Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

tout antivirus bloqués

chantounette

Par chantounette
dans Analyses et éradication malwares

 Partager

Messages recommandés

chantounette Member

chantounette

Posté(e)
Posté(e)

Bonjour,

Je vous demande de l'aide car je ne sais plus quoi faire. Je n'ai aucun antivirus qui marche ( ils se ferment tous avant la fin du scan) même ceux en ligne. J'ai essayé beaucoup de logiciel comme spybot, malwarebytes, ad aware mais pas de trace de virus pour ceux qui arrive a faire une analyse ou carrement je ne peux pas les faire idem pour findykill qui se ferme à 90% du scanne.J'ai même aujourd'hui des difficultés à demarer mon ordi qui apparement arrive à s'ouvrir que si je déconnecte ma prise ethernet et que je la connecte qu'après.J'ai reussi à faire un rapport hijackthis. Quelqu'un pourrait-il me venir en aide????

Merci

 

Voici le rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:03:18, on 22/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PCOptimizer\PCoptimizerService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\chantounette\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145428770828

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158594098843

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.jeuxvideopc.com/jeux-en-ligne/p...ader_v10_fr.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: PCO scheduler service - Unknown owner - C:\Program Files\PCOptimizer\PCoptimizerService.exe

O24 - Desktop Component 0: (no name) - http://idata.over-blog.com/0/08/04/72/fresque/requin.jpg

 

--

End of file - 10825 bytes

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Créez sur C:`\ un dossier nommé Gamer

Télécharger gmer

vers C:\gamer

Clic droit sur fichier téléchargé->Extraire ici

Déconnecter internet si possible et fermer tous les programmes.

Double-cliquez sur le fichier

 

Clic sur l'onglet "rootkit"

Ne scanner que la partition système pour gagner du temps.

Faites un clic droit dans la fenêtre vide et dans options cliquez"Only non Ms Files"

Clic sur Scan

A la fin du scan->

Les informations sur le scan s'affichent alors, les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

Copier/coller les lignes rouges dans un prochain message

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

bonjour Pear,

 

Je viens de faire ce que tu m'as décrit mais je n'ai aucune ligne rouge donc je ne sais pas si je ne me suis pas tromper, voila le rapport :

 

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-22 17:38:21

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\CHANTO~1\LOCALS~1\Temp\fwtdqpog.sys

 

 

---- Modules - GMER 1.0.15 ----

 

Module spbf.sys F8553000-F8654000 (1052672 bytes)

Module a347bus.sys (Plug and Play BIOS Extension/ ) F8513000-F853B000 (163840 bytes)

Module d347bus.sys (PnP BIOS Extension/ ) F84ED000-F8513000 (155648 bytes)

Module _________ F8476000-F848E000 (98304 bytes)

Module d347prt.sys (SCSI miniport/ ) F8B79000-F8B7B000 (8192 bytes)

Module a347scsi.sys (SCSI miniport/ ) F8B7B000-F8B7D000 (8192 bytes)

Module SISAGPX.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) F8905000-F890D000 (32768 bytes)

Module BTHidMgr.sys (Bluetooth HID Manager driver/IVT Corporation) F890D000-F8914000 (28672 bytes)

Module \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon Miniport Driver/ATI Technologies Inc.) F74C7000-F7554000 (577536 bytes)

Module \SystemRoot\system32\drivers\sis7012.sys (SiS 7012 Audio Device WDM Driver/Silicon Integrated Systems Corporation) F73C9000-F7490000 (815104 bytes)

Module \SystemRoot\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) F89F5000-F89FD000 (32768 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_BSC2.sys (NTRksample driver/Conexant) F7371000-F7382000 (69632 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_SOAR.SYS (Soar driver/Conexant) F75D4000-F75DF000 (45056 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_SAMP.sys (Rksample WDM driver/Conexant) F75C4000-F75D3000 (61440 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_MSFT.sys (WinACHSF driver/Conexant) F72EC000-F7371000 (544768 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_AMOS.SYS (AmosNT driver/Conexant) F72C7000-F72EC000 (151552 bytes)

