Sujet Précédent Sujet Suivant

[virus?] non reconnu par antivir spybot etc..

Résolu/Fermé
vanessa - 4 nov. 2005 à 08:19
 Utilisateur anonyme - 6 nov. 2005 à 08:08
Bonjour, j'ai un virus ou spyware ou himachin ou autre trucware, qui a pour effet de rajouter des liens hypertextes sur pleins de mots dans les pages web que je visite. Ces liens menent vers des sites pubicitaires (direct assurance par exemple).
Il n'est pas reconnu par antivir ni ad-aware ni spybot .
Ci dessous ma log,
Je vois que j'ai des trucs bizarres sur yahoo chat.
Merci d'avance pour vos reponses, là je vais au travail , je ne verrais pas vos messages avant 20heures ce soir.

Logfile of HijackThis v1.99.1
Scan saved at 08:02:24, on 04/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??anregw.exe
C:\Program Files\toud\cuwe.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\Nouveau dossier\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MSN Service] amsnmsgrs.exe
O4 - HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 - HKLM\..\Run: [Logitechs] Logitechs.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\Run: [MS UniX] navupdate64.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [MSN Service] amsnmsgrs.exe
O4 - HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [MS UniX] navupdate64.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 - HKCU\..\Run: [MSN Service] amsnmsgrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dxc] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [MS UniX] navupdate64.exe
O4 - HKCU\..\Run: [Heth] "C:\Program Files\toud\cuwe.exe" -vt ndrv
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131054718876
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.gpcservices.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A963721-6A80-479D-9520-B5FCDBA3D90C}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A963721-6A80-479D-9520-B5FCDBA3D90C}: NameServer = 213.36.80.1 213.36.80.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Navigation étendue et définition (Connexion dictionnaire) - Unknown owner - C:\WINDOWS\System32\Weather.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
4 nov. 2005 à 17:28
Bonjour,

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf


5/

Pour LspFix :
http://translate.google.com/translate?hl=fr&sl=en&u=http://www.cexx.org/lspfix.htm&prev=/search%3Fq%3Dlspfix%26num%3D100%26hl%3Dfr%26lr%3D%26ie%3DUTF-8
http://www.cexx.org/LSPFix.exe

Tu le lances.
Tu coches "I know what I'm doing"
Tu fais passer dans "remove" tout ce qui a trait à ‘msvrl.dll '
Et surtout rien d'autre!
Tu cliques « finish ».


----------------------------------------------------------------------------
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [MSN Service] amsnmsgrs.exe

O4 - HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe

O4 - HKLM\..\Run: [Logitechs] Logitechs.exe

O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE

O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe

O4 - HKLM\..\Run: [MS UniX] navupdate64.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\RunServices: [MSN Service] amsnmsgrs.exe

O4 - HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe

O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe

O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe

O4 - HKLM\..\RunServices: [MS UniX] navupdate64.exe

O4 - HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe

O4 - HKCU\..\Run: [MSN Service] amsnmsgrs.exe

O4 - HKCU\..\Run: [Dxc] C:\WINDOWS\System32\??anregw.exe

O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe

O4 - HKCU\..\Run: [MS UniX] navupdate64.exe

O4 - HKCU\..\Run: [Heth] "C:\Program Files\toud\cuwe.exe" -vt ndrv

O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab

O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\UNMT.EXE
C:\Program Files\Media Access\
Logitechs.exe
sysuptime.exe
amsnmsgrs.exe
C:\WINDOWS\System32\??anregw.exe
navupdate64.exe
C:\Program Files\toud\
ms32.exe

----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+

et Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\System32\Weather.exe
Clik send et colle le rapport stp
A+
0
Réponse 2 / 7
vanessa
4 nov. 2005 à 20:59
OHHH merci, ça a marché , tu es un dieu !!!

le truc sur virus total ca n'a pas l'air d'avoir marché
File size can't be more than 10 Megabytes.
You can't try compressing it.
Thanks you.

<< Go back
mais weather.exe , c'est un pgm installé par un virus d'avant qui mettait plein de truc "friends" (une barre d'outil, des liens, une image moche derièrre les barres d'outil). Ca mettait une icone meteo.
Un coup d'antivir, qui avait trouvé 2 trucs , j'ai supposé que l'un d'eux etait friend. Weather etait resté , je l'avais supprimé par l'outil de supression de programmes du panneau de configuration.

Voici ma log (toute propre !!)
Logfile of HijackThis v1.99.1
Scan saved at 20:42:19, on 04/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\Nouveau dossier\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131054718876
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.gpcservices.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Navigation étendue et définition (Connexion dictionnaire) - Unknown owner - C:\WINDOWS\System32\Weather.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 3 / 7
Utilisateur anonyme
4 nov. 2005 à 22:48
coucou
un DIEU, oui oui je sais lol

avec antivir, clik droit sur cela et scan et donne moi le rapport stp
C:\WINDOWS\System32\Weather.exe

a+
0
Réponse 4 / 7
vanessa
5 nov. 2005 à 11:12
ce fichier n'existe pas

J'ai fait un scan antivir complet, sur tout le disque, il n'a rien detecté.
Ya quelques warning dans la log, Je vais pas te la coller ici entierement , c'est beaucoup plus gros qu'une log hijack. Sinon, je pourrais te l'envoyer par mail ?
Ca va pas encombrer le site ici, a force de tous coller des logs ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Utilisateur anonyme
5 nov. 2005 à 12:18
salut vanessa,
oulalala le site tu peux coller n importe quel rapport, article, ou resumé...
Il n y a aucuns soucis pour cela, tu peux le mettre ici

a+
0
vanessa
5 nov. 2005 à 23:35
bon , ben j'envoie alors
(en même temps, je crois que tout va bien maintenant)

Creation date of the report file: samedi 5 novembre 2005 10:14

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1111 of 18.10.2005
Mainprogram 6.32.00.50 of 13.10.2005
VDF file 6.32.11.9 (0) of 31.10.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 239758 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149996-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 1)
Username: Propriétaire
Computername: VANESSA
Processor: Pentium
Working memory: 195056 KB free

Version information:
AVWIN.DLL : 6.32.00.50 561192 13.10.2005 16:32:14
AVEWIN32.DLL : 6.32.0.57 954880 14.10.2005 15:08:24
AVGNT.EXE : 6.32.00.02 180327 14.10.2005 12:32:02
AVGUARD.EXE : 6.32.00.12 208424 17.10.2005 08:35:12
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 09:24:10
AVGCMSG.DLL : 6.32.00.01 295029 13.10.2005 16:32:14
AVGNTDW.SYS : 6.31.00.01 32896 07.06.2005 10:34:48
AVPACK32.DLL : 6.32.00.02 319528 18.10.2005 11:57:30
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 16:10:20
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 16:10:22
AVSched32.EXE : 6.32.00.01 110632 20.09.2005 14:16:24
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 09:24:10
AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50
AVRep.DLL : 6.32.00.120 1454120 01.11.2005 11:43:58
INETUPD.EXE : 6.32.00.52 262203 17.10.2005 15:46:14
INETUPD.DLL : 6.32.00.52 143360 17.10.2005 15:46:14
CTL3D32.DLL : 2.31.000 27136 30.08.2002 03:00:00
MFC42.DLL : 6.00.8665.0 995383 30.08.2002 03:00:00
MSVCRT.DLL : 7.0.2600.1106 (xpsp1.020828-1920
MSVCRT.DLL : 7.0.2600.1106 323072 30.08.2002 03:00:00
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM

Start of scan: samedi 5 novembre 2005 10:14

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK


Access denied! Error during file opening!
Error code: 0x0002
C:\

WARNING! Access error/file locked!
Access denied! Error during file opening!
Error code: 0x0002

WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearch1.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearch2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchToolband.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband1.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband2.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband3.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband4.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband5.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchToolband6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCA.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer.zip
ArchiveType: ZIP
NOTE! No files to extract.
DyFuCAInternetOptimizer1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer3.zip
ArchiveType: ZIP
NOTE! No files to extract.
DyFuCAInternetOptimizer4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
EffectiveBandToolbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTactiveX.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTactiveX1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTbar5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechPowerScan.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechPowerScan1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind.zip
ArchiveType: ZIP
NOTE! No files to extract.
ISearchTechSideFind1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind4.zip
ArchiveType: ZIP
NOTE! No files to extract.
ISearchTechSideFind5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSideFind8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Laypros.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
LSA10.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA11.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA12.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA13.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA14.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA15.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA16.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA17.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA2.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA3.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA4.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA5.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA6.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA7.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA8.zip
ArchiveType: ZIP
NOTE! No files to extract.
LSA9.zip
ArchiveType: ZIP
NOTE! No files to extract.
MediaTickets.zip
ArchiveType: ZIP
NOTE! No files to extract.
MediaTickets1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MediaTickets2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
nCase.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
nCase1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ShopAtHome.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ShopAtHome1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ShopAtHome2.zip
ArchiveType: ZIP
NOTE! No files to extract.
ShopAtHome3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SmitfraudC.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SmitfraudC1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SYSWEBTELECOM6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TIBS.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsAdTools.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WinHwbot.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WinHwbot1.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\Propriétaire\Mes documents
Ma musique.zip
ArchiveType: ZIP
NOTE! No files to extract.
Error! Could not change directory: System Volume Information
C:\WINDOWS\Internet Logs
vsmon_2nd_2005_09_26_21_42_17.dmp.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\WINDOWS\SoftwareDistribution\EventCache
{96C73B6A-D3AC-4A72-AA40-E00EB4DEA002}.bin
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\Temp
ZLT05ee4.TMP
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!

End of scan: samedi 5 novembre 2005 11:03
Time taken: 49:43 min


3130 directories were scanned
94036 files were scanned
9 warning messages were issued
0 files were deleted
0 files were repaired
0 detections
0
Réponse 6 / 7
bernie61
6 nov. 2005 à 00:02
salut
dans l'attente de notre bon Régis

Répertoire à effacer C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

a+
0
Réponse 7 / 7
Utilisateur anonyme
6 nov. 2005 à 08:08
salut bernie,
ca va?
Spybot - Search & Destroy\Recovery <--- c est pas les sauvegardes de spybot?

Vanessa, peux tu lancer spybot, aller dans sauvegarde et me dire si tu as alexa qui s y trouve stp

a+(merci bernie ^^)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Pip n'est pas reconnu en tant que commande interne
Chris3874 -
Utilisateur anonyme -

22 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses