Que fair avec Mcaffe? ( rootkits)

sparcate Messages postés 87 Statut Membre -
Utilisateur anonyme - 20 juin 2009 à 15:25

Bonjour, suite à un root-kits chopé par un crack, j'ai download Mcaffe Rootkit Detective1.1 Je me met alors à faire un scan ( en mode sans échèc ), Et je ne sais pas quoi cocher entre: "view hidden processes and files", " View hidden registry keys/values ", "View hooked services", "View hooked imports/exports" et "View all processes". Et je ne sais pas quoi faire des informations qui y sont présente ( il y a du Win32 ), je n'ose pas trop i toucher :s. Merci de vos infos :)

Afficher la suite

A voir également:

Que fair avec Mcaffe? ( rootkits)
Mcaffe virus - Accueil - Piratage
Fair use wizard - Télécharger - Conversion & Codecs
Rootkits download - Télécharger - Antivirus & Antimalwares
Fair phone 6 - Guide
Media fair pc - Télécharger - Téléchargement & Transfert

145 réponses

Précédent

1
2
3
4
5
6
7
8

Suivant

Réponse 21 / 145

sparcate Messages postés 87 Statut Membre

( crack et Key-gen delete )

Réponse 22 / 145

sparcate Messages postés 87 Statut Membre

Avec "LOP et PURITY" de cochés?

Réponse 23 / 145

sparcate Messages postés 87 Statut Membre

J'ai fais se que vous m'aviez dit ( sans cocher les cases précédentes ) et de suite mon P.C a redémarré et aucun rapport n'est écrit créé :s Sachant que j'ai redémarré en mode sans échec, cela gênerai qqchose?

Réponse 24 / 145

sparcate Messages postés 87 Statut Membre

Si.! Le rapport est le suivant:

========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\System32\CF8613.exe moved successfully.
C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06152009_204834

Files moved on Reboot...

Registry entries deleted on Reboot...

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 145

sparcate Messages postés 87 Statut Membre

Je sens qu'on s'approche du but :D

Réponse 26 / 145

sparcate Messages postés 87 Statut Membre

Arf.. le cas que je fais... -_-' J'ai zappé de cocher "Scan all User".

Réponse 27 / 145

sparcate Messages postés 87 Statut Membre

Que dois-je faire à présent? S'il vous plais. Merci d'avance.

Réponse 28 / 145

sparcate Messages postés 87 Statut Membre

Me revoila, désolé de l'attente.. :s

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2284
Windows 5.1.2600 Service Pack 3

15/06/2009 22:55:07
mbam-log-2009-06-15 (22-55-07).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 240119
Temps écoulé: 44 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0032148.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0032182.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0032220.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0033220.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0033250.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0033737.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0033832.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP194\A0033847.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP196\A0033924.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP196\A0034051.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP196\A0034064.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0c010bc7-13db-41b1-9115-b66b2e59e625}\RP197\A0034182.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

En redémarrent le P.C un message d'erreur est apparu en me disant ( en gros ): " Error image 053".

Réponse 29 / 145

sparcate Messages postés 87 Statut Membre

Je supprime les éléments mis en quarantaines ou je les laissent ainsi?

Réponse 30 / 145

Utilisateur anonyme

refais OTL et renvoie les deux txt stp par cijoint

Réponse 31 / 145

sparcate Messages postés 87 Statut Membre

OTL: http://www.cijoint.fr/cjlink.php?file=cj200906/cij4fkB0jx.txt
Malware: http://www.cijoint.fr/cjlink.php?file=cj200906/cijo6DNIqW.txt

Réponse 32 / 145

Utilisateur anonyme

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\system32\klogon.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Réponse 33 / 145