Module \SystemRoot\System32\Drivers\ahjtkdo4.SYS F728F000-F72C7000 (229376 bytes)

Module \SystemRoot\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) F8304000-F8308000 (16384 bytes)

Module \SystemRoot\System32\Drivers\VcommMgr.sys (Bluetooth VcommMgr driver/IVT Corporation) F7584000-F758E000 (40960 bytes)

Module \SystemRoot\system32\DRIVERS\vbtenum.sys F82FC000-F8300000 (16384 bytes)

Module \SystemRoot\system32\DRIVERS\blueletaudio.sys (Bluelet Audio Driver/IVT Corporation) F8A7D000-F8A82000 (20480 bytes)

Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F8935000-F893A000 (20480 bytes)

Module \SystemRoot\system32\DRIVERS\btnetdrv.sys (Bluetooth PAN Network Adapter Driver/IVT Corporation) F7CB3000-F7CB6000 (12288 bytes)

Module \SystemRoot\system32\DRIVERS\VComm.sys (Bluetooth Serial Port Driver/IVT Corporation) F8945000-F894D000 (32768 bytes)

Module \SystemRoot\system32\drivers\fwdrv.sys EF008000-EF087000 (520192 bytes)

Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) F897D000-F8983000 (24576 bytes)

Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) EEDB4000-EEDD0000 (114688 bytes)

Module \??\C:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) F8BF9000-F8BFB000 (8192 bytes)

Module \SystemRoot\system32\drivers\LVUSBSta.sys (USB Statistic Driver/Logitech Inc.) F88D5000-F88DE000 (36864 bytes)

Module \SystemRoot\system32\DRIVERS\lvuvc.sys (Logitech USB Video Class Driver/Logitech Inc.) EE944000-EEDB4000 (4653056 bytes)

Module \SystemRoot\system32\DRIVERS\lvrs.sys (Logitech Kernel Audio Improvement Filter Driver/Logitech Inc.) EE8AC000-EE944000 (622592 bytes)

Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF9D5000-BFA18000 (274432 bytes)

Module \SystemRoot\System32\ati3d2ag.dll (ati3d2ag.dll/ATI Technologies Inc. ) BFA18000-BFB32000 (1155072 bytes)

Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)

Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) EE768000-EE77C000 (81920 bytes)

Module \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS EE538000-EE53B000 (12288 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_FALL.sys (Fallback driver/Conexant) EE3AD000-EE3F4000 (290816 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_FSKS.sys (FSKsNT driver/Conexant) EE390000-EE3AD000 (118784 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_K56K.sys (K56NT driver/Conexant) EE330000-EE390000 (393216 bytes)

Module \SystemRoot\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) EE6A0000-EE6AA000 (40960 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_FAXX.sys (FaxNT driver/Conexant) EE195000-EE1C6000 (200704 bytes)

Module \??\C:\WINDOWS\system32\drivers\tmcomm.sys (TrendMicro Common Module/Trend Micro Inc.) EE17D000-EE195000 (98304 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_TONE.sys (TonesNT driver/Conexant) EE44C000-EE459000 (53248 bytes)

Module \SystemRoot\System32\DRIVERS\HSF_V124.sys (V124NT driver/Conexant) EE105000-EE17D000 (491520 bytes)

Module \SystemRoot\system32\DRIVERS\LVPr2Mon.sys F8A0D000-F8A12000 (20480 bytes)

Module \??\C:\DOCUME~1\CHANTO~1\LOCALS~1\Temp\fwtdqpog.sys (GMER) ED39B000-ED3B0000 (86016 bytes)

 

---- Processes - GMER 1.0.15 ----

 

Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1084

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x009B0000

Library C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x03B60000

Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA (PDF Shell Extension/Adobe Systems, Inc.) 0x04580000

Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated) 0x10000000

Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x04380000

Library C:\Program Files\WinRAR\rarext.dll 0x029E0000

Library C:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH) 0x043E0000

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x02CE0000

Library C:\Program Files\ABBYY\FineReader 6.0\FECMenu.dll (Windows Explorer context menu handler/ABBYY (BIT Software)) 0x02E60000

 

Process C:\WINDOWS\system32\wuauclt.exe (Windows Update Automatic Updates/Microsoft Corporation) 1156

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x009E0000

 

Process C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) 1288

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x003C0000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll (Medusa Hardware Enumerator/Logitech Inc.) 0x10000000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll 0x00B40000

 

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1384

Library C:\WINDOWS\system32\EBPMON24.DLL (EPSON Bi-directional Monitor/SEIKO EPSON CORPORATION) 0x50400000

Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00970000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00980000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000

Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_DU18CE.DLL (E_DU18xE/SEIKO EPSON Corporation) 0x68F00000

Library C:\WINDOWS\system32\ECBTEG.DLL (ECBTEG/SEIKO EPSON CORPORATION) 0x10000000

Library C:\WINDOWS\system32\EBPCHP.DLL (EPSON Bidirectional Printer Driver/SEIKO EPSON CORPORATION) 0x00B80000

Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_DMAI16.DLL (E_DMAI16/SEIKO EPSON Corporation) 0x01850000

 

Process C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 1432

Library C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000

Library C:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000

Library C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x003D0000

Library C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00CB0000

 

Process C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 1532

Library C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000

Library C:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000

Library C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x008F0000

Library C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00900000

Library C:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00D80000

Library C:\Program Files\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH) 0x00DA0000

Library C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x011D0000

Library C:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01300000

Library C:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01340000

Library C:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01370000

Library C:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01400000

Library C:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01430000

Library C:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x014B0000

Library C:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x01530000

Library C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01590000

Library C:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015E0000

Library C:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x017D0000

Library C:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01820000

Library C:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01890000

Library C:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01910000

Library C:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01930000

 

Process C:\WINDOWS\system32\Ati2evxx.exe 1544

Library C:\WINDOWS\system32\Ati2evxx.exe 0x00400000

 

Process C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 1580

Library C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 0x00400000

 

Process C:\WINDOWS\System32\drivers\CDAC11BA.EXE (C-Dilla RTS Service/C-Dilla Ltd) 1608

Library C:\WINDOWS\System32\drivers\CDAC11BA.EXE (C-Dilla RTS Service/C-Dilla Ltd) 0x00400000

 

Process C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) 1688

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) 0x00400000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll (Medusa Hardware Enumerator/Logitech Inc.) 0x10000000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll 0x006A0000

 

Process C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 1720

Library C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 0x00400000

 

Process C:\Program Files\PCOptimizer\PCoptimizerService.exe 1780

Library C:\Program Files\PCOptimizer\PCoptimizerService.exe 0x00400000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1880

Library C:\WINDOWS\System32\escwiad.dll (EPSON WIA USD/SEIKO EPSON CORP.) 0x1C300000

 

Process C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 2192

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00A90000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\DevMngr.dll 0x10000000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll (Medusa Hardware Enumerator/Logitech Inc.) 0x01140000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll 0x00AD0000

Library C:\Program Files\Logitech\QuickCam\EFVal.dll 0x011F0000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LogiCordless.dll 0x01220000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LogiCordless4001.dll 0x01DA0000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll 0x01FD0000

 

Process C:\Program Files\Logitech\QuickCam\Quickcam.exe 2216

Library C:\Program Files\Logitech\QuickCam\Quickcam.exe 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00EB0000

Library C:\Program Files\Logitech\QuickCam\LAppRes.dll 0x10000000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\DevMngr.dll 0x00700000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll (Medusa Hardware Enumerator/Logitech Inc.) 0x01710000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll 0x017A0000

