Aller au contenu

manu06

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par manu06

  1. manu06
    System information for \\XPSP2-5C6F3D5C9: Uptime: Error reading uptime Kernel version: Microsoft Windows XP, Uniprocessor Free Product type: Professional Product version: 5.1 Service pack: 2 Kernel build number: 2600 Registered organization: XPSP2 Registered owner: Admin Install date: 07/07/2008, 18:05:32 Activation status: Error reading status IE version: 8.0000 System root: C:\WINDOWS Processors: 1 Processor speed: 1.2 GHz Processor type: AMD Athlon Physical memory: 512 MB Video driver: RADEON 9250 - Secondary Volume Type Format Label Size Free Free A: Removable 0.0% C: Fixed NTFS 76.32 GB 50.02 GB 65.5% D: CD-ROM 0.0% E: CD-ROM 0.0% F: CD-ROM 0.0% C:\WINDOWS\prefetch\layout.ini -->01/06/2009 20:29:25 C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->01/06/2009 19:44:01 C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -->19/03/2009 16:32:48 C:\WINDOWS\System32\drivers\fssfltr_tdi.sys -->08/12/2008 18:01:56 C:\WINDOWS\System32\drivers\pcouffin.sys -->09/07/2008 15:00:32 C:\WINDOWS\System32\drivers\cmudax3.sys -->03/03/2008 18:25:22 C:\WINDOWS\System32\drivers\epfwtdir.sys -->30/01/2008 12:38:08 C:\WINDOWS\System32\drivers\easdrv.sys -->30/01/2008 12:35:56 C:\WINDOWS\System32\drivers\eamon.sys -->30/01/2008 12:35:30 C:\WINDOWS\System32\wpa.dbl -->31/05/2009 19:42:47 C:\WINDOWS\System32\perfh00C.dat -->29/03/2009 09:04:30 C:\WINDOWS\System32\perfh009.dat -->29/03/2009 09:04:30 C:\WINDOWS\System32\perfc00C.dat -->29/03/2009 09:04:30 C:\WINDOWS\System32\perfc009.dat -->29/03/2009 09:04:30 C:\WINDOWS\System32\PerfStringBackup.INI -->29/03/2009 09:04:29 C:\WINDOWS\System32\ieframe.dll.mui -->08/03/2009 14:18:02 C:\WINDOWS\System32\msrating.dll.mui -->08/03/2009 14:17:46 C:\WINDOWS\System32\mshta.exe.mui -->08/03/2009 14:17:30 C:\WINDOWS\System32\ie4uinit.exe.mui -->08/03/2009 14:16:06 C:\WINDOWS\System32\advpack.dll.mui -->08/03/2009 14:16:06 C:\WINDOWS\System32\iedkcs32.dll.mui -->08/03/2009 14:15:48 C:\WINDOWS\System32\iedkcs32.dll -->08/03/2009 14:09:26 C:\WINDOWS\System32\mshtml.dll -->08/03/2009 04:41:16 C:\WINDOWS\System32\ieframe.dll -->08/03/2009 04:39:48 C:\WINDOWS\System32\html.iec -->08/03/2009 04:35:10 C:\WINDOWS\System32\wininet.dll -->08/03/2009 04:34:58 C:\WINDOWS\System32\urlmon.dll -->08/03/2009 04:34:56 C:\WINDOWS\System32\inetcpl.cpl -->08/03/2009 04:34:52 C:\WINDOWS\System32\WinFXDocObj.exe -->08/03/2009 04:34:48 C:\WINDOWS\System32\webcheck.dll -->08/03/2009 04:34:48 C:\WINDOWS\System32\licmgr10.dll -->08/03/2009 04:34:30 C:\WINDOWS\System32\url.dll -->08/03/2009 04:34:28 C:\WINDOWS\System32\occache.dll -->08/03/2009 04:34:18 C:\WINDOWS\System32\msrating.dll -->08/03/2009 04:34:18 C:\WINDOWS\0.log -->01/06/2009 19:42:35 C:\WINDOWS\wiadebug.log -->01/06/2009 19:42:30 C:\WINDOWS\WindowsUpdate.log -->01/06/2009 19:42:26 C:\WINDOWS\wiaservc.log -->01/06/2009 19:42:23 C:\WINDOWS\bootstat.dat -->01/06/2009 19:41:58 C:\WINDOWS\SchedLgU.Txt -->31/05/2009 20:46:41 C:\WINDOWS\win.ini -->28/05/2009 09:02:39 C:\WINDOWS\system.ini -->28/05/2009 09:02:39 C:\WINDOWS\IE4 Error Log.txt -->27/05/2009 11:11:23 C:\WINDOWS\wmsetup.log -->07/05/2009 17:34:33 C:\WINDOWS\Thumbs.db -->02/05/2009 18:11:21 C:\WINDOWS\setupapi.log -->21/04/2009 15:31:46 C:\WINDOWS\setupact.log -->21/04/2009 15:31:44 C:\WINDOWS\king-uninstall.exe -->16/04/2009 15:06:43 C:\WINDOWS\spupdsvc.log -->09/04/2009 21:49:53 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\WINDOWS 09/04/2009 21:47 <REP> $hf_mig$ 11/07/2008 22:43 <REP> $NtUninstallKB909394$ 09/07/2008 14:56 <REP> $NtUninstallKB926239$ 09/07/2008 14:56 <REP> $NtUninstallMSCompPackV1$ 06/09/2008 18:05 <REP> $NtUninstallQ828026$ 11/10/2008 21:52 <REP> $NtUninstallWIC$ 09/07/2008 14:55 <REP> $NtUninstallWMFDist11$ 09/07/2008 14:55 <REP> $NtUninstallWudf01000$ 09/04/2009 21:45 <REP> ie8 26/04/2009 16:41 <REP> inf 26/04/2009 16:41 <REP> Installer 09/04/2009 21:47 <REP> msdownld.tmp 02/05/2009 18:11 7 168 Thumbs.db 02/10/2001 18:17 49 102 winnt.bmp 02/10/2001 18:17 49 102 winnt256.bmp 4 fichier(s) 106 121 octets 12 Rép(s) 53 703 954 432 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\WINDOWS\system32 09/04/2009 21:47 <REP> dllcache 7 fichier(s) 4 721 octets 1 Rép(s) 53 703 950 336 octets libres winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Unsigned tcpip.sys Verified: Unsigned ndis.sys Verified: Signed null.sys Verified: Signed userinit.exe kernel32.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1712 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x63000000 0xe6000 8.00.6001.18702 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x1a400000 0x132000 8.00.6001.18702 C:\WINDOWS\system32\urlmon.dll 0x5dca0000 0x1e8000 8.00.6001.18702 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2649 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x661c0000 0x21d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL 0x68ef0000 0xf1000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.DLL 0x78130000 0x9b000 8.00.50727.1801 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll 0x68ff0000 0x7000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GrooveNew.DLL 0x7c630000 0x1b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL 0x65e30000 0x37000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL 0x748f0000 0x130000 8.50.2162.0000 C:\WINDOWS\system32\msxml3.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01cf0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x02080000 0xa91000 8.00.6001.18702 C:\WINDOWS\system32\ieframe.dll 0x02c70000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll 0x746e0000 0x8f000 6.00.2800.1599 C:\WINDOWS\system32\MLANG.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x7000 1.00.0004.0730 C:\Program Files\Orange HSS\Launcher\Inactivity.Dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x66b40000 0x17d000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\GR326C~1.DLL 0x03870000 0x5b000 9.01.0000.0163 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x03260000 0x4c000 9.01.0000.0163 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x038d0000 0x1a5000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\1036\GrooveIntlResource.dll 0x03100000 0x2d000 C:\Program Files\WinRAR\rarext.dll 0x22000000 0x2e000 3.00.0630.0000 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll 0x03e80000 0x9e000 4.00.0004.0112 C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL 0x4b4f0000 0x86000 5.41.0015.1509 C:\WINDOWS\system32\MSFTEDIT.DLL 0x00a70000 0xf000 1.01.0000.0001 C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL 0x00ff0000 0xc000 3.00.0000.0001 C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll 0x785e0000 0x11d000 9.00.21022.0008 C:\Program Files\EoRezo\EoAdv\mfc90.dll 0x78520000 0xa3000 9.00.21022.0008 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCR90.dll 0x78e20000 0x2a000 9.00.21022.0008 C:\Program Files\EoRezo\EoAdv\ATL90.DLL 0x6bd10000 0x10000 12.00.4518.1014 C:\PROGRA~1\MICROS~2\Office12\msohevi.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1040 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2649 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x17000 6.14.0010.4105 C:\WINDOWS\system32\Ati2evxx.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\WINDOWS\Downloaded Program Files 17/04/2009 11:29 <REP> . 17/04/2009 11:29 <REP> .. 