Infection d'un virus nommé TR/Dldr.Bagle.LI.2

Larekan -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bjour !

alors wala, j'ai formaté mon ordinateur il y a 5 jours, et je viens de me rendre compte qu'Antivir gueule régulièrement (ces derniers temps un peu plus souvent, d'habitude c'était une fois par jour) à propos d'un virus nommé TR/Dldr.Bagle.LI.2

Ayant fait une petite recherche sur ce Bagle, ça à l'air d'être de la balle, comme virus...

Heureusement, j'ai pas encore rangé les CDs d'installations, donc si il faut que je recommence encore tout, pas de probs xD

Quelqu'un peut-il m'aider ?

A + !
A voir également:

69 réponses

Précédent
Réponse 21 / 69
Larekan
 
ok, je fais ça tout de suite, mais il met du temps, ça va être long... ++ !
0
Réponse 22 / 69
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
patience ! ... ^^

0
Réponse 23 / 69
Utilisateur anonyme
 
Bonsoir ,

juste pour pas louper les rapports merci
0
Réponse 24 / 69
Larekan
 
ok, here we goooo !

Voilà le premier rapport : il s'agit de :

=========================

C:\WINDOWS\system32\winsys2.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.05 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.05 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 217088 bytes
MD5...: 431a18c5e9f8827193afcb74e3880888
SHA1..: c7cf0efdde387f2f9bf0b679efc3457fb2b4f007
SHA256: 7a7366b9b0f64c93537de2de560f342df61aa537d46905768f1e79d98881e4e3
SHA512: b9f4423e918ef7378e64e4f9927eaaa2d43a4736aec37dc5332a45b317b4fce3
83659f4533a2e4a72ed50da4375249eaa0ca948091b60bf51e059430bda8defb
ssdeep: 3072:TPG4/SZjbsmZS3yol+oJEntJxzUARPmFBCRgu7P3dGA5tPW0MEPgBTBX:bt
/0b1ZS3zl+ttJfFhdGAy0MEPA
PEiD..: -
TrID..: File type identification
InstallShield setup (42.6%)
Win32 Executable MS Visual C++ (generic) (37.3%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.5%)
Generic Win/DOS Executable (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40eee7
timedatestamp.....: 0x45820f7e (Fri Dec 15 02:59:10 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f6d6 0x20000 6.61 2597fdefa7ef0d72e6b9d042d179f807
.rdata 0x21000 0x7656 0x8000 4.79 899ec8e85f3cc8ad1813912de26c157a
.data 0x29000 0x5a74 0x2000 3.85 6d7f74470b50f6760435bdc1865de721
.rsrc 0x2f000 0x9290 0xa000 5.56 b596ffd3a165cb398764578107bedac4

( 8 imports )
> MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA
> KERNEL32.dll: SetErrorMode, HeapFree, HeapAlloc, VirtualAlloc, HeapReAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, RtlUnwind, ExitProcess, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, GetStdHandle, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, FreeResource, CloseHandle, WritePrivateProfileStringA, GlobalAddAtomA, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetVersion, CompareStringA, GetLastError, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, lstrlenA
> USER32.dll: LoadCursorA, GetSysColorBrush, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, UnhookWindowsHookEx, GetSysColor, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, EnableWindow, GetSystemMetrics, GetDlgItem, GetNextDlgTabItem, EndDialog, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, DestroyMenu, UnregisterClassA, PostMessageA, SendMessageA, GetClientRect, DrawIcon, LoadIconA, IsIconic, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, CheckMenuItem, EnableMenuItem, ModifyMenuA, GetParent, ValidateRect, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetClassInfoExA
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, RectVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, GetDeviceCaps, PtVisible, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, CreateBitmap, TextOutA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegSetValueExA
> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
> OLEAUT32.dll: -, -, -

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=431a18c5e9f8827193afcb74e3880888' target='_blank'>http://research.sunbelt-software.com/...
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=431a18c5e9f8827193afcb74e3880888' target='_blank'>https://www.symantec.com?md5=431a18c5e9f8827193afcb74e3880888</a>



