Protection Center et MalwareBytes

Question

Bonjour, 
J'ai un problème assez sérieux avec un pc portable fonctionnant sous windows 7

Tout d'abord j'ai été infecté par le virus Protection Center, après pas mal de temps de recherche j'ai fini par trouver un antivirus qui semble l'avoir enlevé: MalwareBytes
Le problème lorsqu'il à eu fini son scanner et supprimé les fichier infectés il y à eu un message d'erreur (pas eu le temps de le lire -_-") et l'ordinateur à redémarré

Depuis aucun programme ne se lance plus au démarrage de windows et il n'y à plus moyen d'en lancer un autre (windows demande avec quel programme je doit lire le fichier.. alors que le fichier en question est un programme)

Franchement je suis de plus en plus paumé, au hasard je donne le peu d'info que j'aie:
Après infection par Protection Center:
-plus de bureau tant que le processus "RunOnceWrapper" n'a pas été stoppé
-apparition d'icones sur le bureau (trois porno, deux spam et un trojan)
-Protection Center qui s'ouvre toutes cinq minutes
-ralentissement du pc
-impossible d'ouvrir une page internet
-redémarage régulier du pc
-un processus appelé mscdexnt s'ouvre une bonne dizaine de fois

En enregistrant MalwareBytes sur une clé j'ai pu le lancer sur le pc infecté, mais pour le coup depuis plus rien ne marche

A court de solutions il va me falloir de l'aide d'utilisateurs expérimentés

Merci d'avance

Karel7 · Answer

Salut,

Essaye de faire ca en mode sans echec ;) (redemarre, au bip, tapote F8, selectionne avec les touches haut et bas "Mode Sans Echec" et appuyi sur Entrée) :

télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n'est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l'analyse

Utilise cjoint.com pour poster en lien tes rapports :
https://www.cjoint.com/

- Clique sur Parcourir pour aller chercher le rapport C:\rsit\log.txt
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

Et fais la même chose avec l'autre rapport C:\rsit\info.txt 

++
Karel

gen-hackman · Answer

salut à vous est-il possible de lire le rapport de malwarebytes afin de savoir quel type d'infection tu avais , car suivant laquelle , tu n'es pas desinfecté

gen-hackman · Answer

ouvre malwarebytes , onglet rapport log ,le rapport ou il y a les detections précitées 
?G3?-?@¢??@?(TM)©®?

Trankill · Answer

Trouvés, voila:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4186

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/06/2010 20:04:43
mbam-log-2010-06-10 (20-04-43).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 1980
Temps écoulé: 1 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 29
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 54
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
C:\Users\Juliette\AppData\Local\Temp\mscdexnt.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\Juliette\AppData\Roaming\Protection Center\cntprot.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Public\infocard.exe (Worm.Bot) -> Unloaded process successfully.
C:\Users\Juliette\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Windows\System32\atiadlxy32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\C_ISCII32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDOIProxy32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\aticaldd32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\bidispl32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\certCredProvider32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d3d1032.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDOIProxy3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\bitsperf32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\certenc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d2d132.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDACLSys32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dlleb9ce32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dllvnsj1jtqagm8i32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dllj91az32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\Juliette\AppData\Local\Temp\kernel64xp.dll (Rootkit.TDSS.Gen) -> Delete on reboot.
C:\Users\Juliette\AppData\Roaming\Protection Center\cnthook.dll (Malware.Packer.Gen) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection center (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Worm.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\atiadlxy32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\atiadlxy32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\comdlg3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\comdlg3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\c_iscii32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\c_iscii32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\ddoiproxy32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\ddoiproxy32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\aticaldd32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\aticaldd32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\bidispl32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\bidispl32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certcredprovider32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certcredprovider32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\comdlg3232.dllth3aniyl77dba3332.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\comdlg3232.dllth3aniyl77dba3332.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\d3d1032.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\d3d1032.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\ddoiproxy3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\ddoiproxy3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\bitsperf32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\bitsperf32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenc32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenc32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\d2d132.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\d2d132.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\ddaclsys32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\ddaclsys32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dlleb9ce32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dlleb9ce32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\blackbox32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\blackbox32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenrollui32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenrollui32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\blackbox32.dllogq0ng32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\blackbox32.dllogq0ng32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenrollui32.dllhqm5vziphtec3t32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenrollui32.dllhqm5vziphtec3t32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dllvnsj1jtqagm8i32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dllvnsj1jtqagm8i32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dllj91az32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\certenrollui32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dllj91az32.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\atiadlxy32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\C_ISCII32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDOIProxy32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\aticaldd32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\bidispl32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\certCredProvider32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d3d1032.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDOIProxy3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\bitsperf32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\certenc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d2d132.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDACLSys32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\comdlg3232.dllth3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dlleb9ce32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\blackbox32.dllogq0ng32.dlltb4ftpwa232.dll93inr38y32.dllvnsj1jtqagm8i32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\CertEnrollUI32.dllhqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dllj91az32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\Juliette\AppData\Local\Temp\mscdexnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\kernel64xp.dll (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Roaming\Protection Center\cntprot.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Roaming\Protection Center\cnthook.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Public\infocard.exe (Worm.Bot) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

Trankill · Answer

Et l'autre plus récent que j'ai fait aujourd'hui:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4186

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/06/2010 16:12:07
mbam-log-2010-06-12 (16-12-07).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 134950
Temps écoulé: 5 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\SysWOW64\dciman3232.dll (Trojan.Tracur) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{1693f142-58aa-40d5-886c-eb6b4f0392ac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1693f142-58aa-40d5-886c-eb6b4f0392ac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1693f142-58aa-40d5-886c-eb6b4f0392ac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1693f142-58aa-40d5-886c-eb6b4f0392ac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\Juliette\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\SysWOW64\dciman3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\compobj32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\d2d13232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\d3d10_132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\dciman3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\DDORes32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\97a3.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\a50b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\af86.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asd4485.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asd4E25.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asd6BB3.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asd7FCF.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asdA8D2.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asdAE7D.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\asdB09F.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\bb0b.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\nOYoRFcoqA.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\PRAGMAcdd9.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\TMP16074.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp3E0F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp4639.tmp.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp4936.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp5298.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp6F1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmp8397.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmpAE7D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmpB225.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\tmpB65A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\Ufp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\uvwegtBVkO.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\KM48C1R1\xxx[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Roaming\SystemProc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Protection Center.LNK (Rogue.ProtectionCenter) -> Quarantined and deleted successfully.
C:\Users\Juliette\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\0.8386257546404449.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Juliette\AppData\Local\Temp\Ufr.exe (Trojan.FakeAlert) -> Delete on reboot.

gen-hackman · Answer

&#9654 Telecharge UsbFix 

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


&#9654 Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

gen-hackman · Answer

à desinfecter de diverses infections

c'est cette ligne qui me fait l'utiliser dans ce cas :

C:\Users\Juliette\AppData\Local\Temp
OYoRFcoqA.exe (Trojan.PWS)

Trankill · Answer

Après utilisation de UsbFix:

############################## | Usbfix 7.009 | [Recherche]

Utilisateur: Juliette (Administrateur) # JULIETTE-PC [Dell Inc. Studio 1555]
Mis à jour le 12/06/10 par El Desaparecido / C_XX
Lancé à 18:24:08 | 12/06/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
CPU 2: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Microsoft Windows 7 Édition Familiale Premium  (6.1.7600 64-Bit) # 
Internet Explorer 8.0.7600.16385

RAM -> 4061 Mo 
C:\ (%systemdrive%) -> Disque fixe # 283 Go (228 Go libre(s) - 80%) [OS] # NTFS
D:\ -> CD-ROM

################## | Éléments infectieux |

Présent! C:\$Recycle.Bin\S-1-5-21-3623478326-796653667-428437718-1000

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

gen-hackman · Answer

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

&#9654 Télécharge List_Kill'em

 et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

&#9830 Executer Shortcut
&#9830 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

gen-hackman · Answer

non

Trankill · Answer

Et voila:

HKLM\SYSTEM\CCS\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242

gen-hackman · Answer

tu ne l'as pas executé avec le clic droit "executer en tant que..."

Trankill · Answer

Excuse moi

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.8 ¤¤¤¤¤¤¤¤¤¤

User : Juliette (Administrateurs) 
Update on 12/06/2010 by g3n-h@ckm@n ::::: 14.40
Start at: 11:42:45 | 13/06/2010

Pentium(R) Dual-Core CPU       T4300  @ 2.10GHz
Microsoft Windows 7 Édition Familiale Premium  (6.1.7600 64-bit) # 
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 283,4 Go (226,23 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible | 1,92 Go (1,37 Go free) | FAT
 
Boot: Normal 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes 

C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\pv.exe

============
Keys "Run" 
============

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr	REG_SZ         	"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Steam	REG_SZ         	"c:\program files (x86)\steam\steam.exe" -silent
eMuleAutoStart	REG_SZ         	C:\Program Files (x86)\eChanblard\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
StartCCC	REG_SZ         	"c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
Dell DataSafe Online	REG_SZ         	"C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m 
PDVDDXSrv	REG_SZ         	"C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" 
Dell Webcam Central	REG_SZ         	"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 
Desktop Disc Tool	REG_SZ         	"c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" 
DellSupportCenter	REG_SZ         	"C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter 
NPSStartup	REG_SZ         	 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=============
Other Keys
=============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	5 (0x5) 
ConsentPromptBehaviorUser	REG_DWORD      	3 (0x3) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	1 (0x1) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableUIADesktopToggle	REG_DWORD      	0 (0x0) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	0 (0x0) 

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveAutoRun	REG_DWORD      	0 (0x0) 
NoDriveTypeAutoRun	REG_DWORD      	0 (0x0) 

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoActiveDesktop	REG_DWORD      	1 (0x1) 
NoActiveDesktopChanges	REG_DWORD      	1 (0x1) 
ForceActiveDesktopOn	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	0 (0x0) 
NoDriveTypeAutoRun	REG_DWORD      	0 (0x0) 

===============
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	th3aniyl77dba3332.dll,th3aniyl77dba3332.dll87gjwaas32.dll,th3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dll,th3aniyl77dba3332.dll87gjwaas32.dll7vap1532.dlleb9ce32.dll,ogq0ng32.dll,hqm5vziphtec3t32.dll,ogq0ng32.dlltb4ftpwa232.dll,hqm5vziphtec3t32.dllwypbqgan32.dll,ogq0ng32.dlltb4ftpwa232.dll93inr38y32.dll,hqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dll,ogq0ng32.dlltb4ftpwa232.dll93inr38y32.dllvnsj1jtqagm8i32.dll,hqm5vziphtec3t32.dllwypbqgan32.dll8c2ftv32.dllj91az32.dll

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 PreCreateKnownFolders	REG_SZ         	{A520A1A4-1780-4FF6-BD18-167343C5AF16} 
 DefaultDomainName	REG_SZ         	 
 DefaultUserName	REG_SZ         	 
 Userinit	REG_SZ         	C:\Windows\SysWOW64\Userinit.exe, 
 VMApplet	REG_SZ         	SystemPropertiesPerformance.exe /pagefile 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 

===============


===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

=====
BHO :
=====

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{427F88AD-1034-4198-AC90-1E54A87B6037}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DF31487-A647-47D6-9AD2-28AB2B954D61}: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.84 109.0.64.242 

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr
Local Page	REG_SZ         	C:\Windows\SysWOW64\blank.htm
Default_Search_URL	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr
Local Page	REG_SZ         	C:\Windows\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!  
 
=========
Atapi.sys
=========

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys : 
[MD5.02062c0b390b7729edc9e69c680a6f3c]
[SHA256.0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273]
 
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys : 
[MD5.02062c0b390b7729edc9e69c680a6f3c]
[SHA256.0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273]
 
Référence :
==========

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4   : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
 
=======
Drive :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\install.exe  
Present !! : C:\Program Files (x86)\Ask.com  
Present !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}  
Present !! : C:\Windows\System32\404Fix.exe  
Present !! : C:\Windows\System32\dumphive.exe  
Present !! : C:\Windows\System32\IEDFix.exe  
Present !! : C:\Windows\System32\Process.exe  
Present !! : C:\Windows\System32\SrchSTS.exe  
Present !! : C:\Windows\System32	mp.reg  
Present !! : C:\Windows\System32\VACFix.exe  
Present !! : C:\Windows\System32\VCCLSID.exe  
Present !! : C:\Windows\System32\WS2Fix.exe  
Present !! : C:\Windows\Syswow64\404Fix.exe  
Present !! : C:\Windows\Syswow64\dumphive.exe  
Present !! : C:\Windows\Syswow64\IEDFix.exe  
Present !! : C:\Windows\Syswow64\Process.exe  
Present !! : C:\Windows\Syswow64\SrchSTS.exe  
Present !! : C:\Windows\Syswow64	mp.reg  
Present !! : C:\Windows\Syswow64\VACFix.exe  
Present !! : C:\Windows\Syswow64\VCCLSID.exe  
Present !! : C:\Windows\Syswow64\WS2Fix.exe  
Present !! : C:\Windows\Temp\TS_1057.tmp  
Present !! : C:\Windows\Temp\TS_13C2.tmp  
Present !! : C:\Windows\Temp\TS_15E5.tmp  
Present !! : C:\Windows\Temp\TS_1D4F.tmp  
Present !! : C:\Windows\Temp\TS_29C4.tmp  
Present !! : C:\Windows\Temp\TS_2EB4.tmp  
Present !! : C:\Windows\Temp\TS_34C.tmp  
Present !! : C:\Windows\Temp\TS_3D94.tmp  
Present !! : C:\Windows\Temp\TS_FE6B.tmp  
Present !! : C:\Users\Juliette\AppData\Local\GDIPFONTCACHEV1.DAT  
Present !! : C:\Users\Juliette\AppData\LocalLow\AskToolbar  
Present !! : C:\Users\Juliette\Local Settings\Temp\1.ico  
Present !! : C:\Users\Juliette\Local Settings\Temp\2.ico  
Present !! : C:\Users\Juliette\Local Settings\Temp\3.ico  
Present !! : C:\Users\Juliette\Local Settings\Temp\cnt.dat  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\add_to_ustart.exe  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\MsgPlusUninstall.exe  
Present !! : C:\Users\Juliette\LOCAL Settings\Tempegister.exe  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\cnt.dat  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\cntr.dat  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna2245084046837613724.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna2628958570163201837.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna3395327396081432081.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna3529950915602121521.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna4140668292746060356.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna4282374420896179810.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna4385682626738759586.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna4712342115760043843.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna5230885506682010865.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna5493835608135593052.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna5526575032003823878.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna5607390770822541051.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna6255433835059008789.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna7157630033049049518.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna742818123824502904.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna7562795512195786633.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna7776175263241526552.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna8231227389078069018.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna8539627145677794252.dll  
Present !! : C:\Users\Juliette\LOCAL Settings\Temp\jna88832322638075487.dll  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {D4027C7F-154A-4066-A1AD-4243D8127440}  
Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {00000000-6E41-4FD3-8538-502F5495E5FC}  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges  
Present !! : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"  
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"  
Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"  
Present !! : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}  
Present !! : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}  
Present !! : HKCR\GenericAskToolbar.ToolbarWnd  
Present !! : HKCR\GenericAskToolbar.ToolbarWnd.1  
Present !! : HKCR\secfile  
Present !! : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Present !! : HKCU\software\appdatalow\AskToolbarInfo  
Present !! : HKCU\software\appdatalow\software\AskToolbar  
Present !! : HKCU\software\Ask.com  
Present !! : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}  
Present !! : HKLM\software\classes\appid\GenericAskToolbar.DLL  
Present !! : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}  
Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd  
Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1  
Present !! : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF  
Present !! : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}  
Present !! : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}  
Present !! : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}  
Present !! : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Present !! : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}  

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

============

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 11:56:28
Windows 6.1.7600  WOW64 FAT NTAPI

detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 11:56:28,32

gen-hackman · Answer

&#9654 Relance List&Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

&#9654 choisis l'option Reinit AppInit_DLLs 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre  

&#9654 colle le contenu dans ta reponse  

ensuite 

&#9654 Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

&#9654 choisis l'Option Clean 

ton PC va redemarrer, 

laisse travailler l'outil. 

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , 

&#9654 colle le contenu dans ta reponse  
?G3?-?@¢??@?(TM)©®?

Protection Center et MalwareBytes

14 réponses

Votre réponse

Discussions similaires

Newsletters