07/07/2008 18:01 65 desktop.ini 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 20/06/2006 15:44 117 560 PURen-us.dll 09/01/2007 08:30 110 592 PURfr-fr.dll 5 fichier(s) 608 314 octets Total des fichiers listés : 5 fichier(s) 608 314 octets 2 Rép(s) 53 703 684 096 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\Program Files\\VideoLink Pro\\Engine.exe"="C:\\Program Files\\VideoLink Pro\\Engine.exe:*:Enabled:VideoLink Engine" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-01 23:00:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] "khjeh"=hex:20,02,00,00,7e,c8,3a,97,a7,04,d1,b5,9a,e9,4d,c0,10,d1,6c,17,da,.. "hj34z0"=hex:8c,5e,13,bc,25,b5,5b,b4,45,8d,7b,63,4a,ef,dc,c3,6a,ed,85,fe,1a,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 192 - spoolsv.exe 288 - AppleMobileDevi 320 - ctfmon.exe 332 - mDNSResponder.e 368 - wcescomm.exe 376 - ekrn.exe 460 - alg.exe 524 - AlertModule.exe 544 - GoogleToolbarNo 564 - iooeu.exe 576 - fsssvc.exe 620 - rapimgr.exe 636 - FTRTSVC.exe 696 - HPZipm12.exe 708 - SeaPort.exe 752 - svchost.exe 1016 - csrss.exe 1040 - winlogon.exe 1088 - services.exe 1100 - lsass.exe 1300 - svchost.exe 1352 - svchost.exe 1544 - svchost.exe 1600 - svchost.exe 1628 - wlcomm.exe 1640 - ati2evxx.exe 1712 - explorer.exe 1812 - SystrayApp.exe 1840 - Launcher.exe 1904 - fsui.exe 1956 - msnmsgr.exe 2268 - Deskboard.exe 2276 - ConnectivityMan 2312 - CoreCom.exe 2508 - firefox.exe 2616 - OraConfigRecove 2624 - FTCOMModule.exe 2820 - wmiprvse.exe 3720 - cmd.exe Total number of processes = 40 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F899F000 - \WINDOWS\system32\KDCOM.DLL F88AF000 - \WINDOWS\system32\BOOTVID.dll F8458000 - d347bus.sys F8429000 - ACPI.sys F89A1000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F8418000 - pci.sys F849F000 - isapnp.sys F84AF000 - ohci1394.sys F84BF000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F8A67000 - pciide.sys F871F000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F84CF000 - MountMgr.sys F83F9000 - ftdisk.sys F89A3000 - dmload.sys F83D3000 - dmio.sys F8727000 - PartMgr.sys F84DF000 - VolSnap.sys F83BB000 - F8394000 - fasttx2k.sys F837C000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F89A5000 - d347prt.sys F8355000 - aftx2k.sys F84EF000 - disk.sys F84FF000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8336000 - fltMgr.sys F8324000 - sr.sys F850F000 - PxHelp20.sys F830D000 - KSecDD.sys F8280000 - Ntfs.sys F8253000 - NDIS.sys F872F000 - nv_agp.sys F8238000 - Mup.sys F854F000 - \SystemRoot\system32\DRIVERS\amdk7.sys F8767000 - \SystemRoot\system32\DRIVERS\usbohci.sys F786F000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F876F000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7858000 - \SystemRoot\system32\DRIVERS\NVENET.sys F855F000 - \SystemRoot\system32\drivers\nvax.sys F856F000 - \SystemRoot\system32\DRIVERS\R8139n51.SYS F7700000 - \SystemRoot\system32\drivers\cmudax3.sys F76DC000 - \SystemRoot\system32\drivers\portcls.sys F857F000 - \SystemRoot\system32\drivers\drmk.sys F76B9000 - \SystemRoot\system32\drivers\ks.sys F858F000 - \SystemRoot\system32\DRIVERS\imapi.sys F859F000 - \SystemRoot\system32\DRIVERS\cdrom.sys F85AF000 - \SystemRoot\system32\DRIVERS\redbook.sys F85BF000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F85CF000 - \SystemRoot\system32\DRIVERS\nic1394.sys F75DE000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F75CA000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F87BF000 - \SystemRoot\system32\DRIVERS\fdc.sys F75B9000 - \SystemRoot\system32\DRIVERS\serial.sys F895B000 - \SystemRoot\system32\DRIVERS\serenum.sys F75A5000 - \SystemRoot\system32\DRIVERS\parport.sys F8B1B000 - \SystemRoot\system32\DRIVERS\audstub.sys F85DF000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8963000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F74EE000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F85EF000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F85FF000 - \SystemRoot\system32\DRIVERS\raspptp.sys F87DF000 - \SystemRoot\system32\DRIVERS\TDI.SYS F74DD000 - \SystemRoot\system32\DRIVERS\psched.sys F860F000 - \SystemRoot\system32\DRIVERS\msgpc.sys F87EF000 - \SystemRoot\system32\DRIVERS\ptilink.sys F87FF000 - \SystemRoot\system32\DRIVERS\raspti.sys F861F000 - \SystemRoot\system32\DRIVERS\odysseyIM3.sys F862F000 - \SystemRoot\System32\Drivers\pcouffin.sys F7484000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F863F000 - \SystemRoot\system32\DRIVERS\termdd.sys F8817000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F8827000 - \SystemRoot\system32\DRIVERS\mouclass.sys F89AB000 - \SystemRoot\system32\DRIVERS\swenum.sys F7450000 - \SystemRoot\system32\DRIVERS\update.sys F898F000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F864F000 - \SystemRoot\system32\DRIVERS\usbhub.sys F89AF000 - \SystemRoot\system32\DRIVERS\USBD.SYS F865F000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7395000 - \SystemRoot\system32\drivers\nvapu.sys F72B0000 - \SystemRoot\system32\drivers\nvmcp.sys F729F000 - \SystemRoot\system32\drivers\nvarm.sys F8877000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F89BD000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8B76000 - \SystemRoot\System32\Drivers\Null.SYS F89C1000 - \SystemRoot\System32\Drivers\Beep.SYS F889F000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F88A7000 - \SystemRoot\System32\drivers\vga.sys F89C5000 - \SystemRoot\System32\Drivers\mnmdd.SYS F89C9000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8777000 - \SystemRoot\System32\Drivers\Msfs.SYS F8787000 - \SystemRoot\System32\Drivers\Npfs.SYS F896B000 - \SystemRoot\system32\DRIVERS\rasacd.sys B6F69000 - \SystemRoot\system32\DRIVERS\ipsec.sys B6F11000 - \SystemRoot\system32\DRIVERS\tcpip.sys B6EE9000 - \SystemRoot\system32\DRIVERS\netbt.sys B6EC8000 - \SystemRoot\system32\DRIVERS\ipnat.sys F86BF000 - \SystemRoot\system32\DRIVERS\epfwtdir.sys F86CF000 - \SystemRoot\system32\DRIVERS\wanarp.sys B6EA6000 - \SystemRoot\System32\drivers\afd.sys F86DF000 - \SystemRoot\system32\DRIVERS\arp1394.sys F86EF000 - \SystemRoot\system32\DRIVERS\netbios.sys B6E7B000 - \SystemRoot\system32\DRIVERS\rdbss.sys B6E0C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F86FF000 - \SystemRoot\System32\Drivers\Fips.SYS F870F000 - \SystemRoot\system32\DRIVERS\easdrv.sys F87AF000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F898B000 - \SystemRoot\system32\DRIVERS\hidusb.sys F7585000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F744C000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F7448000 - \SystemRoot\system32\DRIVERS\mouhid.sys F7575000 - \SystemRoot\System32\Drivers\Cdfs.SYS B6D2C000 - \SystemRoot\System32\Drivers\dump_atapi.sys F89CF000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F742C000 - \SystemRoot\System32\drivers\Dxapi.sys F87D7000 - \SystemRoot\System32\watchdog.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F8A99000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D3000 - \SystemRoot\System32\ati2dvag.dll BFA0B000 - \SystemRoot\System32\ati2cqag.dll BFA45000 - \SystemRoot\System32\ati3duag.dll BFC68000 - \SystemRoot\System32\ativvaxx.dll B6D74000 - \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys B6BC8000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F8A09000 - \SystemRoot\System32\Drivers\ParVdm.SYS B691F000 - \SystemRoot\system32\DRIVERS\eamon.sys B66ED000 - \SystemRoot\system32\DRIVERS\srv.sys B66B0000 - \SystemRoot\system32\drivers\wdmaud.sys B6897000 - \SystemRoot\system32\drivers\sysaudio.sys F87F7000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS B5724000 - \SystemRoot\System32\Drivers\Fastfat.SYS