============================

VOILA C:\WINDOWS\system32\rar.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 W32/Backdoor2.BRIO
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 W32/Backdoor2.BRIO
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 Win32.Malware.gen#UPX (suspicious)
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 37888 bytes
MD5...: 1d5a7020465c89a816a7510ed6db1c9c
SHA1..: f28a4c3dfa55548146a951cd9f7e7d15fd002a1b
SHA256: 792328c418e1d23b96457f5defe09db0113f53c2846ff96d2bc656cf6b8e659c
SHA512: 03d9b2a57e5645d27b0d5ac5a743d277c6766a8c4f9dd779efc9641951553ecd
863cdafa2a2c6c82169cc71f0f3e750afcd7c5aef82b9fd08af7dc7f5a7b6ca6
ssdeep: 768:z9M0P3Xjj857MkcPigCPapvzb157LNRoZvY19BYNh8xb:zTnjjQHgppbbTDo
ZvY1Jxb
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1016680
timedatestamp.....: 0x37ffab7b (Sat Oct 09 20:54:19 1999)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xe000 0x9000 0x8a00 7.88 1406c5e7787eb1172bab7c59ae7805c4
.rsrc 0x17000 0x1000 0x600 2.93 d8eda1e3c17b11e4e2c89647259cd435

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> MSVCRT.dll: time

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1d5a7020465c89a816a7510ed6db1c9c' target='_blank'>http://research.sunbelt-software.com/...
packers (Kaspersky): PE_Patch.UPX, UPX
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 69
Larekan
 
VOILA LE TROISIEME

C:\WINDOWS\system32\smdll.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 131072 bytes
MD5...: 26cd634e7829a73f7ff7b0ff34ce352b
SHA1..: c536e586e8e2651b3b2ea84f4b5bede479fa2be3
SHA256: 37f0efe8ede6952955a07289ddc873b163fc8e8775836b21ae615fa7a4ce8a1a
SHA512: e7b32356596f8d500f7a564ffec78c74d8c1e4fa7026ba5a5dfe9a616ae256fc
fea8171cd044d8885bfd3a446738796f16afbddeef07f210b3f7ab4d8a590e5a
ssdeep: 1536:XBCxcN7TJTMvLH5iWFFjUdaXgIibPCSlldUw1LH+LLUs708MC:R2STSHkWr
jUdQbAlmw1juLbp
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10003543
timedatestamp.....: 0x44b562d3 (Wed Jul 12 21:00:03 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10626 0x11000 6.49 993095d7dab4f1e7a3ab921d5d5ddd60
.rdata 0x12000 0x42c9 0x5000 4.34 b5fa3620e8adbc6b8aadb6542a0b657e
.data 0x17000 0x6dc0 0x4000 1.72 0b924cc329a81bda133210b2c801b8ca
.rsrc 0x1e000 0x1c78 0x2000 4.55 37835568075d4f69b0545cc864cbcf02
.reloc 0x20000 0x2c78 0x3000 3.94 2b64911fb8e05ccaf61adbfcdd8c0719

( 6 imports )
> KERNEL32.dll: RtlUnwind, GetCommandLineA, ExitProcess, TerminateProcess, RaiseException, HeapSize, HeapReAlloc, GetACP, GetStringTypeA, GetStringTypeW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetOEMCP, GetCPInfo, FlushFileBuffers, SetFilePointer, WriteFile, GetCurrentProcess, GetProcessVersion, LoadLibraryA, FreeLibrary, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, WritePrivateProfileStringA, GlobalFlags, GetModuleHandleA, GetProcAddress, GetVersion, lstrcpynA, lstrcpyA, lstrcatA, LocalFree, SetErrorMode, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, GlobalUnlock, GlobalFree, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, ReleaseSemaphore, CreateSemaphoreA, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, CreateEventA, WaitForSingleObject, MultiByteToWideChar, SetEvent, HeapAlloc, UnmapViewOfFile, CloseHandle, GetProcessHeap, HeapFree, GetVersionExA, CreateFileMappingA, GetLastError, MapViewOfFile, SetLastError, FreeEnvironmentStringsW
> USER32.dll: GetMenuItemID, GetSubMenu, GetMenu, RegisterClassA, GetClassInfoA, WinHelpA, GetCapture, GetTopWindow, CopyRect, GetClientRect, AdjustWindowRectEx, GetSysColor, MapWindowPoints, LoadIconA, LoadCursorA, GetSysColorBrush, DestroyMenu, DestroyWindow, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, RegisterWindowMessageA, SystemParametersInfoA, IsIconic, GetSystemMetrics, SetFocus, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgItem, GetMenuItemCount, wsprintfA, GetWindowTextA, SetWindowTextA, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, ReleaseDC, GetDC, ClientToScreen, LoadStringA, UnregisterClassA, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetWindowPlacement, DefWindowProcA, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, EnableWindow, SetCursor, SendMessageA, PostMessageA, PostQuitMessage
> GDI32.dll: DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetObjectA, GetClipBox, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, SetBkColor, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> ADVAPI32.dll: GetSecurityDescriptorGroup, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, IsValidSecurityDescriptor, GetSecurityDescriptorOwner, SetSecurityDescriptorOwner, FreeSid, SetSecurityDescriptorGroup, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, GetSecurityDescriptorDacl, AllocateAndInitializeSid, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl
> COMCTL32.dll: -