sparcate Messages postés 87 Statut Membre

Fichier klogon.dll reçu le 2009.04.27 10:15:10 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.27 -
AhnLab-V3 5.0.0.2 2009.04.27 -
AntiVir 7.9.0.156 2009.04.27 -
Antiy-AVL 2.0.3.1 2009.04.27 -
Authentium 5.1.2.4 2009.04.26 -
Avast 4.8.1335.0 2009.04.26 -
AVG 8.5.0.287 2009.04.27 -
BitDefender 7.2 2009.04.27 -
CAT-QuickHeal 10.00 2009.04.27 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1137 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.27 -
eSafe 7.0.17.0 2009.04.23 -
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.26 -
F-Secure 8.0.14470.0 2009.04.27 -
Fortinet 3.117.0.0 2009.04.27 -
GData 19 2009.04.27 -
Ikarus T3.1.1.49.0 2009.04.27 -
K7AntiVirus 7.10.716 2009.04.25 -
Kaspersky 7.0.0.125 2009.04.27 -
McAfee 5597 2009.04.26 -
McAfee+Artemis 5597 2009.04.26 -
McAfee-GW-Edition 6.7.6 2009.04.27 -
Microsoft 1.4602 2009.04.27 -
NOD32 4036 2009.04.27 -
Norman 6.00.06 2009.04.24 -
nProtect 2009.1.8.0 2009.04.27 -
Panda 10.0.0.14 2009.04.26 -
PCTools 4.4.2.0 2009.04.26 -
Prevx1 3.0 2009.04.27 -
Rising 21.27.02.00 2009.04.27 -
Sophos 4.41.0 2009.04.27 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.27 -
TheHacker 6.3.4.1.315 2009.04.27 -
TrendMicro 8.700.0.1004 2009.04.27 -
VBA32 3.12.10.3 2009.04.27 -
ViRobot 2009.4.27.1710 2009.04.27 -
VirusBuster 4.6.5.0 2009.04.26 -
Information additionnelle
File size: 206088 bytes
MD5   : 060a7489d444aa8a980b2ef196394729
SHA1  : 235b1dbed88756b13c7ada7aeb9c2f99aa2c2f01
SHA256: e95f6b02a15b953685a3e67822c2ff06ab5bc47c43947a86e270bac14e8f39a9
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xF2A7<br> timedatestamp.....: 0x4811E8E6 (Fri Apr 25 16:21:26 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x1EF68 0x1F000 6.84 8a8038ddd1746a144ec8a9189bfdc15c<br>.rdata 0x20000 0xB220 0xC000 6.41 8372e45fadf412e3e084ce9d0e28e593<br>.data 0x2C000 0x37C8 0x2000 3.86 abe01fe8de07de6a77ca93cab4239bf5<br>.rsrc 0x30000 0x4A4 0x1000 3.83 a0864dd346e9416e77ae8283b65500c2<br>.reloc 0x31000 0x1FE0 0x2000 4.85 86da1012542f869b6583184cede927e3<br> <br> ( 4 imports )<br> <br>> advapi32.dll: AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, AllocateAndInitializeSid, GetLengthSid, FreeSid, CopySid, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, InitializeAcl<br>> gdi32.dll: GetClipBox, GdiFlush, CreateDIBSection, CreateCompatibleDC, SelectObject, BitBlt, SetDIBitsToDevice, DeleteObject, DeleteDC, GetPixel, CreateBitmap<br>> kernel32.dll: LCMapStringW, LCMapStringA, LoadLibraryA, InitializeCriticalSection, SetStdHandle, SetFilePointer, WriteConsoleW, GetConsoleOutputCP, GetStringTypeA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, GetStringTypeW, GetLocaleInfoA, MulDiv, GetModuleHandleA, GetProcAddress, CreateThread, GetCurrentThreadId, GetModuleFileNameA, CreateFileA, GetFileSize, ReadFile, Sleep, OpenMutexA, WriteConsoleA, CloseHandle, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlUnwind, EnterCriticalSection, LeaveCriticalSection, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DeleteCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, HeapSize, ExitProcess, RaiseException, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount<br>> user32.dll: CreateIconIndirect, IntersectRect, OffsetRect, DestroyIcon, GetMessageA, SetThreadDesktop, SetTimer, TranslateMessage, DispatchMessageA, IsWindow, DestroyWindow, LoadCursorA, RegisterClassExA, GetForegroundWindow, GetDesktopWindow, CreateWindowExA, SetWindowLongA, SetForegroundWindow, GetWindowLongA, PostThreadMessageA, DefWindowProcA, SystemParametersInfoA, SetWindowPos, WindowFromPoint, GetWindowRect, BeginPaint, PaintDesktop, EndPaint, GetSystemMetrics, GetDC, ReleaseDC, ShowWindow<br> <br> ( 1 exports )<br> <br>> WLEventStart, WLEventStop
TrID  : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
ssdeep: 3072:nWaZ7XJC/Z+dzdiNOJz2ITGNXrxHHTBf7Ag0FuDAMntgSYVp/:WqM9eSNxHTBDAOXGSE
PEiD  : -
RDS   : NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.27 -
AhnLab-V3 5.0.0.2 2009.04.27 -
AntiVir 7.9.0.156 2009.04.27 -
Antiy-AVL 2.0.3.1 2009.04.27 -
Authentium 5.1.2.4 2009.04.26 -
Avast 4.8.1335.0 2009.04.26 -
AVG 8.5.0.287 2009.04.27 -
BitDefender 7.2 2009.04.27 -
CAT-QuickHeal 10.00 2009.04.27 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1137 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.27 -
eSafe 7.0.17.0 2009.04.23 -
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.26 -
F-Secure 8.0.14470.0 2009.04.27 -
Fortinet 3.117.0.0 2009.04.27 -
GData 19 2009.04.27 -
Ikarus T3.1.1.49.0 2009.04.27 -
K7AntiVirus 7.10.716 2009.04.25 -
Kaspersky 7.0.0.125 2009.04.27 -
McAfee 5597 2009.04.26 -
McAfee+Artemis 5597 2009.04.26 -
McAfee-GW-Edition 6.7.6 2009.04.27 -
Microsoft 1.4602 2009.04.27 -
NOD32 4036 2009.04.27 -
Norman 6.00.06 2009.04.24 -
nProtect 2009.1.8.0 2009.04.27 -
Panda 10.0.0.14 2009.04.26 -
PCTools 4.4.2.0 2009.04.26 -
Prevx1 3.0 2009.04.27 -
Rising 21.27.02.00 2009.04.27 -
Sophos 4.41.0 2009.04.27 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.27 -
TheHacker 6.3.4.1.315 2009.04.27 -
TrendMicro 8.700.0.1004 2009.04.27 -
VBA32 3.12.10.3 2009.04.27 -
ViRobot 2009.4.27.1710 2009.04.27 -
VirusBuster 4.6.5.0 2009.04.26 -