Library C:\Program Files\Logitech\QuickCam\EFVal.dll 0x01E70000

Library C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManagerPS.dll (COCI Manager Proxy Stub/Logitech Inc.) 0x01ED0000

 

Process C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2296

Library C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000

Library C:\Program Files\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x003E0000

Library c:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x004D0000

Library c:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00BE0000

Library c:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00BF0000

Library c:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00C50000

Library c:\program files\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00C60000

Library c:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00C90000

Library c:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00CE0000

Library c:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x00F10000

Library c:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x00F40000

Library c:\program files\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x00F50000

 

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 2368

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x009C0000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2532

Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x5A1F0000

 

Process C:\Program Files\Messenger\MSMSGS.EXE (Windows Messenger/Microsoft Corporation) 2544

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00AC0000

 

Process C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Desktop Messenger/Logitech Inc.) 2576

Library C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Desktop Messenger/Logitech Inc.) 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00360000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\backWeb.dll (BackWeb/BackWeb Technologies Inc.) 0x009F0000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwsec.dll (bwsec/BackWeb Technologies Inc.) 0x10000000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll 0x00330000

Library C:\PROGRA~1\Logitech\DESKTO~1\8876480\811~1.50-\program\EN\ClientRC.dll (BackWeb/BackWeb Technologies Inc.) 0x00DC0000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll (Logitech Desktop Messenger/Logitech Inc.) 0x010C0000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\BWfiles.dll (BackWebFiles Module/BackWeb Technologies Inc.) 0x010D0000

Library C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll (LDMClient Extention for UP synchronization/Logitech) 0x66000000

 

Process C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (GoogleToolbarNotifier/Google Inc.) 2592

Library C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (GoogleToolbarNotifier/Google Inc.) 0x00400000

Library C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\gtn.dll (GoogleToolbarNotifier/Google Inc.) 0x10000000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x003E0000

Library C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (GoogleToolbarNotifier/Google Inc.) 0x00C90000

 

Process C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe (Camera Control Interface/Logitech Inc.) 3048

Library C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe (Camera Control Interface/Logitech Inc.) 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00A00000

Library C:\Program Files\Fichiers communs\LogiShrd\LComMgr\DevMngr.dll 0x10000000

Library C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManagerPS.dll (COCI Manager Proxy Stub/Logitech Inc.) 0x00FD0000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll (Medusa Hardware Enumerator/Logitech Inc.) 0x01000000

Library C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll 0x01090000

Library C:\Program Files\Logitech\QuickCam\EFVal.dll 0x01520000

 

Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 3172

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00960000

 

Process C:\gamer\gmer.exe 4040

Library C:\gamer\gmer.exe 0x00400000

Library C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) 0x00800000

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\DRIVERS\a347bus.sys (Plug and Play BIOS Extension/ ) [bOOT] a347bus

Service C:\WINDOWS\System32\Drivers\a347scsi.sys (SCSI miniport/ ) [bOOT] a347scsi

Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService

Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService

Service aswTdi

Service [bOOT] atapi

Service C:\WINDOWS\system32\Ati2evxx.exe [AUTO] Ati HotKey Poller

Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart

Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag

Service Atierecord

Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio

Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt

Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [sYSTEM] avipbb

Service C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys (NTRksample driver/Conexant) [MANUAL] basic2

Service C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (Bluelet Audio Driver/IVT Corporation) [MANUAL] BlueletAudio

Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [AUTO] BlueSoleil Hid Service

Service C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (Bluetooth PAN Network Adapter Driver/IVT Corporation) [MANUAL] BT

Service C:\WINDOWS\System32\Drivers\btcusb.sys (Bluetooth USB Device Driver/IVT Corporation) [MANUAL] Btcsrusb