( 3 exports )
SMRead, SMRelease, SMWrite


============================

LE QUATRIEME

C:\WINDOWS\system32\MadCHook.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 MadCodeHook
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 128512 bytes
MD5...: 9408d61a78d7a46e9ad7c64648154faf
SHA1..: b9f38569c15b883ec0b26856997602e7bf043386
SHA256: f57abc029bdba10c16d3949a03c46076f7bf82ed18fe9ee2cbc949649d92624e
SHA512: 2b112dd8a43dfc6b8372e0be090431beaf8655a5dcec091049cda212cf815962
0a8c97a8e16a335c3222e599cdd7b513bcf69aeda21cb7b9efe08946a32a71b0
ssdeep: 3072:DP/RarTxWCkFvyooaE4tFmzMrwUb+zdqDZzvMLPaak6ia+YvX0:TRaECwvy
mtFiHgW5k6ia+Yv
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4441c464
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x1b4bc 0x1b600 6.57 72a1054c8732d9e014f8578193da9dee
DATA 0x1d000 0xf7c 0x1000 4.63 d6db268dacb229b90d18a353773266d5
BSS 0x1e000 0x759 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1f000 0xe70 0x1000 4.60 8939275d57a535c799ad92852bf8763e
.edata 0x20000 0x550 0x600 5.07 6b0bbb4be8311f2b9e0d129a0d3ee865
.reloc 0x21000 0x1194 0x1200 6.69 2a6b876c3a9cc86191677e4fb49d88ae
.rsrc 0x23000 0x348 0x400 2.90 8572a21c672b963878908f77630164db

( 9 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, WideCharToMultiByte, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc
> advapi32.dll: SetSecurityDescriptorDacl, RegSetValueExW, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, IsValidSid, InitializeSecurityDescriptor, GetTokenInformation, GetLengthSid, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges
> kernel32.dll: lstrlenW, lstrlenA, lstrcpyW, lstrcpyA, lstrcmpiW, lstrcmpiA, lstrcatW, WriteProcessMemory, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQueryEx, VirtualQuery, VirtualProtectEx, VirtualProtect, VirtualFree, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, Sleep, SetThreadPriority, SetLastError, SetEvent, ResumeThread, ReleaseSemaphore, ReleaseMutex, ReadProcessMemory, ReadFile, OpenProcess, OpenMutexW, OpenMutexA, OpenFileMappingW, OpenFileMappingA, OpenEventW, OpenEventA, MapViewOfFile, LocalFree, LocalAlloc, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadWritePtr, IsBadReadPtr, InitializeCriticalSection, GetVersionExW, GetVersionExA, GetVersion, GetTickCount, GetThreadContext, GetSystemDirectoryW, GetSystemDirectoryA, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLastError, GetFileSize, GetFileAttributesW, GetFileAttributesA, GetExitCodeThread, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetCurrentDirectoryA, InterlockedExchange, FreeLibrary, FormatMessageA, EnterCriticalSection, DuplicateHandle, DeleteFileW, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateProcessW, CreateProcessA, CreatePipe, CreateMutexW, CreateMutexA, CreateFileMappingW, CreateFileMappingA, CreateFileW, CreateFileA, CreateEventW, CreateEventA, CloseHandle
> user32.dll: TranslateMessage, PeekMessageA, OpenInputDesktop, MsgWaitForMultipleObjects, MessageBoxA, GetUserObjectInformationA, GetThreadDesktop, DispatchMessageA, CloseDesktop
> advapi32.dll: GetKernelObjectSecurity