Information additionnelle
File size: 206088 bytes
MD5   : 060a7489d444aa8a980b2ef196394729
SHA1  : 235b1dbed88756b13c7ada7aeb9c2f99aa2c2f01
SHA256: e95f6b02a15b953685a3e67822c2ff06ab5bc47c43947a86e270bac14e8f39a9
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xF2A7<br> timedatestamp.....: 0x4811E8E6 (Fri Apr 25 16:21:26 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x1EF68 0x1F000 6.84 8a8038ddd1746a144ec8a9189bfdc15c<br>.rdata 0x20000 0xB220 0xC000 6.41 8372e45fadf412e3e084ce9d0e28e593<br>.data 0x2C000 0x37C8 0x2000 3.86 abe01fe8de07de6a77ca93cab4239bf5<br>.rsrc 0x30000 0x4A4 0x1000 3.83 a0864dd346e9416e77ae8283b65500c2<br>.reloc 0x31000 0x1FE0 0x2000 4.85 86da1012542f869b6583184cede927e3<br> <br> ( 4 imports )<br> <br>> advapi32.dll: AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, AllocateAndInitializeSid, GetLengthSid, FreeSid, CopySid, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, InitializeAcl<br>> gdi32.dll: GetClipBox, GdiFlush, CreateDIBSection, CreateCompatibleDC, SelectObject, BitBlt, SetDIBitsToDevice, DeleteObject, DeleteDC, GetPixel, CreateBitmap<br>> kernel32.dll: LCMapStringW, LCMapStringA, LoadLibraryA, InitializeCriticalSection, SetStdHandle, SetFilePointer, WriteConsoleW, GetConsoleOutputCP, GetStringTypeA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, GetStringTypeW, GetLocaleInfoA, MulDiv, GetModuleHandleA, GetProcAddress, CreateThread, GetCurrentThreadId, GetModuleFileNameA, CreateFileA, GetFileSize, ReadFile, Sleep, OpenMutexA, WriteConsoleA, CloseHandle, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlUnwind, EnterCriticalSection, LeaveCriticalSection, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DeleteCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, HeapSize, ExitProcess, RaiseException, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount<br>> user32.dll: CreateIconIndirect, IntersectRect, OffsetRect, DestroyIcon, GetMessageA, SetThreadDesktop, SetTimer, TranslateMessage, DispatchMessageA, IsWindow, DestroyWindow, LoadCursorA, RegisterClassExA, GetForegroundWindow, GetDesktopWindow, CreateWindowExA, SetWindowLongA, SetForegroundWindow, GetWindowLongA, PostThreadMessageA, DefWindowProcA, SystemParametersInfoA, SetWindowPos, WindowFromPoint, GetWindowRect, BeginPaint, PaintDesktop, EndPaint, GetSystemMetrics, GetDC, ReleaseDC, ShowWindow<br> <br> ( 1 exports )<br> <br>> WLEventStart, WLEventStop
TrID  : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
ssdeep: 3072:nWaZ7XJC/Z+dzdiNOJz2ITGNXrxHHTBf7Ag0FuDAMntgSYVp/:WqM9eSNxHTBDAOXGSE
PEiD  : -
RDS   : NSRL Reference Data Set<br>-

