virus winunpgro.exe Résolu/Fermé

Question

Bonjour,
je suis infecte par le virus winunpgro et presque rien ne fonctionne (antivirus, internet ext...) j'ecris d'un autre pc. aider moi svp

jlpjlp · Answer

sl

c'est mieux quand tu crées ton propre message!!!



vire les cracks que tu as car l'infection vient de là!!!

puis



Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

jlpjlp · Answer

tu étais connecté en wifi?

________________

vire tes cracks:


C:\Users\Yoann\crack keygen logiciel
C:\Users\Yoann\FRUITY LOOPS Fl Studio 7 Xxl Crack.rar
C:\Users\Yoann\crack keygen logiciel\bitdefender + key.rar
C:\Users\Yoann\crack keygen logiciel
ero
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial.rar
C:\Users\Yoann\crack keygen logiciel\X-OOM_Movies_On_PSP_Fr_[Neopat].rar
C:\Users\Yoann\crack keygen logiciel
ero\InCD40121.exe
C:\Users\Yoann\crack keygen logiciel
ero\Keygen-Nero.exe
C:\Users\Yoann\crack keygen logiciel
ero\NBR60011FRA.exe
C:\Users\Yoann\crack keygen logiciel
ero\Nero60011.exe
C:\Users\Yoann\crack keygen logiciel
ero\NeroMix1404.exe
C:\Users\Yoann\crack keygen logiciel
ero\NeroNet1.0.43.0RC1.exe
C:\Users\Yoann\crack keygen logiciel
ero\NeroNMP1405.exe
C:\Users\Yoann\crack keygen logiciel
ero\NMP1405FRA.exe
C:\Users\Yoann\crack keygen logiciel
ero\NVE2011.exe
C:\Users\Yoann\crack keygen logiciel
ero\NVE2011FRA.exe
C:\Users\Yoann\crack keygen logiciel
ero\ultime plug in nero6.exe
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial\PC.Tools.AntiVirus.exe
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial\Registry.Mechanic.v5.0.0.144.exe
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial\Registry.Mechanic.v5.0.0.144.Serial.txt
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial\Spyware.Doctor.v3.2.2.exe
C:\Users\Yoann\crack keygen logiciel\PC.Tools.AntiVirus.Spyware.Doctor.v3.2.2.Registry.Mechanic.v5.0.0.144.Incl.Serial\Spyware.Doctor.v3.2.2.Serial.txt
C:\Users\Yoann\Desktop\Pc Games - Euro Truck Simulator-Multileng Crack 1.00 By Fotimason.iso
C:\Users\Yoann\Desktop\PC Games - Euro Truck Simulator-Multileng+Crack 1.00_by FotimaSon.rar
_______________________



télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau] 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

jlpjlp · Answer

non mais le pc infecté au départ il allait sur le net?