( 49 exports )
AddAccessForEveryone, AllocMemEx, AmSystemProcess, AmUsingInputDesktop, AnsiToWide, AutoUnhook, CollectHooks, CopyFunction, CreateGlobalEvent, CreateGlobalFileMapping, CreateGlobalMutex, CreateIpcQueue, CreateIpcQueueEx, CreateProcessExA, CreateProcessExW, CreateRemoteThreadEx, DestroyIpcQueue, FlushHooks, FreeMemEx, GetCallingModule, GetCurrentSessionId, GetInputSessionId, HookAPI, HookCode, InjectLibraryA, InjectLibrarySessionA, InjectLibrarySessionW, InjectLibraryW, InstallMadCHook, IsHookInUse, OpenGlobalEvent, OpenGlobalFileMapping, OpenGlobalMutex, ProcessHandleToId, ProcessIdToFileName, RemoteExecute, RenewHook, SendIpcMessage, StaticLibHelper_Final, StaticLibHelper_Init, ThreadHandleToId, UnhookAPI, UnhookCode, UninjectLibraryA, UninjectLibrarySessionA, UninjectLibrarySessionW, UninjectLibraryW, UninstallMadCHook, WideToAnsi
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9408d61a78d7a46e9ad7c64648154faf' target='_blank'>http://research.sunbelt-software.com/...
0
Réponse 26 / 69
Larekan
 
LE CINQUIEME

C:\WINDOWS\system32\HookShield.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 262144 bytes
MD5...: 6f6cc0d22402a579a7ab2ae0add58cca
SHA1..: 9895e11a93cf327da7e779e05672c4b4afc62c5e
SHA256: 9559870df4944b0d8c4621b88f182ab8c7d6cba78ef7d42d8ec221baa04b7d23
SHA512: eede83e97bf9ed3abad12e9b8d8c740dfbf69e87385c50a8a913c7759f58035e
be025e442055e7986fa5803a38e7bc8192e2dbf26caa8ad97d0fa33b842f985c
ssdeep: 3072:vqcCmxs7Ks5/Z8G+mirzMv+YrE5XIVl+VJujzPac+nz+8iEyXFnYJJIasLN
:icCGs7KsL8GyrzIDVlEEjEyId7IasLN
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10005030
timedatestamp.....: 0x43b6b707 (Sat Dec 31 16:51:19 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x569a 0x6000 5.75 7fd98021fa18e32b199506dd82635b56
.rdata 0x7000 0xd04 0x1000 4.47 5bc1fa50d0cca365fa0b746e6d50fe43
.data 0x8000 0x1104 0x1000 0.11 cf23898c1c2b68fc5006f0b755179f67
.CRT 0xa000 0x4 0x1000 0.01 1039b5542db8fc0eddac7f94fbae78fe
.rsrc 0xb000 0x33cd8 0x34000 6.76 c3c796bd147c31f5eb28a77e570e7004
.reloc 0x3f000 0x121c 0x2000 4.18 3641784f66c413c82ff8a116c219200c

( 8 imports )
> MSVCR71.dll: sprintf, __security_error_handler, _except_handler3
> d3dx9_28.dll: D3DXCreateTextureFromResourceExA, D3DXCreateFontA, D3DXCreateSprite
> MADCHOOK.DLL: HookCode, HookAPI, RenewHook
> Auxiliary.dll: _GetOSDLocation@@YGHXZ, _SetKbCtlType@@YGHH@Z, _GetOSDKey@@YGHQAH00@Z, _GetKbCtlType@@YGHXZ
> SMdll.dll: SMRead, SMWrite, SMRelease
> KERNEL32.dll: GetCurrentThreadId, GetCurrentProcessId, MulDiv, GetSystemTimeAsFileTime, LoadLibraryA, GetProcAddress, FreeLibrary, ExitProcess, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount
> USER32.dll: UnhookWindowsHookEx, SetWindowsHookExA, GetClientRect, GetDC, ReleaseDC, SetRect, SetTimer, GetAsyncKeyState, KillTimer, CallNextHookEx
> GDI32.dll: GetDeviceCaps

