&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=NUYisZvANM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a8e4232b00000000000000138f706392
FF - user.js: extensions.incredibar_i.instlDay - 15583
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - NUYisZvANM
FF - user.js: extensions.incredibar_i.upn2n - 675756632520886646
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-10-10 12:21:27
ComboFix-quarantined-files.txt 2012-10-10 10:21
ComboFix2.txt 2012-10-08 16:58
.
Avant-CF: 272.768.180.224 octets libres
Après-CF: 272.926.773.248 octets libres
.
- - End Of File - - 185BB1CAA73CC730099ADB8312028BF1
ComboFix 12-10-09.01 - user 10/10/2012 12:07:46.3.1 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.1471.701 [GMT 2:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\users\user\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-10 au 2012-10-10 ))))))))))))))))))))))))))))))))))))
.
.
8212-02-07 06:30 . 8212-02-07 06:30 -------- d-----w- c:\windows\msdownld.tmp
8212-02-07 06:17 . 2012-02-09 09:14 -------- d-----w- c:\programdata\AVAST Software
2012-10-10 10:18 . 2012-10-10 10:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-10 10:18 . 2012-10-10 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:23 . 2012-10-10 10:18 -------- d-----w- c:\users\user\AppData\Local\temp
2012-10-02 08:00 . 2012-06-27 08:37 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-10-02 08:00 . 2012-06-27 08:37 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-10-02 08:00 . 2012-06-27 08:37 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-10-02 08:00 . 2012-06-27 08:37 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-10-02 08:00 . 2012-06-27 08:37 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-10-02 08:00 . 2012-06-27 08:37 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-10-01 09:04 . 2012-10-06 17:08 -------- d-----w- C:\Pre_Scan
2012-09-26 04:40 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 15:00 . 2012-09-22 15:00 -------- d-----w- c:\programdata\CreativePark
2012-09-22 15:00 . 2012-09-30 12:06 -------- d-----w- C:\feuvert
2012-09-22 14:58 . 2012-10-01 09:47 -------- d-----w- c:\users\user\AppData\Roaming\ProtectDISC
2012-09-15 05:23 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-15 05:23 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-15 05:23 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-15 05:23 . 2012-09-29 06:12 -------- d-----w- c:\windows\system32\ARFC
2012-09-15 05:23 . 2012-09-13 13:26 1006448 ----a-w- C:\dmwu.exe
2012-09-15 05:23 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-15 05:23 . 2012-09-30 06:40 -------- d-----w- c:\windows\system32\WNLT
2012-09-12 04:36 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:36 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:36 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:36 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:36 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:36 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 07:58 . 2012-09-11 07:58 -------- d-----w- c:\windows\fr
2012-09-11 07:57 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-09-11 07:55 . 2012-09-11 07:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 05:43 . 2012-04-01 09:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 05:43 . 2011-05-21 05:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-11 07:51 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 15:04 . 2010-12-16 18:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 05:16 . 2012-09-01 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 05:16 . 2012-05-29 13:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 05:16 . 2010-05-18 04:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-14 06:23 . 2012-02-08 12:43 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-14 06:23 . 2012-02-08 12:43 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 17:47 . 2012-08-15 04:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 12:29 . 2012-09-30 12:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-15 366576]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-14 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-09 04:17 116648 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 ovt530;TM507A USB Camera;c:\windows\system32\Drivers\ov530vid.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 05:48]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 11:11]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 11:11]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3096423070-2644274965-933376917-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 04:17]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3096423070-2644274965-933376917-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 04:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bwguf087.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.be
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=NUYisZvANM&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=NUYisZvANM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a8e4232b00000000000000138f706392
FF - user.js: extensions.incredibar_i.instlDay - 15583
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - NUYisZvANM
FF - user.js: extensions.incredibar_i.upn2n - 675756632520886646
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-10-10 12:21:27
ComboFix-quarantined-files.txt 2012-10-10 10:21
ComboFix2.txt 2012-10-08 16:58
.
Avant-CF: 272.768.180.224 octets libres
Après-CF: 272.926.773.248 octets libres
.
- - End Of File - - 185BB1CAA73CC730099ADB8312028BF1
desinstalle PSI aussi