yoann · Answer

ComboFix 09-01-11.04 - SYSTEM 2009-01-12 16:21:39.2 - NTFSx86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2046.1689 [GMT 1:00] Lancé depuis: G:\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\acer\AcerTour\Reminder.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 )))))))))))))))))))))))))))))))))))) . 2009-01-12 15:18 . 2009-01-12 15:54 d-------- c:\program files\FindyKill 2009-01-12 13:48 . 2009-01-12 13:48 268 --ah----- C:\sqmdata08.sqm 2009-01-12 13:48 . 2009-01-12 13:48 244 --ah----- C:\sqmnoopt08.sqm 2009-01-11 22:57 . 2009-01-11 22:57 268 --ah----- C:\sqmdata07.sqm 2009-01-11 22:57 . 2009-01-11 22:57 244 --ah----- C:\sqmnoopt07.sqm 2009-01-11 22:52 . 2009-01-11 22:52 268 --ah----- C:\sqmdata06.sqm 2009-01-11 22:52 . 2009-01-11 22:52 244 --ah----- C:\sqmnoopt06.sqm 2009-01-11 22:46 . 2009-01-11 22:46 268 --ah----- C:\sqmdata05.sqm 2009-01-11 22:46 . 2009-01-11 22:46 244 --ah----- C:\sqmnoopt05.sqm 2009-01-11 22:24 . 2009-01-11 22:24 268 --ah----- C:\sqmdata04.sqm 2009-01-11 22:24 . 2009-01-11 22:24 244 --ah----- C:\sqmnoopt04.sqm 2009-01-11 21:45 . 2009-01-11 21:45 d--h----- c:\users\Mélanie\AppData\Roaming\drivers 2009-01-11 21:44 . 2009-01-11 21:44 268 --ah----- C:\sqmdata03.sqm 2009-01-11 21:44 . 2009-01-11 21:44 244 --ah----- C:\sqmnoopt03.sqm 2009-01-11 19:29 . 2009-01-11 19:29 268 --ah----- C:\sqmdata02.sqm 2009-01-11 19:29 . 2009-01-11 19:29 244 --ah----- C:\sqmnoopt02.sqm 2009-01-11 18:10 . 2009-01-11 18:10 268 --ah----- C:\sqmdata01.sqm 2009-01-11 18:10 . 2009-01-11 18:10 244 --ah----- C:\sqmnoopt01.sqm 2009-01-11 17:55 . 2003-02-02 00:00 88,599 --a------ c:\windows\_iu14D2N.tmp 2009-01-11 17:50 . 2009-01-11 17:50 d-------- C:\DivX Movies 2009-01-11 17:43 . 2009-01-11 17:43 268 --ah----- C:\sqmdata00.sqm 2009-01-11 17:43 . 2009-01-11 17:43 244 --ah----- C:\sqmnoopt00.sqm 2009-01-11 17:34 . 2009-01-12 06:55 d-------- c:\program files\Spyware Doctor 2009-01-08 22:10 . 2009-01-08 22:10 d-------- C:\perflogs 2009-01-03 20:55 . 2009-01-03 20:55 d-------- C:\Temp 2008-12-27 20:10 . 2008-12-27 20:10 d-------- c:\program files\Trend Micro 2008-12-24 18:24 . 2008-12-25 01:45 d-------- c:\users\All Users\Spybot - Search & Destroy 2008-12-24 18:24 . 2008-12-25 01:45 d-------- c:\programdata\Spybot - Search & Destroy 2008-12-24 18:24 . 2009-01-12 06:55 d-------- c:\program files\Spybot - Search & Destroy 2008-12-23 22:52 . 2009-01-11 21:29 d--h----- c:\windows\msdownld.tmp 2008-12-23 12:00 . 2008-12-23 12:00 183,112 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-23 12:00 . 2008-12-23 12:00 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-23 12:00 . 2008-12-23 12:00 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-22 09:33 . 2009-01-11 17:54 d-------- c:\program files\Euro Truck Simulator 2008-12-15 19:50 . 2008-12-15 19:50 d----c--- c:\windows\System32\DRVSTORE 2008-12-15 19:50 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-12-15 19:50 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\program files\iTunes 2008-12-15 19:49 . 2008-12-15 19:49 d-------- c:\program files\iPod 2008-12-15 19:48 . 2009-01-12 06:55 d-------- c:\program files\Bonjour 2008-12-15 19:47 . 2008-12-15 19:48 d-------- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 15:28 1,572,864 --sha-w c:\users\Mélanie\ntuser.dat 2009-01-12 15:28 1,572,864 --sha-w c:\users\Mélanie\ntuser.dat 2009-01-12 12:46 54,133 ----a-w c:\users\Yoann\AppData\Roaming\nvModes.dat 2009-01-12 05:55 --------- d-----w c:\program files\Norton Internet Security 2009-01-11 20:56 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-11 20:45 --------- d--h--w c:\users\Mélanie\AppData\Roaming\drivers 2009-01-11 16:56 --------- d-----w c:\program files\Acer GameZone 2009-01-11 16:16 81,984 ----a-w c:\windows\System32\bdod.bin 2009-01-09 18:37 --------- d-----w c:\program files\Dofus 2009-01-08 14:06 --------- d---a-w c:\programdata\TEMP 2008-12-26 17:06 --------- d-----w c:\programdata\Microsoft Help 2008-12-25 23:04 --------- d-----w c:\program files\Google 2008-12-25 23:03 --------- d-----w c:\programdata\Google 2008-12-20 09:46 --------- d-----w c:\users\Yoann\AppData\Roaming\Vso 2008-12-19 17:57 --------- d-----w c:\programdata\Nero 2008-12-15 20:03 --------- d-----w c:\users\Yoann\AppData\Roaming\Nero 2008-12-15 18:49 --------- d-----w c:\program files\Common Files\Apple 2008-12-15 18:47 --------- d-----w c:\programdata\Apple Computer 2008-12-06 08:20 0 ----a-w