Service C:\WINDOWS\system32\DRIVERS\vbtenum.sys [MANUAL] BTHidEnum

Service C:\WINDOWS\System32\Drivers\BTHidMgr.sys (Bluetooth HID Manager driver/IVT Corporation) [bOOT] BTHidMgr

Service C:\WINDOWS\system32\drivers\BTNetFilter.sys [MANUAL] BTNetFilter

Service C:\WINDOWS\System32\drivers\CDAC11BA.EXE (C-Dilla RTS Service/C-Dilla Ltd) [AUTO] C-DillaCdaC11BA

Service C:\WINDOWS\System32\drivers\CDAC15BA.SYS [AUTO] CdaC15BA

Service C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) [MANUAL] cmuda

Service C:\WINDOWS\System32\DRIVERS\d347bus.sys (PnP BIOS Extension/ ) [bOOT] d347bus

Service C:\WINDOWS\System32\Drivers\d347prt.sys (SCSI miniport/ ) [bOOT] d347prt

Service C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys (Fallback driver/Conexant) [AUTO] Fallback

Service C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech USB Video Class Filter Driver/Logitech Inc.) [MANUAL] FilterService

Service C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys (FSKsNT driver/Conexant) [AUTO] Fsks

Service C:\WINDOWS\system32\drivers\fwdrv.sys [sYSTEM] fwdrv

Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc

Service C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (WinACHSF driver/Conexant) [MANUAL] hsf_msft

Service C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys (K56NT driver/Conexant) [AUTO] K56

Service khips

Service [AUTO] KPF4

Service C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) [MANUAL] L8042Kbd

Service LHidKe

Service C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Video COM Service/Logitech Inc.) [AUTO] LVCOMSer

Service C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [MANUAL] LVPr2Mon

Service C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) [AUTO] LVPrcSrv

Service C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Kernel Audio Improvement Filter Driver/Logitech Inc.) [MANUAL] LVRS

Service C:\WINDOWS\system32\drivers\LVUSBSta.sys (USB Statistic Driver/Logitech Inc.) [MANUAL] LVUSBSta

Service C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech USB Video Class Driver/Logitech Inc.) [MANUAL] LVUVC

Service C:\DOCUME~1\CHANTO~1\LOCALS~1\Temp\mbr.sys [MANUAL] mbr

Service MSDTC Bridge 3.0.0.0

Service Outlook

Service C:\Program Files\PCOptimizer\PCoptimizerService.exe [AUTO] PCO scheduler service

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys (Rksample WDM driver/Conexant) [MANUAL] Rksample

Service [MANUAL] SANDRA

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelService 3.0.0.0

Service C:\WINDOWS\system32\drivers\sis7012.sys (SiS 7012 Audio Device WDM Driver/Silicon Integrated Systems Corporation) [MANUAL] SiS7012

Service C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [bOOT] sisagp

Service C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC

Service SMSvcHost 3.0.0.0

Service C:\WINDOWS\system32\DRIVERS\pfc027.sys [MANUAL] SoC PC-Camera Service

Service C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys (FaxNT driver/Conexant) [AUTO] SoftFax

Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd

Service C:\WINDOWS\System32\Drivers\Capt905c.sys (Universal Serial Bus Camera Driver/Service & Quality Technology.) [MANUAL] SQTECH905C

Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip

Service C:\WINDOWS\system32\drivers\tmcomm.sys (TrendMicro Common Module/Trend Micro Inc.) [AUTO] tmcomm

Service C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys (TonesNT driver/Conexant) [AUTO] Tones

Service C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (TVicHW32 Driver for Windows NT/2000/XP/EnTech Taiwan) [MANUAL] TVICHW32

Service C:\WINDOWS\System32\DRIVERS\HSF_V124.sys (V124NT driver/Conexant) [AUTO] V124

Service C:\WINDOWS\system32\DRIVERS\VComm.sys (Bluetooth Serial Port Driver/IVT Corporation) [MANUAL] VComm

Service C:\WINDOWS\System32\Drivers\VcommMgr.sys (Bluetooth VcommMgr driver/IVT Corporation) [MANUAL] VcommMgr

Service Windows Workflow Foundation 3.0.0.0

Service Wmi

 

---- EOF - GMER 1.0.15 ----

pear Devil Member !

pear

Posté(e)
Posté(e)

Ok, Gmer ne voit pas de rootkits.

 

Voyons s'il y a quelque chose du côté des permissions:

 

1-Recherche Win32kDiag

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de cet outil

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Effacer le contenu du dossier Snapshots(le contenu de snapshots, pas le fichier snapshots) , sous XP :

C:\Documents and Settings\All Users\Application Data\Spybot - Search &Destroy\Snapshots

Et sous Vista :

Désactivez le contrôle des comptes utilisateurs (Vous le réactiverez par la suite):

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

- Démarrer puis panneau de configuration->"Comptes d'utilisateurs"

- Cliquer ensuite sur désactiver et valider.

C:\ProgramData\Spybot - Search & Destroy\Snapshots

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

Vers le bureau ,

Télécharger (Win32kDiag.exe)

Double-cliquez sur Win32kDiag.exe et patientez

Quand apparait "Finished! Press any key to exit...", appuyez sur une clé quelconque

Double-cliquez sur Win32kDiag.txt sur le bureau et postez en le contenu par copier/coller dans votre prochain message

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

Bonjour Pear

 

Je pense avaoir bien suivi la procedure mais voila ce que j'obtiens

 

 

Running from: C:\Documents and Settings\chantounette\Bureau\Win32kDiag.exe

 

Log file at : C:\Documents and Settings\chantounette\Bureau\Win32kDiag.txt

 

WARNING: Could not get backup privileges!

 

Searching 'C:\WINDOWS'...

 

 

 

 

 

Finished!

pear Devil Member !

pear

Posté(e)
Posté(e)

C'est normal comme résultat s'il n'y a rien à trouver.

 

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

Avant de l'installer,vous pourriez utilement lire ce

,Mode opératoire:

 

Télécharger combofix.exe de sUBs

 

Vous devriez avoir une fenêtre vous avertissant que vous téléchargez Combofix depuis un site non-autorisé.

N'en tenez pas compte

 

Lancez Combofix en double cliquant

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

Certaines infections comme braviax empêcheront son installation.

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mis

 

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoi il vous est vivement conseillé d' installer d'abord la Console de Récupération sur le pc .

 

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe

 

animation2ko5.gif

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

 

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB).

*Double cliquer sur combofix.exe ou votrenom .exe pour le lancer.

 

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

 

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:

Patientez au moins 30 minutes pendant l'analyse. Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

Gros probleme,

J'ai essayé de faire 2 fois le scan combofix en mode normal, après m'avoir créé la console de recuperation, le scan a commencé et tout s'est figé. Donc obliger d'éteindre ordi par derière. J'ai donc essayé en mode sans echec et la le scan a marché jusqu'au processus 50 et de nouveau tout s'est bloqué. Je n'ai donc aucun rapport.....

Que dois-je faire

merci

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Ca ne s'arrange pas !

 

Supprimez Combofix qui est sur votre bureau.

 

Recherche de Rootkit

Télécharger SysProtsur le bureau

Installez le et double cliquez sur "SysProt.exe"

Cliquez sur l'onglet "log" ;

Cochez toutes les cases présentes dans la fenêtre "Write to log" ;

Cochez Hidden Objects Only (au bas, à gauche)

Les "Objets cachés (Hidden)" sont en Rouge dans tous les modules

Cliquez sur Create log (au bas, à droite)

Une nouvelle fenêtre apparaîtra : cochez Scan root drive et cliquez sur Start ;

Un rapport sera sauvegardé dans le dossier SysProt.