( 16 exports )
DeInitializeLib, GetCanRunDOT, GetDOTStatus, GetVIVIDStatus, GetVIVIDValue, Query_GPUClock, Query_GPUTemp, Query_MEMClock, ReleaseNVCPLDLL, SetClockDown, SetClockUp, SetDOTStatus, SetDefaultClock, SetVIVIDDown, SetVIVIDStatus, SetVIVIDUp

=========================

LE SIXIEME

C:\WINDOWS\system32\HookMAp.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 253952 bytes
MD5...: 5ee1a90318e9f9424028bb076353b710
SHA1..: a9c0a6d8ee90daf4c6e04fddeaea3b51ca0dd383
SHA256: 75d28298496ef76226ab8791f8321902c054e2d44a04d25f69d273e513588f40
SHA512: c4d2d74ba3ea9fe683baf732922bdab25caf482cbb00dbf26bd2d903569331c3
be1124c514af9858057b3574a83ace44f99ba0fd72e0cef3d09ebc52830d019a
ssdeep: 3072:ToKV+vkl0sYxYx8SgEfpvWZ3Lb/QB92+QY5BejwKW4FyzgQY:MKVLu08/Ef
pv+7b/QBYzY50jwKW4FyT
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10005500
timedatestamp.....: 0x43b6b785 (Sat Dec 31 16:53:25 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b7a 0x6000 5.97 17334e6bdc7ca4afda8955c3c8a77a8a
.rdata 0x7000 0xf54 0x1000 5.07 be32170b883361c2c26047472d83dbb1
.data 0x8000 0x1344 0x1000 0.11 b7a1e399322b75f5be802ad81597c572
.CRT 0xa000 0x8 0x1000 0.02 d2cc7a044156e10d9525cdb1da6dd0c4
.rsrc 0xb000 0x31410 0x32000 7.07 80b06b7b5c0922e0599bbd0489496f7c
.reloc 0x3d000 0x1260 0x2000 4.28 cb9932bb63714b084032587b8e5ad393

( 9 imports )
> MSVCR71.dll: sprintf, _except_handler3, __security_error_handler, vsprintf
> d3dx9_28.dll: D3DXCreateTextureFromResourceExA, D3DXCreateFontA, D3DXCreateSprite
> MADCHOOK.DLL: HookAPI, RenewHook, HookCode
> Auxiliary.dll: _GetOSDKey@@YGHQAH00@Z, _SetKbCtlType@@YGHH@Z, _GetOSDLocation@@YGHXZ, _GetKbCtlType@@YGHXZ
> OPENGL32.dll: glRasterPos2i, glPushAttrib, glListBase, glGetBooleanv, glDisable, glEnable, glColor3ub, glHint, wglUseFontBitmapsA, glGenLists, wglGetCurrentDC, glPopAttrib, glCallLists
> SMdll.dll: SMRelease, SMRead, SMWrite
> KERNEL32.dll: LoadLibraryA, GetProcAddress, FreeLibrary, DisableThreadLibraryCalls, ExitProcess, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetLocalTime, MulDiv, GetSystemTimeAsFileTime
> USER32.dll: SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, GetDC, ReleaseDC, SetRect, MessageBoxA, SetTimer, GetAsyncKeyState, KillTimer, GetClientRect
> GDI32.dll: CreateFontA, SelectObject, GetTextExtentPointA, DeleteObject, GetDeviceCaps

( 16 exports )
DeInitializeLib, GetCanRunDOT, GetDOTStatus, GetVIVIDStatus, GetVIVIDValue, Query_GPUClock, Query_GPUTemp, Query_MEMClock, ReleaseNVCPLDLL, SetClockDown, SetClockUp, SetDOTStatus, SetDefaultClock, SetVIVIDDown, SetVIVIDStatus, SetVIVIDUp
0
Réponse 27 / 69
Larekan
 