F8A4B000 - \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys F8B22000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 134 Liste des programmes installes Acoustica Mixcraft 4.2 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 9.1 - Français Adobe Shockwave Player AiO_Scan_CDA AiOSoftwareNPI Apple Mobile Device Support Apple Software Update Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver ATI HydraVision Audacity 1.2.6 Bonjour BufferChm C-Media PCI Audio C4100 c4100_Help Choice Guard CleanUp! ConvertXtoDVD 3.1.3.40c Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] Correctif Windows XP - KB885836 CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig CueTour CustomerResearchQFolder D-Link AirPlus G+ Wireless Adapter Utility DAEMON Tools Destinations DeviceManagementQFolder DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder doPDF 6.1 printer eoEngine 9.1 ESET NOD32 Antivirus eSupportQFolder Favorit Fax_CDA Firebird SQL Server - MAGIX Edition FullDPAppQFolder Google Toolbar for Internet Explorer Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB926239) HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InstantShareDevices InstantShareDevicesMFC iTunes Junk Mail filter update K-Lite Codec Pack 2.80 Full king.com (remove only) livebox Ma-Config.com MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (French) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mise à jour pour Windows Internet Explorer 8 (KB968220) Mise à jour pour Windows XP (KB898461) Mozilla Firefox (2.0.0.20) MSVCRT MSXML 4.0 SP2 Parser and SDK Navigateur Orange NewCopy_CDA NVIDIA Drivers NvMixer OCR Software by I.R.I.S 7.0 OLYMPUS Master 2 OLYMPUS muvee theaterPack Orange - Logiciels Internet Pando Pando Toolbar PanoStandAlone PCI Audio Driver Philips ToUcam Pro Camera PhotoGallery ProductContextNPI Qui Veut Gagner Des Millions QuickTime RandMap Readme Safari Scan ScannerCopy Segoe UI SkinsHP1 Skype™ 4.0 SlideShow SmartShopper SoftwareUpdate 1.0 SolutionCenter Sonic_PrimoSDK SpywareBlaster v3.5.1 Status Text-To-Speech-Runtime Toolbox TrayApp Unload VideoLAN VLC media player 0.8.6 VideoLink Pro VSO CopyToDVD 4 WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Format 11 runtime Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\Program Files 26/04/2009 16:40 <REP> . 26/04/2009 16:40 <REP> .. 30/03/2009 22:38 <REP> Adobe 09/03/2009 16:14 <REP> Apple Software Update 09/07/2008 14:41 <REP> ATI Technologies 06/02/2009 00:00 <REP> Audacity 08/03/2009 11:35 <REP> Bonjour 09/07/2008 16:22 <REP> C-Media PCI Audio 07/07/2008 17:59 <REP> ComPlus Applications 09/07/2008 14:34 <REP> D-Link 09/07/2008 15:05 <REP> D-Tools 31/12/2008 00:14 <REP> Eidos Interactive 24/04/2009 12:00 <REP> eMule 20/04/2009 19:48 <REP> EoRezo 09/07/2008 14:52 <REP> ESET 17/02/2009 18:36 <REP> Fichiers communs 21/02/2009 00:01 <REP> Google 22/11/2008 13:42 <REP> Hewlett-Packard 22/11/2008 13:49 <REP> HP 09/04/2009 21:49 <REP> Internet Explorer 26/04/2009 16:40 <REP> iPod 26/04/2009 16:41 <REP> iTunes 09/07/2008 14:54 <REP> K-Lite Codec Pack 09/07/2008 15:58 <REP> ma-config.com 09/01/2009 10:12 <REP> Microsoft 11/07/2008 22:43 <REP> Microsoft ActiveSync 07/07/2008 18:04 <REP> microsoft frontpage 09/07/2008 15:13 <REP> Microsoft Office 09/01/2009 10:12 <REP> Microsoft Office Outlook Connector 09/01/2009 10:12 <REP> Microsoft Silverlight 11/10/2008 21:53 <REP> Microsoft SQL Server Compact Edition 09/01/2009 10:11 <REP> Microsoft Sync Framework 09/07/2008 15:13 <REP> Microsoft Visual Studio 09/07/2008 15:13 <REP> Microsoft Works 09/07/2008 15:12 <REP> Microsoft.NET 07/07/2008 18:00 <REP> Movie Maker 01/06/2009 22:37 <REP> Mozilla Firefox 09/07/2008 15:13 <REP> MSBuild 07/07/2008 17:58 <REP> MSN Gaming Zone 04/10/2008 