Copiez/collez en le contenu dans votre réponse.

Modifié par pear
chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

et non, de plus en attendant j'ai vouku essayé mon antivirus avira qui a bien evidement bloqué et maintenant j'ai iexplorer qui bloque.

Je suis donc passé en mode sans echec avec prise en charge réseau pour faire sysprot et voila le resultat :

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

********************************************************************************

**********

********************************************************************************

**********

 

No Hidden Processes found

 

********************************************************************************

**********

********************************************************************************

**********

No Hidden Kernel Modules found

 

********************************************************************************

**********

********************************************************************************

**********

No SSDT Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

No IRP Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: CHANTAL:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: 4 (PID)

State: LISTENING

 

Local Address: CHANTAL:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: 876 (PID)

State: LISTENING

 

Local Address: CHANTAL:138

Remote Address: NA

Type: UDP

Process: 4 (PID)

State: NA

 

Local Address: CHANTAL:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: 4 (PID)

State: NA

 

Local Address: CHANTAL:1025

Remote Address: NA

Type: UDP

Process: 1984 (PID)

State: NA

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: 4 (PID)

State: NA

 

********************************************************************************

**********

********************************************************************************

**********

No hidden files/folders found

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

je ne comprend plus rien. Je viens de rallumer en mode normal et tout a marché et le rapport est tout à fait différent :

SysProt AntiRootkit v1.0.1.0

by swatkat

 

********************************************************************************

**********

********************************************************************************

**********

 

No Hidden Processes found

 

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: sple.sys

Service Name: ---

Module Base: F8553000

Module End: F8654000

Hidden: Yes

 

Module Name:

Service Name: ---

Module Base: F8476000

Module End: F848E000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Service Name: ---

Module Base: F7386000

Module End: F73BE000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: EE98B000

Module End: EE9A3000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F8BF1000

Module End: F8BF3000

Hidden: Yes

 

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwClose

Address: F84FA818

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwCreateFile

Address: EF112830

Driver Base: EF0FF000

Driver End: EF17E000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateKey

Address: F8CC2F9E

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreatePagingFile

Address: F84EEA20

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwCreateProcess

Address: EF112380

Driver Base: EF0FF000

Driver End: EF17E000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateProcessEx

Address: EF1122B0

Driver Base: EF0FF000

Driver End: EF17E000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateThread

Address: F8CC2F94

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteKey

Address: F8CC2FA3

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteValueKey

Address: F8CC2FAD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwEnumerateKey

Address: F84EF2A8

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwEnumerateValueKey

Address: F84FA910

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwLoadKey

Address: F8CC2FB2

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenFile

Address: F8514B40

Driver Base: F8513000

Driver End: F853B000

Driver Name: a347bus.sys

 

Function Name: ZwOpenKey

Address: F84FA794

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwOpenProcess

Address: F8CC2F80

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: F8CC2F85

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwQueryKey

Address: F84EF2C8

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwQueryValueKey

Address: F84FA866

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwReplaceKey

Address: F8CC2FBC

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwRestoreKey

Address: F8CC2FB7

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwResumeThread

Address: EF112630

Driver Base: EF0FF000

Driver End: EF17E000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwSetSystemPowerState

Address: F84FA0B0

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwSetValueKey

Address: F8CC2FA8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateProcess

Address: F8CC2F8F

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

IRP Hooks:

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_CREATE

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_CLOSE

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_READ

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_WRITE

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SET_EA

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_POWER

Jump To: F855BE30

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F8570514

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: \Driver\PCI_PNP0610

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F8597AEA

Hooking Module: sple.sys

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 82A30C98

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_READ

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_WRITE

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_EA

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_POWER

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 82921008

Hooking Module: _unknown_

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLOSE

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_READ

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_WRITE

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_EA

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_POWER

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F8554000

Hooking Module: sple.sys

 

Hooked Module: C:\WINDOWS\system32\drivers\fwdrv.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82A52FB0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82B491F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 824721F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 824721F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 824721F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 824721F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 824721F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 82BB5848

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_READ

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_WRITE

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SET_EA

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 82A015E8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82A7F1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_READ

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 829122A0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 829122A0

Hooking Module: _unknown_

 

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: CHANTAL:1077

Remote Address: WY-IN-F164.GOOGLE.COM:HTTP

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: CHANTAL:1075

Remote Address: EY-IN-F113.GOOGLE.COM:HTTP

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: CHANTAL:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: CHANTAL:1025

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: CHANTAL:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: CHANTAL:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: CHANTAL:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: CHANTAL:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:1068

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: CHANTAL:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:9370

Remote Address: NA

Type: UDP

Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

State: NA

 

Local Address: CHANTAL:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: CHANTAL:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\acrosdchevaux34@hotmail.fr\DFSR\Staging\CS{2212A2B8-8EC1-9F8A-A45A-40A239B4BEAD}\01\39-{2212A2B8-8EC1-9F8A-A45A-40A239B4BEAD

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\lilibeachnwn@hotmail.fr\DFSR\Staging\CS{7F18DB84-701A-8CF6-F1D3-3C2EB20691DF}\01\37-{7F18DB84-701A-8CF6-F1D3-3C2EB20691DF}-v

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\01\10-{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\26\11-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\27\12-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\28\13-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\29\14-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\30\15-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\31\16-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\32\17-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\33\18-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\34\19-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\35\20-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\36\36-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\37\37-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\38\38-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\bruce-leboss@hotmail.fr\SharingMetadata\runescapeboss@hotmail.fr\DFSR\Staging\CS{8CA85A88-3ED3-B4C4-F314-B4FC449DC3B6}\39\39-{1B923A35-049C-4D34-A7F0-4EBA3DFEE94E}-

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\chloez3@hotmail.fr\SharingMetadata\chiite-puce@hotmail.fr\DFSR\Staging\CS{BBD2C3A7-1032-7C41-5F4B-9530737CA192}\01\10-{BBD2C3A7-1032-7C41-5F4B-9530737CA192}-v1-{51E

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\misspopo-34@hotmail.fr\SharingMetadata\benburgur@hotmail.fr\DFSR\Staging\CS{D9D7D673-8EE4-2279-6FA5-0CE37233D65F}\01\10-{D9D7D673-8EE4-2279-6FA5-0CE37233D65F}-v1-{B

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Local Settings\Application Data\Microsoft\Messenger\zegrar4@hotmail.com\SharingMetadata\bruce-leboss@hotmail.fr\DFSR\Staging\CS{3AF043BE-51B6-ADDF-8361-8C7844CB7BF9}\01\10-{3AF043BE-51B6-ADDF-8361-8C7844CB7BF9}-v1-{E

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Mes documents\jeu\Adibou Education v3 - 4-7 Ans -Pil 6Cd Crackés 8 Jeux Jaquettes Cd & Dvd Appli Pour Graver & Mode D Emplois By Vin Ké :P Testé Ok Enjoy\3_Adibou.-.Education.-.Motamo-Pluzoumoin.-.Initiation Lecture

Status: Hidden

 

Object: C:\Documents and Settings\chantounette\Mes documents\jeu\Adibou Education v3 - 4-7 Ans -Pil 6Cd Crackés 8 Jeux Jaquettes Cd & Dvd Appli Pour Graver & Mode D Emplois By Vin Ké :P Testé Ok Enjoy\4_Adibou.-.Education.-.L'Île Volante.-.Sciences & Nature.-. 4

Status: Hidden

 

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

 

Object: C:\System Volume Information\tracking.log

Status: Access denied

 

Object: C:\System Volume Information\_restore{A7F01669-E707-413E-85C9-6105E3B5172C}

Status: Access denied

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...