LE SEPTIEME

C:\WINDOWS\system32\Auxiliary.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 32768 bytes
MD5...: 508c2e5a63c369eba169d19a9c40111b
SHA1..: 300df0f66a92d8b5f14726f31dd91f3ce7a07ef5
SHA256: 774bcfe9f654be875670f669e93c5ac0f6423bdcd4c717a5ec3171bf9d5cd20e
SHA512: 512a84880f26023282293713b000b2f727c3b764af4151ecda9b26e79840b370
a2ca2476df79b44f8e341f5b96e6e279e908a8a937e9bfcb15819d56bd9acd74
ssdeep: 384:Dxw8pTeV8y3rfj0kmlYrjylyla7EoIo9QqhFFhk+n:u8pTeRbfjBWh7dIo9z
FFh
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001509
timedatestamp.....: 0x44dfee78 (Mon Aug 14 03:31:04 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ed6 0x3000 6.44 b8887b12a73125c76a8fe718b1689595
.rdata 0x4000 0x949 0x1000 3.70 f995aa28649583b2947443bf9dbdc02f
.data 0x5000 0x8e0 0x1000 0.63 b5e26f06ca1eda64e021bcea25a2df94
d3dshare 0x6000 0xa0 0x1000 0.09 327f02b57bbfd9e095033b7633cc77cd
.reloc 0x7000 0x556 0x1000 2.60 1cd228d2c1f62ca5cef1570f2b72b687

( 1 imports )
> KERNEL32.dll: GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind

( 10 exports )
_GetKbCtlType@@YGHXZ, _GetOSD@@YGHXZ, _GetOSDKey@@YGHQAH00@Z, _GetOSDLocation@@YGHXZ, _GetOSDStyle@@YGHXZ, _SetKbCtlType@@YGHH@Z, _SetOSD@@YGHH@Z, _SetOSDKey@@YGHQAH0@Z, _SetOSDLocation@@YGHH@Z, _SetOSDStyle@@YGHH@Z

=========================

LE HUITIEME ET DERNIER, ET JE PEUX débloquer caps lock :D

C:\WINDOWS\system32\WinSys.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.06 -
AhnLab-V3 2009.1.6.3 2009.01.06 -
AntiVir 7.9.0.45 2009.01.06 -
Authentium 5.1.0.4 2009.01.06 -
Avast 4.8.1281.0 2009.01.06 -
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.06 -
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 -
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 -
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 -
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 -
GData 19 2009.01.06 -
Ikarus T3.1.1.45.0 2009.01.06 -
K7AntiVirus 7.10.578 2009.01.06 Trojan.Win32.Malware.2
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.06 -
NOD32 3743 2009.01.06 -
Norman 5.80.02 2009.01.06 -
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 -
Sophos 4.37.0 2009.01.06 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 -
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 -
VBA32 3.12.8.10 2009.01.06 -
ViRobot 2009.1.6.1546 2009.01.06 -
VirusBuster 4.5.11.0 2009.01.06 -
Information additionnelle
File size: 200704 bytes
MD5...: bb8bd0d7171d13b06dedce57997a4b09
SHA1..: 08216cbef5a5f17d72f97e8bd3670a3fd3158be8
SHA256: 3e2c1cf00787c8d67ae7a6a61e8a698d9ecaede9c8ee52f8ee9effca5e9bcec7
SHA512: 17ac53207d827e1fdf7b28a38278bf3807c71c847fa9543b287557fcd7137dc5
d841b5c7f4967ba27b05a5cc10977854a887486eadf18e3a42ef270d080626e7
ssdeep: 3072:1oHmk7KgiSiv2ml4MmO1BvJzxhPValA7R6xtMQIbkpTQ7:1km1Siv2y1mmh
zxh9dFOIYm
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40fb66
timedatestamp.....: 0x45820f03 (Fri Dec 15 02:57:07 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20376 0x21000 6.59 c34927664ee7147fa770922f5fc48a82
.rdata 0x22000 0x7eea 0x8000 4.96 0c5fec072792fe067dbdc05503db9d6b
.data 0x2a000 0x5d94 0x2000 3.82 64e552d0e79140f59b41b9244bf77008
.rsrc 0x30000 0x48a8 0x5000 4.41 1659f65f1060919c02b0099dd6a83a7a

( 7 imports )
> KERNEL32.dll: SetErrorMode, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, WritePrivateProfileStringA, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GlobalDeleteAtom, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, LoadLibraryA, GetProcAddress, Sleep, FreeLibrary, lstrlenA, CompareStringA, GetVersionExA, CreateMutexA, ReleaseMutex, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, IsDebuggerPresent, InterlockedExchange
> USER32.dll: UnregisterClassA, LoadCursorA, GetSysColorBrush, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, DrawIcon, SendMessageA, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, DestroyMenu, GetMessageTime, PostMessageA, IsIconic, GetClientRect, SetTimer, KillTimer, LoadIconA, EnableWindow, GetSystemMetrics, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, PostQuitMessage, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetParent, ModifyMenuA, EnableMenuItem, CheckMenuItem
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetDeviceCaps, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
> OLEAUT32.dll: -, -, -