16:45 <REP> MSXML 4.0 07/07/2008 18:00 <REP> NetMeeting 17/02/2009 20:49 <REP> NOS 04/10/2008 16:46 <REP> OLYMPUS 11/07/2008 22:26 <REP> Orange HSS 07/07/2008 18:04 <REP> Outlook Express 19/09/2008 18:19 <REP> Pando Networks 19/09/2008 18:19 <REP> PandoBar 11/07/2008 22:34 <REP> Philips ToUcam Camera 23/03/2009 10:53 <REP> QuickTime 09/07/2008 15:46 <REP> RegCleaner 08/03/2009 11:46 <REP> Safari 11/07/2008 22:22 <REP> SAGEM 11/07/2008 22:21 <REP> Securitoo 07/07/2008 18:01 <REP> Services en ligne 19/09/2008 18:19 <REP> SmartShopper 24/11/2008 21:12 <REP> Softland 09/07/2008 15:54 <REP> SpywareBlaster 09/07/2008 14:53 <REP> VideoLAN 23/03/2009 10:52 <REP> VideoLink Pro 29/10/2008 21:53 <REP> VSO 21/02/2009 11:28 <REP> Windows Live 09/01/2009 10:08 <REP> Windows Live SkyDrive 09/07/2008 14:55 <REP> Windows Media Player 07/07/2008 17:58 <REP> Windows NT 09/07/2008 15:04 <REP> WinRAR 13/03/2009 15:22 <REP> xerox 0 fichier(s) 0 octets 66 Rép(s) 53 703 258 112 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\Program Files\fichiers communs 17/02/2009 18:36 <REP> . 17/02/2009 18:36 <REP> .. 30/03/2009 22:38 <REP> Adobe 26/07/2008 10:31 <REP> Apple 09/07/2008 15:13 <REP> DESIGNER 11/07/2008 22:24 <REP> France Telecom 22/11/2008 13:41 <REP> Hewlett-Packard 22/11/2008 13:45 <REP> HP 09/07/2008 16:14 <REP> InstallShield 21/02/2009 11:24 <REP> Microsoft Shared 07/07/2008 18:00 <REP> MSSoap 04/10/2008 16:49 <REP> muvee Technologies 09/07/2008 16:15 <REP> NVIDIA Shared 07/07/2008 19:54 <REP> ODBC 07/07/2008 18:00 <REP> Services 11/07/2008 22:35 <REP> Smith Micro Shared 22/11/2008 13:46 <REP> Sonic Shared 07/07/2008 19:54 <REP> SpeechEngines 29/10/2008 21:53 <REP> Symantec Shared 09/01/2009 10:12 <REP> System 11/10/2008 21:46 <REP> Windows Live 0 fichier(s) 0 octets 21 Rép(s) 53 703 258 112 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 384F-4815 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 09/07/2008 15:09 <REP> . 09/07/2008 15:09 <REP> .. 09/07/2008 15:09 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 53 703 258 112 octets libres c:\Documents and Settings\Administrateur\Application Data\inst.exe c:\Documents and Settings\Administrateur\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe c:\Documents and Settings\Administrateur\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe c:\Documents and Settings\Administrateur\Application Data\EoRezo\SoftwareUpdate\unins000.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\kinginstaller.exe c:\Documents and Settings\Administrateur\Bureau\PandoSetup.exe c:\Documents and Settings\Administrateur\Bureau\wlsetup-all.exe c:\Documents and Settings\Administrateur\Bureau\wlsetup-web.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\mbr.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Psinfo.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\iooeu.exe c:\Documents and Settings\Administrateur\Mes documents\Firefox Setup 2.0.0.20.exe c:\Documents and Settings\Administrateur\Mes documents\installation_ie8msn-xp.exe c:\Documents and Settings\Administrateur\Mes documents\PandoSetup.exe c:\Documents and Settings\Administrateur\Mes documents\dossier divers\iTunesSetup.exe c:\Documents and Settings\Administrateur\Mes documents\dossier divers\WLinstaller.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe c:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\king.com\enginemm.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\king.com\enginemp.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\king.com\regality\dll\bass.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\Brands\FT01\en-US\wlmbrand.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll c:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
×
×
  • Créer...