Réponse 34 / 145

Utilisateur anonyme

refais un scan avec ca :

Mcaffe Rootkit Detective1.1

Réponse 35 / 145

sparcate Messages postés 87 Statut Membre

Le scan est fait cependant je crois pas qu'il y ai de rapport avec celui-ci, si?

Réponse 36 / 145

Utilisateur anonyme

t'en a t il indiqué encore la presence ?

Réponse 37 / 145

sparcate Messages postés 87 Statut Membre

Dans " View hidden processes and files " il y a " Snares, et pas mal d'autre chose quand on coche les autres cases. Si sa peut t'aider

Réponse 38 / 145

Utilisateur anonyme

tu ne serais pas dans l'historique du prog ? parce qu'avec ce qu'on a passé , si rootkit il y avait il aurait ete degommé

-> Scan BitDefender

Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer

* Clique en bas à gauche sur Scan on line.
* Accepte la licence et laisse-le installer l'Active x..
* Laisse-toi guider. Colle son rapport ici.

Aide

Réponse 39 / 145

sparcate Messages postés 87 Statut Membre

Scan complete. Found hidden Processes and Files: 1 .
Total files scanned: 168767
McAfee(R) Rootkit Detective 1.1 scan report
On 15-06-2009 at 23:47:00
OS-Version 5.1.2600
Service Pack 3.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: \SystemRoot\System32\drivers\spvf.sys

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4f.sys
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: DataEM\ControlSet004\Services\sptd\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: edec4b50-3a44-4ded-86dd-85a4e65c20ea System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Status: Hidden

Object-Type: Registry-key
Object-Name: 0f88886d-d7b0-4839-9f39-5c335ef07898 System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Status: Hidden

Object-Type: Registry-key
Object-Name: MachineKeyicrosoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898\MachineKey
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898\MachineKey
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea\0f88886d-d7b0-4839-9f39-5c335ef07898
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\edec4b50-3a44-4ded-86dd-85a4e65c20ea
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Process
Object-Name: alg.exe
Pid: 1828
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: NBService.exe
Pid: 1768
Object-Path: C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 3476
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 780
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: avp.exe
Pid: 1652
Object-Path: C:\Documents and Settings\avp.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1064
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: CALMAIN.exe
Pid: 568
Object-Path: C:\Program Files\Canon\CAL\CALMAIN.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 848
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: AppleMobileDevi
Pid: 1624
Object-Path: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Status: Visible

Object-Type: Process
Object-Name: wscntfy.exe
Pid: 416
Object-Path: C:\WINDOWS\system32\wscntfy.exe
Status: Visible

Object-Type: Process
Object-Name: nvsvc32.exe
Pid: 200
Object-Path: C:\WINDOWS\system32\nvsvc32.exe
Status: Visible

Object-Type: File/Folder
Object-Name: Snares
Pid: n/a
Object-Path: C:\Documents and Settings\utilisateur\Bureau\Autre(s)\Magic Maker 2005\13.500 Samples - Package 1 (Techno, Electro, House, Rock - ALLES) [shared by hi RES]\Samples\More Samples\hits\various drumkits.drumhits\SylenseSounds\Sylense Drumkit Vol. 2\Sylense Drumkit II\Snares
Status: Hidden

Object-Type: Process
Object-Name: smss.exe
Pid: 576
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2468
Object-Path: C:\Documents and Settings\utilisateur\Bureau\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1012
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1508
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1416
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 860
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1232
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 2008
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: mDNSResponder.e
Pid: 1668
Object-Path: C:\Program Files\Bonjour\mDNSResponder.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1576
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 244
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 804
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Scan complete. Found hidden Processes and Files: 1 .
Total files scanned: 167484

Dsl j'ai pas pu t'envoyer le lien , le site bug :s

Réponse 40 / 145

sparcate Messages postés 87 Statut Membre

Je débute l'analyse avec l'antivirus online.

Discussions similaires

que fair d'une vieille tablette

fair exploser le c4

decodeur canal , quoi en fair ?

me désabonner de flirt fair

comment fair chauffer son pc

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple