Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

tout antivirus bloqués

chantounette

Par chantounette
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Aucune ligne rouge ?

 

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui.

 

 

Rendez vous à cette addresse:

 

Cliquez sur parcourir pour trouver ces fichiers en gras:

 

C:\Windows\System32\Drivers\ay8n0i2h.SYS

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

 

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

pear Devil Member !

pear

Posté(e)
Posté(e)

Ok.

 

Faites un point de restauration système,auparavant.

 

Nettoyage de Rootkit

Relancer Sysprot

 

Rechercher:

Hooked Module: \SystemRoot\System32\Drivers\ay8n0i2h.SYS

Pour tuer un processus(Onglet Processes) clic droit->puis clic sur Kill ou Disable(Kernel Modules), ou Fix Hook(SSDT) ou Delete(Files Système)

 

Attention Des drivers commeDump_atapi.sys,dump_wmilib.sys,dump_iaStor.sys sont légitimes.Ils sont en rouge parce que, absents du disque , ils apparaissent en mémoire

[/color]

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonjour chantounette et pear :P

 

Chantounette : attends un brin avant de relancer SysProt. Pas sûr que ces pilotes soient néfastes.

 

As-tu réussi à lancer une analyse avec Malwarebytes' ? Obtiens-tu des erreurs spécifiques avec les outils qui refusent de tourner ; si oui, lesquelles ?

 

@bientôt,

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

ne trouvant pas la ligne je viens de refaire un scan sysprot et la ligne n'apparait plus????

 

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

********************************************************************************

**********

********************************************************************************

**********

 

No Hidden Processes found

 

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: spab.sys

Service Name: ---

Module Base: F8553000

Module End: F8654000

Hidden: Yes

 

Module Name:

Service Name: ---

Module Base: F8476000

Module End: F848E000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\adj5s26u.SYS

Service Name: ---

Module Base: F7454000

Module End: F748C000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: EEA59000

Module End: EEA71000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F8C25000

Module End: F8C27000

Hidden: Yes

 

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwClose

Address: F84FA818

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwCreateFile

Address: EF1E0830

Driver Base: EF1CD000

Driver End: EF24C000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateKey

Address: F8CDEBEE

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreatePagingFile

Address: F84EEA20

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwCreateProcess

Address: EF1E0380

Driver Base: EF1CD000

Driver End: EF24C000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateProcessEx

Address: EF1E02B0

Driver Base: EF1CD000

Driver End: EF24C000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwCreateThread

Address: F8CDEBE4

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteKey

Address: F8CDEBF3

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteValueKey

Address: F8CDEBFD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwEnumerateKey

Address: F84EF2A8

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwEnumerateValueKey

Address: F84FA910

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwLoadKey

Address: F8CDEC02

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenFile

Address: F8514B40

Driver Base: F8513000

Driver End: F853B000

Driver Name: a347bus.sys

 

Function Name: ZwOpenKey

Address: F84FA794

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwOpenProcess

Address: F8CDEBD0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: F8CDEBD5

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwQueryKey

Address: F84EF2C8

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwQueryValueKey

Address: F84FA866

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwReplaceKey

Address: F8CDEC0C

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwRestoreKey

Address: F8CDEC07

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwResumeThread

Address: EF1E0630

Driver Base: EF1CD000

Driver End: EF24C000

Driver Name: \SystemRoot\system32\drivers\fwdrv.sys

 

Function Name: ZwSetSystemPowerState

Address: F84FA0B0

Driver Base: F84ED000

Driver End: F8513000

Driver Name: d347bus.sys

 

Function Name: ZwSetValueKey

Address: F8CDEBF8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateProcess

Address: F8CDEBDF

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

IRP Hooks:

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_READ

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 829E9560

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_READ

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_WRITE

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_EA

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_POWER

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module:

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 82943C70

Hooking Module: _unknown_

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLOSE

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_READ

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_WRITE

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_EA

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_POWER

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: \Driver\sptd

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F8554000

Hooking Module: spab.sys

 

Hooked Module: C:\WINDOWS\system32\drivers\fwdrv.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82994530

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82C051F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_READ

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82F5B1F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 824D11F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 824D11F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 824D11F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 824D11F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 824D11F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_READ

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 8286BF00

Hooking Module: _unknown_

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_CREATE

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_CLOSE

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_READ

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_WRITE

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SET_EA

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_POWER

Jump To: F855BE30

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F8570514

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \Driver\PCI_PNP5416

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F8597AEA

Hooking Module: spab.sys

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_READ

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_WRITE

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SET_EA

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: \SystemRoot\System32\Drivers\adj5s26u.SYS

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 829060C0

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 82BA81F8

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_READ

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_EA

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: 828A4820

Hooking Module: _unknown_

 

Hooked Module: C:\WINDOWS\system32\drivers\d347prt.sys

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: 828A4820

Hooking Module: _unknown_

 

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: CHANTAL:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: CHANTAL:1028

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: CHANTAL:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: CHANTAL:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: CHANTAL:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: CHANTAL:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:1046

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: CHANTAL:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: CHANTAL:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: CHANTAL:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: CHANTAL:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

 

Object: C:\System Volume Information\tracking.log

Status: Access denied

 

Object: C:\System Volume Information\_restore{A7F01669-E707-413E-85C9-6105E3B5172C}

Status: Access denied

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonsoir ;

 

Ça me semble normal, avec un pilote dont le nom est aléatoire et créé à chaque démarrage. Il s'agit probablement d'un Service légitime, lié à un programme de protection.

 

Je n'ai malheureusement pas le temps pour tout reviser - tout de suite. Je ne reviendrai dans plusieurs heures seulement, durant la nuit.

 

D'ici là, peux-tu me dire si Malwarebytes' Anti-Malware a réussi à tourner initialement ? Et as-tu noté des messages d'erreurs pour les outils qui ne tournaient pas ?

 

À bientôt,

 

Mark

chantounette Member

chantounette

Posté(e)
  • Auteur
Posté(e)

Pour te repondre Mark, je viens de refaire un scan malwarebytes dont voici le rapport :

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2682

Windows 5.1.2600 Service Pack 2

 

24/09/2009 18:51:33

mbam-log-2009-09-24 (18-51-33).txt

 

Type de recherche: Examen rapide

Eléments examinés: 110068

Temps écoulé: 6 minute(s), 6 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Pour les autres logiciels antivirus , l'ordi se bloque et donc je n'arrive jamais a avoir un scan en entier

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Merci pour le rapport, et les détails :P

 

Je te fais passer un outil diagnostique ; on verra ce qu'il nous trouve :

=========================

 

Télécharge random's system information tool (RSIT) par random/random d'ici et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches)

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...