c:\users\Yoann\AppData\Roaming\wklnhst.dat 2008-12-05 15:19 --------- d-----w c:\programdata\LightScribe 2008-12-05 14:40 --------- d-----w c:\program files\Common Files\Nero 2008-12-01 17:43 --------- d-----w c:\program files\Neuf 2008-11-15 11:50 --------- d-----w c:\program files\Image-Line 2008-11-14 20:53 --------- d-----w c:\program files\VstPlugins 2008-11-14 20:42 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 07:46 54,503 ----a-w c:\users\Mélanie\AppData\Roaming\nvModes.dat 2008-10-04 09:10 47,360 ----a-w c:\users\Yoann\AppData\Roaming\pcouffin.sys 2008-08-10 16:56 174 --sha-w c:\program files\desktop.ini 2008-09-30 19:04 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-09-30 19:04 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-09-30 19:04 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-09-30 19:04 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-09-30 19:04 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-06 4608] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2006-11-02 49664] "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 345640] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 39408] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-01-12 1695504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 833072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 107112] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2009-01-12 22696] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-28 784904] "MSPService"="c:\program files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe" [2007-02-13 102400] "TVEService"="c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe" [2007-06-01 151552] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-12 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-12 368640] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-12 583048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-01-12 1695504] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-26 535336] [HKLM\~\startupfolder\C:^Users^Yoann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] path=c:\users\Yoann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk backup=c:\windows\pss\Orion.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2009-01-12 14:33 1695504 c:\progra~1\SPYWAR~1\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2295671110-2891923004-1866197873-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E72405E1-DCEE-4399-B641-2A637A1B4747}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8B07A297-376D-4132-9B2A-7EE5268E1D6E}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{FE5EC648-3B05-47DD-B86E-91E07C116D4E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{1A5583F0-E1E4-4ABE-9918-EE5BBF7F08C3}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{1230AA1B-0C06-4F77-BA80-90DFA083BED6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BC92335E-9407-4F95-8A22-EB8B01636DA2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{177992E9-11C7-4F85-9861-E00741F37B67}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{ABB648B6-98A8-41A7-AB7A-3ECE3F2676E7}"= c:\program files\Acer Arcade Deluxe\SportsCap\SportsCap.exe:SportsCap "{9B590139-5F31-456C-A80B-09F993497C98}"= c:\program files\Acer Arcade Deluxe\TV Joy\TV Joy.exe:TV Joy "{E627FE97-C3C4-4AB6-9CDD-36752CD8EA8A}"= c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe:TV Joy Resident Program "{D0CBB1AF-D314-48FE-A882-5A148A2EEBA4}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{4ABA66CF-6802-4643-82B1-D5447D664772}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{D0796FE7-BD19-4093-A83F-85FC43FC01A1}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0ACE322C-9142-41DB-B3B1-968E035170A6}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{86A6740F-1EC4-445F-AD15-DC1EC427B0EC}"= UDP:d:\unreal 3\Binaries\UT3.exe:Unreal Tournament 3 "{04F5CFCF-7CBC-4E2F-AC6B-C4D4F1875E52}"= TCP:d:\unreal 3\Binaries\UT3.exe:Unreal Tournament 3 "{4879999F-7F12-4221-AC1E-8F1F0E8E0B2F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{58D08AAB-B01E-43D3-A1C3-59BC6D8EAC41}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{EDD9C18B-C139-435B-B02F-EC2B53EF6060}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{578BA746-8193-4EF3-9B44-764F821E895F}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C2A81C19-A758-44B9-9932-BEC3DA8AC7BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{4A597FD0-49AA-44E5-840B-C441292EB843}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{DC2F1035-F2E5-4958-8634-727A5F8930B6}"= UDP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{9CBBC8D9-EEC3-47C9-B6DD-E543CA5B862B}"= TCP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "TCP Query User{79C14D75-9374-4DC8-983B-B94582D3503B}c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "UDP Query User{D91AE181-1521-4C57-9050-EF6AAC40E85F}c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "{AA91191C-9264-423A-948F-791CF6304377}"= Profile=Public|c:\program files\Skype\Phone\Skype.exe:Skype "{AB5840BF-0BCA-4CF9-8DED-5908B10F6B43}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{CC53EB4B-8380-4497-AC25-BC49627C8618}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{219B4C14-7E3A-40EE-82AF-97BB5C581B3A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7F484088-FAB4-4149-B06A-A0351201F6C7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{6522DC96-08FF-4592-961C-CE76190996FA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D83D4199-2715-4978-8C23-9AAE0FFDF2F0}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{3B276676-691C-45DE-AE81-8FEF769A01D7}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BA1D46C6-0E2D-48F7-AEE7-29BE8648EDF9}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1EA9DAD3-4105-4E8B-9581-107440B7EB75}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{378CEDDC-BD2D-4897-AA3A-08D33B4D578C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DFE2593F-86FE-4FC5-8BA7-AC1044159366}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CC4507A0-B95B-468B-A784-6107C9B0AB2E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F4972030-55B0-4815-854B-0C61C5273503}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{E26F2DB1-3D64-4556-9F83-DBF58DAC2E7D}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{F4A3246C-6385-4104-A783-C8FA0CEA798C}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "c:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "c:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2008-01-24 180272] R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-08-28 26496] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-08 179712] R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-08-28 42496] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2007-07-26 49664] R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2007-08-28 13:52:42 13560] R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-07-26 50688] R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [2007-08-28 286820] R4 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [2007-08-28 110682] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-09-05 1527900] S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-10-30 37936] S4 NeroNET;NeroNET; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d6c658-cb74-11dd-8700-00a0d1a1f17c}] \shell\AutoRun\command - start.exe \shell\iledefrance\command - start.exe . Contenu du dossier 'Tâches planifiées' 2008-12-23 c:\windows\Tasks\epgcxxud.job - c:\windows\system32\rundll32.exe [2006-11-02 10:45] 2009-01-10 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Yoann_Yoann.job - d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51] 2009-01-09 c:\windows\Tasks\Norton Internet Security - Analyse système complète - Yoann.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 05:30] 2009-01-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\users\Yoann\AppData\Roaming\Mozilla\Firefox\Profiles\fdno0l3q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . . ------- Associations de fichier ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-12 16:28:32 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(1612) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\System32\drivers\XAudio.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Launch Manager\LManager.exe c:\acer\Empowering Technology\eNet\eNMTray.exe c:\acer\Empowering Technology\ePower\ePower_DMC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\users\Yoann\AppData\Local\Temp\RtkBtMnt.exe c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe c:\acer\Empowering Technology\eRecovery\eRAgent.exe c:\program files\iPod\bin\iPodService.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-01-12 16:31:43 - La machine a redémarré [Yoann] ComboFix-quarantined-files.txt 2009-01-12 15:31:27 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 19,183,284,224 octets libres 341 --- E O F --- 2008-09-27 08:01:52