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=bb8bd0d7171d13b06dedce57997a4b09' target='_blank'>https://www.symantec.com?md5=bb8bd0d7171d13b06dedce57997a4b09</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=bb8bd0d7171d13b06dedce57997a4b09' target='_blank'>http://research.sunbelt-software.com/...
0
Réponse 28 / 69
Utilisateur anonyme
 
en attente du huitieme ... -;)

peux tu faire ceci ,

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

telecharge et instal 7-Zip :

https://www.01net.com/telecharger/windows/Utilitaire/compression_et_decompression/fiches/4035.html

va a ce fichier :

C:\WINDOWS\system32\winsys2.exe

fais un clic droit dessus

dans le menu va sur 7-ZIP et choisi add to archive

nomme le fichier "pour chiquitine" destination le bureau

fais moi stp parvenir ce fichier (pour chiquitine.zip) vias ci joint sur le forum

http://www.cijoint.fr/

en te remerciant et en remerciant ske pour le derangement
0
Réponse 29 / 69
Larekan
 
à quoi cela va te servir, qhiquitine ?
0
Réponse 30 / 69
Utilisateur anonyme
 
ce fichier est a priori infectueux meme si le resultat sur virus total est negatif

j aimerais l avoir pour l etudier afin de l ajouter a l un des outils dont je suis l auteur si ce fichier s avere nefaste

en te remerciant
0
Réponse 31 / 69
Larekan
 
le voilà, chiquitine :

http://www.cijoint.fr/cjlink.php?file=cj200901/cijwY3DccP.zip
0
Réponse 32 / 69
Larekan
 
question de curiosité : à quoi tu verras si il est néfaste ? Que recherches-tu ?
0
Réponse 33 / 69
Utilisateur anonyme
 
je te remercie vraiment ,

je te laisse en compagnie de ske

ps pour ske : mbam kill winsys2 mais je pense que tu le sais deja -;)

+++ et désolé pour l intrusion
0
Réponse 34 / 69
Utilisateur anonyme
 
à quoi tu verras si il est néfaste ? Que recherches-tu ?

je vais etudier son activité .. ce qu il créé (registre , fichiers , ports etc )

je te remercie
0
Réponse 35 / 69
Larekan
 
excuse-moi de te garder, mais ça m'intéresse...
Comment on observe un fichier ?
J'ai l'impression que tu en parles comme d'un animal... xD
0
Réponse 36 / 69
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
de retour ...

fais la manipe de Malwarebytes comme l'indique l' ami Chiquitine29 ... ;)

cela va nettoyer les clés run qui restaient et d'éventuelles autres saleté ...


tu accompagneras le rapport de MBAM avec un nouveau rapport RSIT ( log.txt ) et attends la suite ....

0
Réponse 37 / 69
Larekan
 
vla le rapport de malwarebits :

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1625
Windows 5.1.2600 Service Pack 3

06.01.2009 21:41:52
mbam-log-2009-01-06 (21-41-52).txt

Type de recherche: Examen rapide
Eléments examinés: 44942
Temps écoulé: 1 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NT Printing Service (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 38 / 69
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
re,

un rapport RSIT tout frais stp ( log.txt ) ...

0
Réponse 39 / 69
Larekan
 
voilà le nouveau rapprt de RIST, là...
mon bureau commence à être bordelique xD

Logfile of random's system information tool 1.05 (written by random/random)
Run by BrunoF at 2009-01-06 21:46:01
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 19 GB (53%) free of 35 GB
Total RAM: 2046 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:01, on 06.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\BrunoF\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BrunoF.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
0
Réponse 40 / 69
Utilisateur anonyme
 
-;)

excuse moi ske ..

c pour faire avancer le "schimbilick" (si ça ecris ainsi) -;)
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
No problemo ! =)

Si tu veux , je te laisse finir ... ;)

C'est comme tu veux car là je vais m'absenté un petit moment ...

0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Paris multiple : explications de 2/3, 3/4, 2/4, 2/5, etc.
florent.c -
Aide -

85 réponses
Voxbone ? qui est-ce ?
fanfan54 -
ntrece13 -

159 réponses