yoann · Answer

ComboFix 09-01-11.04 - SYSTEM 2009-01-12 16:21:39.2 - NTFSx86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2046.1689 [GMT 1:00] Lancé depuis: G:\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\acer\AcerTour\Reminder.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 )))))))))))))))))))))))))))))))))))) . 2009-01-12 15:18 . 2009-01-12 15:54 d-------- c:\program files\FindyKill 2009-01-12 13:48 . 2009-01-12 13:48 268 --ah----- C:\sqmdata08.sqm 2009-01-12 13:48 . 2009-01-12 13:48 244 --ah----- C:\sqmnoopt08.sqm 2009-01-11 22:57 . 2009-01-11 22:57 268 --ah----- C:\sqmdata07.sqm 2009-01-11 22:57 . 2009-01-11 22:57 244 --ah----- C:\sqmnoopt07.sqm 2009-01-11 22:52 . 2009-01-11 22:52 268 --ah----- C:\sqmdata06.sqm 2009-01-11 22:52 . 2009-01-11 22:52 244 --ah----- C:\sqmnoopt06.sqm 2009-01-11 22:46 . 2009-01-11 22:46 268 --ah----- C:\sqmdata05.sqm 2009-01-11 22:46 . 2009-01-11 22:46 244 --ah----- C:\sqmnoopt05.sqm 2009-01-11 22:24 . 2009-01-11 22:24 268 --ah----- C:\sqmdata04.sqm 2009-01-11 22:24 . 2009-01-11 22:24 244 --ah----- C:\sqmnoopt04.sqm 2009-01-11 21:45 . 2009-01-11 21:45 d--h----- c:\users\Mélanie\AppData\Roaming\drivers 2009-01-11 21:44 . 2009-01-11 21:44 268 --ah----- C:\sqmdata03.sqm 2009-01-11 21:44 . 2009-01-11 21:44 244 --ah----- C:\sqmnoopt03.sqm 2009-01-11 19:29 . 2009-01-11 19:29 268 --ah----- C:\sqmdata02.sqm 2009-01-11 19:29 . 2009-01-11 19:29 244 --ah----- C:\sqmnoopt02.sqm 2009-01-11 18:10 . 2009-01-11 18:10 268 --ah----- C:\sqmdata01.sqm 2009-01-11 18:10 . 2009-01-11 18:10 244 --ah----- C:\sqmnoopt01.sqm 2009-01-11 17:55 . 2003-02-02 00:00 88,599 --a------ c:\windows\_iu14D2N.tmp 2009-01-11 17:50 . 2009-01-11 17:50 d-------- C:\DivX Movies 2009-01-11 17:43 . 2009-01-11 17:43 268 --ah----- C:\sqmdata00.sqm 2009-01-11 17:43 . 2009-01-11 17:43 244 --ah----- C:\sqmnoopt00.sqm 2009-01-11 17:34 . 2009-01-12 06:55 d-------- c:\program files\Spyware Doctor 2009-01-08 22:10 . 2009-01-08 22:10 d-------- C:\perflogs 2009-01-03 20:55 . 2009-01-03 20:55 d-------- C:\Temp 2008-12-27 20:10 . 2008-12-27 20:10 d-------- c:\program files\Trend Micro 2008-12-24 18:24 . 2008-12-25 01:45 d-------- c:\users\All Users\Spybot - Search & Destroy 2008-12-24 18:24 . 2008-12-25 01:45 d-------- c:\programdata\Spybot - Search & Destroy 2008-12-24 18:24 . 2009-01-12 06:55 d-------- c:\program files\Spybot - Search & Destroy 2008-12-23 22:52 . 2009-01-11 21:29 d--h----- c:\windows\msdownld.tmp 2008-12-23 12:00 . 2008-12-23 12:00 183,112 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-23 12:00 . 2008-12-23 12:00 138,184 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-23 12:00 . 2008-12-23 12:00 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-22 09:33 . 2009-01-11 17:54 d-------- c:\program files\Euro Truck Simulator 2008-12-15 19:50 . 2008-12-15 19:50 d----c--- c:\windows\System32\DRVSTORE 2008-12-15 19:50 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-12-15 19:50 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-15 19:49 . 2008-12-15 19:50 d-------- c:\program files\iTunes 2008-12-15 19:49 . 2008-12-15 19:49 d-------- c:\program files\iPod 2008-12-15 19:48 . 2009-01-12 06:55 d-------- c:\program files\Bonjour 2008-12-15 19:47 . 2008-12-15 19:48 d-------- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 15:28 1,572,864 --sha-w c:\users\Mélanie\ntuser.dat 2009-01-12 15:28 1,572,864 --sha-w c:\users\Mélanie\ntuser.dat 2009-01-12 12:46 54,133 ----a-w c:\users\Yoann\AppData\Roaming\nvModes.dat 2009-01-12 05:55 --------- d-----w c:\program files\Norton Internet Security 2009-01-11 20:56 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-11 20:45 --------- d--h--w c:\users\Mélanie\AppData\Roaming\drivers 2009-01-11 16:56 --------- d-----w c:\program files\Acer GameZone 2009-01-11 16:16 81,984 ----a-w c:\windows\System32\bdod.bin 2009-01-09 18:37 --------- d-----w c:\program files\Dofus 2009-01-08 14:06 --------- d---a-w c:\programdata\TEMP 2008-12-26 17:06 --------- d-----w c:\programdata\Microsoft Help 2008-12-25 23:04 --------- d-----w c:\program files\Google 2008-12-25 23:03 --------- d-----w c:\programdata\Google 2008-12-20 09:46 --------- d-----w c:\users\Yoann\AppData\Roaming\Vso 2008-12-19 17:57 --------- d-----w c:\programdata\Nero 2008-12-15 20:03 --------- d-----w c:\users\Yoann\AppData\Roaming\Nero 2008-12-15 18:49 --------- d-----w c:\program files\Common Files\Apple 2008-12-15 18:47 --------- d-----w c:\programdata\Apple Computer 2008-12-06 08:20 0 ----a-w c:\users\Yoann\AppData\Roaming\wklnhst.dat 2008-12-05 15:19 --------- d-----w c:\programdata\LightScribe 2008-12-05 14:40 --------- d-----w c:\program files\Common Files\Nero 2008-12-01 17:43 --------- d-----w c:\program files\Neuf 2008-11-15 11:50 --------- d-----w c:\program files\Image-Line 2008-11-14 20:53 --------- d-----w c:\program files\VstPlugins 2008-11-14 20:42 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 07:46 54,503 ----a-w c:\users\Mélanie\AppData\Roaming\nvModes.dat 2008-10-04 09:10 47,360 ----a-w c:\users\Yoann\AppData\Roaming\pcouffin.sys 2008-08-10 16:56 174 --sha-w c:\program files\desktop.ini 2008-09-30 19:04 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-09-30 19:04 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-09-30 19:04 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-09-30 19:04 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-09-30 19:04 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-06 4608] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2006-11-02 49664] "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 345640] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 39408] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-01-12 1695504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 833072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 107112] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2009-01-12 22696] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-28 784904] "MSPService"="c:\program files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe" [2007-02-13 102400] "TVEService"="c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe" [2007-06-01 151552] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-12 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-12 368640] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-12 583048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-01-12 1695504] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-26 535336] [HKLM\~\startupfolder\C:^Users^Yoann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] path=c:\users\Yoann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk backup=c:\windows\pss\Orion.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2009-01-12 14:33 1695504 c:\progra~1\SPYWAR~1\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2295671110-2891923004-1866197873-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E72405E1-DCEE-4399-B641-2A637A1B4747}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8B07A297-376D-4132-9B2A-7EE5268E1D6E}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{FE5EC648-3B05-47DD-B86E-91E07C116D4E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{1A5583F0-E1E4-4ABE-9918-EE5BBF7F08C3}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{1230AA1B-0C06-4F77-BA80-90DFA083BED6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BC92335E-9407-4F95-8A22-EB8B01636DA2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{177992E9-11C7-4F85-9861-E00741F37B67}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{ABB648B6-98A8-41A7-AB7A-3ECE3F2676E7}"= c:\program files\Acer Arcade Deluxe\SportsCap\SportsCap.exe:SportsCap "{9B590139-5F31-456C-A80B-09F993497C98}"= c:\program files\Acer Arcade Deluxe\TV Joy\TV Joy.exe:TV Joy "{E627FE97-C3C4-4AB6-9CDD-36752CD8EA8A}"= c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe:TV Joy Resident Program "{D0CBB1AF-D314-48FE-A882-5A148A2EEBA4}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{4ABA66CF-6802-4643-82B1-D5447D664772}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{D0796FE7-BD19-4093-A83F-85FC43FC01A1}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0ACE322C-9142-41DB-B3B1-968E035170A6}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{86A6740F-1EC4-445F-AD15-DC1EC427B0EC}"= UDP:d:\unreal 3\Binaries\UT3.exe:Unreal Tournament 3 "{04F5CFCF-7CBC-4E2F-AC6B-C4D4F1875E52}"= TCP:d:\unreal 3\Binaries\UT3.exe:Unreal Tournament 3 "{4879999F-7F12-4221-AC1E-8F1F0E8E0B2F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{58D08AAB-B01E-43D3-A1C3-59BC6D8EAC41}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{EDD9C18B-C139-435B-B02F-EC2B53EF6060}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{578BA746-8193-4EF3-9B44-764F821E895F}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C2A81C19-A758-44B9-9932-BEC3DA8AC7BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{4A597FD0-49AA-44E5-840B-C441292EB843}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{DC2F1035-F2E5-4958-8634-727A5F8930B6}"= UDP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{9CBBC8D9-EEC3-47C9-B6DD-E543CA5B862B}"= TCP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "TCP Query User{79C14D75-9374-4DC8-983B-B94582D3503B}c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "UDP Query User{D91AE181-1521-4C57-9050-EF6AAC40E85F}c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe "{AA91191C-9264-423A-948F-791CF6304377}"= Profile=Public|c:\program files\Skype\Phone\Skype.exe:Skype "{AB5840BF-0BCA-4CF9-8DED-5908B10F6B43}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{CC53EB4B-8380-4497-AC25-BC49627C8618}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{219B4C14-7E3A-40EE-82AF-97BB5C581B3A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7F484088-FAB4-4149-B06A-A0351201F6C7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{6522DC96-08FF-4592-961C-CE76190996FA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D83D4199-2715-4978-8C23-9AAE0FFDF2F0}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{3B276676-691C-45DE-AE81-8FEF769A01D7}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BA1D46C6-0E2D-48F7-AEE7-29BE8648EDF9}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1EA9DAD3-4105-4E8B-9581-107440B7EB75}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{378CEDDC-BD2D-4897-AA3A-08D33B4D578C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DFE2593F-86FE-4FC5-8BA7-AC1044159366}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CC4507A0-B95B-468B-A784-6107C9B0AB2E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F4972030-55B0-4815-854B-0C61C5273503}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{E26F2DB1-3D64-4556-9F83-DBF58DAC2E7D}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{F4A3246C-6385-4104-A783-C8FA0CEA798C}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "c:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "c:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2008-01-24 180272] R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-08-28 26496] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-08 179712] R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-08-28 42496] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2007-07-26 49664] R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2007-08-28 13:52:42 13560] R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-07-26 50688] R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [2007-08-28 286820] R4 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [2007-08-28 110682] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-09-05 1527900] S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-10-30 37936] S4 NeroNET;NeroNET; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d6c658-cb74-11dd-8700-00a0d1a1f17c}] \shell\AutoRun\command - start.exe \shell\iledefrance\command - start.exe . Contenu du dossier 'Tâches planifiées' 2008-12-23 c:\windows\Tasks\epgcxxud.job - c:\windows\system32\rundll32.exe [2006-11-02 10:45] 2009-01-10 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Yoann_Yoann.job - d:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51] 2009-01-09 c:\windows\Tasks\Norton Internet Security - Analyse système complète - Yoann.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 05:30] 2009-01-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\users\Yoann\AppData\Roaming\Mozilla\Firefox\Profiles\fdno0l3q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . . ------- Associations de fichier ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-12 16:28:32 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(1612) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\System32\drivers\XAudio.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Launch Manager\LManager.exe c:\acer\Empowering Technology\eNet\eNMTray.exe c:\acer\Empowering Technology\ePower\ePower_DMC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\users\Yoann\AppData\Local\Temp\RtkBtMnt.exe c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe c:\acer\Empowering Technology\eRecovery\eRAgent.exe c:\program files\iPod\bin\iPodService.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-01-12 16:31:43 - La machine a redémarré [Yoann] ComboFix-quarantined-files.txt 2009-01-12 15:31:27 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 19,183,284,224 octets libres 341 --- E O F --- 2008-09-27 08:01:52

jlpjlp · Answer

tu as quelle protection?


________________


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

yoann · Answer

oui il allait sur le net mais la plus aucune connexion wifi pas d'antivirus ...

jlpjlp · Answer

pour la connexion wifi:



erreur 1068 - Suite à infection virale de votre ordinateur avec un virus du type "bagle" ou "beagle" ... 

Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068. 

Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution: 

Vous devez aller dans la base de registre avec regedit ou autre. 

1. Demarrer > executer > Tapez : "regedit" en ok 

2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio 

Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement. 

Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez. 

Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.

yoann · Answer

tu veux que je te donne le logfile de hitjack

jlpjlp · Answer

oui

yoann · Answer

ok Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2009-01-12
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Windows\System32undll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32undll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Yoann\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
G:\RSIT.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32	askeng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MSPService] C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NeroNET - Nero AG - (no file)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

jlpjlp · Answer

tu peux de nouveau aller sur le net?

pour tes protections il faut tout virer car bagle a tout detruit et remettre ton antivirus, spybot

yoann · Answer

non je ne peux pas aller sur le net mais, je detecte ma connexion habituel

jlpjlp · Answer

1 ordi = 1 seul antivirus!






Pour réparer la connexion internet:




1/
# Cliquez sur le bouton Démarrer.
# Cliquez sur l'option de menu Paramètres.
# Cliquez sur l'option Panneau de configuration.
# Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau. Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet puis cliquez sur Connexions réseau tout en bas.
# Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
# Cliquez simplement sur l'option de menu Réparer.

2/
utilise lspfix
https://www.01net.com/telecharger/windows/Utilitaire/reseau/fiches/33379.html
http://lanceyien-info.com/index.php?page=utilitaires#lspfix
http://www.zdnet.fr/telecharger/windows/fiche/0,39021313,39138667s,00.htm


3/
-Télécharge cet outil d'ici:
WinSockFix
http://www.softpedia.com/progDownload/WinS...load-15337.html
(prends le deuxieme miroir)
-Une fois téléchargé,tu le lances

-Tu cliques sur"ReG-Backup" pour créer une sauvegarde du registre,dans un dossier de ton choix.

-Une fois la sauvegarde éffectuée,clique sur "Fix", au méssage "WinsockFix will now attempt to Repair your connection" tu reponds par "OUI"

-Il va travailler,tu le laisse faire,à la fin des corrections tu auras le méssage suivant"Repair completed Please Reboot", tu cliques sur "OK"

-Le PC va redémarrer,

-Communique les résultats.


___________________

4/
erreur 1068 - Suite à infection virale de votre ordinateur avec un virus du type "bagle" ou "beagle" ...

Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068.

Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution:

Vous devez aller dans la base de registre avec regedit ou autre.

1. Demarrer > executer > Tapez : "regedit" en ok

2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio

Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement.

Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez.

Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.


5/ utilise ZEB RESTORE


http://telechargement.zebulon.fr/zeb-restore.html

____________

6/
ou repare windows

http://www.informatruc.com/reparer-windows-xp/

Virus winunpgro.exe

14 réponses

Discussions similaires