hijackthis resultat... Résolu/Fermé

Question

Bonjour,
j vien  de scanner mon ordi ,, et j trouve ca...

quelqu'un peu m'aider SVP?????


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:59 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Aclient\AClient.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Aclient\AClntUsr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by GNUlihd@gmail.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MFC32DLL.dll.vbs
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus]  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

g!rly · Answer

bonjour,

Télécharge :

http://www.softbkk.com/hacked_by_godzilla_remove_tools_,3,downloading/

Exécute le logiciel.
Accepte la license et a la deuxième fenêtre clic sur "Do it now".
Une fenêtre va s'ouvrir te demandant de scanner choisis ton ou tes disque(s) dur puis lance le scan
Une fois le scan terminé clic sur "close" puis redémarre ton PC

et 

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

zib@zib · Answer

salut , j l fai l scan de NOD32  et j redemarer mon ordi mais ,, qu'an j click sur mon administrateur pour logg on ,, l'ordi se plante il il ne bouge pas,, donc j reste sur l'ecran loggon,, est rien ne ce passe,,, comment faire?

g!rly · Answer

il te demande ton mot de passe c´est ca?

zib@zib · Answer

no il m demande pas l mot de passe car j pas mit de mot de passe,,, maintenant j utiliser d'autre utilisateur ca passe,, mais j n p pas utiliser l'administrateur ,, car c la ou j installer nod32 ,, apres avoir redemarrer,, j n p pas y entre dedans

g!rly · Answer

uuhhmm,

passe les outils et post les rapports

Télécharge :

http://www.softbkk.com/hacked_by_godzilla_remove_tools_,3,downloading/

Exécute le logiciel.
Accepte la license et a la deuxième fenêtre clic sur "Do it now".
Une fenêtre va s'ouvrir te demandant de scanner choisis ton ou tes disque(s) dur puis lance le scan
Une fois le scan terminé clic sur "close" puis redémarre ton PC

et

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

zib@zib · Answer

ca  va j sui dans l'administrateur,, j essaye de change l'utilisateur,,,et puis en clicant sur l'administrateur ,, tou va bien maintenant

g!rly · Answer

je me répéte passe les outils que je t´ai prposé car tu es infecté...

zib@zib · Answer

j fai l premier scan avec NOD32 j redemarer l pc j fait   le Double clique combofix.exe.  mais j voi toujour le message qui reste ,, donc rien n passe j sui toujour ici ,,, j  n sais pas si j patiente ou pas,, l message di ,,, scanning for the infected files...this tipically doesn't take more than 10 minute however ,scan times for badly infected machine easily double.. il ya plus d'un quart d'heure j'ettend 

comment faire?

g!rly · Answer

donc tu as passé hacked par godzilla?

peux tu poster le rapport de combofix stp

zib@zib · Answer

j vien de trouver ca?
pkigojr: Niambie
maina_jacqueline: hi
pkigojr: Cool how r u doin?
pkigojr: lol
pkigojr: lol
maina_jacqueline: fie.missin alot
pkigojr: I can't believe
pkigojr: Miss u too J
maina_jacqueline: what!!!!!!!!!!?
pkigojr: What ?????
pkigojr: Aha lete habari mtoto
maina_jacqueline: we a online.its like ua here
pkigojr: Big time Jacque
pkigojr: Kama tupo wote Udasa
maina_jacqueline: ure my best as ever.
pkigojr: I realy appreciate 4 that J
maina_jacqueline: enhee tel me how is beb
pkigojr: He's doing good
pkigojr: Gting big now
maina_jacqueline: and mum?
pkigojr: She's good as well
pkigojr: No complains
maina_jacqueline: i like that
pkigojr: I like that too My lv
maina_jacqueline: how is south?
maina_jacqueline: tel me how can i get those pictures?
pkigojr: Like this one?
pkigojr: I'll send 'em to you when I got time
maina_jacqueline: u make me happy.yes it is
pkigojr: Do u remember this Picture?
maina_jacqueline: thanks my lv
maina_jacqueline: yes.
pkigojr: Mambo mengine vp lakini?
maina_jacqueline: u remember what we ate?
pkigojr: Yes I do
pkigojr: Ribs, Kalamari etc
pkigojr: And I was drinking Millers
maina_jacqueline: im fine,holiday now until september.
pkigojr: Good for u Babes
maina_jacqueline: ver sor 4 u
pkigojr: Upo wapi sasa hivi?
maina_jacqueline: oooh thanks 4 ya time.u deserve 2 have me as u do care ma feeling
maina_jacqueline: nipo hm with u
pkigojr: Realy!!
pkigojr: That is so good
maina_jacqueline: yes as im feeling as we did
pkigojr: Me too I allways do
maina_jacqueline: ehee hi from my friend.u remember her?
pkigojr: R u with her now
maina_jacqueline: no .she called while chatting
pkigojr: Say Hi To Her too
pkigojr: I still remember her
maina_jacqueline: mambo mengine
pkigojr: Hakuna zaidi ya Kukumiss
maina_jacqueline: show me other picture
pkigojr: Ok wait
pkigojr: I like this one
maina_jacqueline: its real nice.u dont go 2 work 2day?
pkigojr: I only work sum times
maina_jacqueline: thanks that all i can say.
pkigojr: What about this Jay?
pkigojr: I think we look realy good togrther
pkigojr: What do u think?
maina_jacqueline: real.its like fresh morning 2me
pkigojr: I like to knw that you Happy
maina_jacqueline: iam
pkigojr: Good I'm Happy too.
maina_jacqueline: what is ure sleeping time
pkigojr: Any time my luv. I realy don't hav spesific tym
pkigojr: Why?
maina_jacqueline: i dont wanna destroy it.
pkigojr: For you Jay anything any time is acceptable
pkigojr: Believe me
maina_jacqueline: anything?????????????anytime?????????????.mmh..,
pkigojr: ???????? What does this mean? Jay
maina_jacqueline: nothing.
pkigojr: Nothing?
maina_jacqueline: what u think/
pkigojr: Nothing
maina_jacqueline: lets do something
pkigojr: Tel me what Jay
maina_jacqueline: be good 4rever
pkigojr: I promise to be the same 4ever Jay
pkigojr: And what about u?
maina_jacqueline: itried 2 sms frm yahoo 2 gmail but all my msg failed
maina_jacqueline: promise.
maina_jacqueline: umelala
pkigojr: Nilale vp wakati nachat na wewe?
pkigojr: Nilikua naongea na cmk
maina_jacqueline: niliona kimya.
pkigojr: Ila nitatoka muda si'mrefu from now
maina_jacqueline: b4 ugo have my g9t kiss
pkigojr: Your Kiss to me means a lot Jay U luv it
pkigojr: Yuo makes me feel so good
maina_jacqueline: pleasure is mine my lv
pkigojr: I love you Jacqueline
maina_jacqueline: i love u too boy
pkigojr: Keep it that way plz and don't ever 4get that
maina_jacqueline: ok.ihv other no 0717475230.sometime im there as i hv 1 phone.
maina_jacqueline: voda the other is 4 life
pkigojr: Thanx Jay
maina_jacqueline: g9t kigo
pkigojr: Gd9te to u too Jay
pkigojr: I wish I kuld stay bit longer but.....
maina_jacqueline: bye.cu other day.kc kc.
pkigojr: Hundreds of kisses comes your way
pkigojr: Bye
maina_jacqueline: byeee
pkigojr: Bye again and agai Jaqueline wangu
pkigojr: And am out

g!rly · Answer

ou as tu trouvé ca?

zib@zib · Answer

j vien de le trouver sur mon desktop

g!rly · Answer

c´est quoi un fichier texte?
supprime le
tu veux vraiment pas passer combofix et poster son rapport?
et as tu fais hacked by godzilla?

zib@zib · Answer

salu 
sur combofix 
j voi toujour le message qui di scanning for the infected files...this tipically doesn't take more than 10 minute however ,scan times for badly infected machine easily double. donc rien que sa,,, j suis toujour la j n sais pas si j stop ca? ou je patiente,,,?

g!rly · Answer

oui tu le laisse finir le scan,  pendant ce temps tu ne touche a rien et tu post le rapport genere ici

zib@zib · Answer

ok ce fini ,, j trouver ca ComboFix 07-11-19.3 - Administrator 2007-11-23 21:54:54.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.239 [GMT 3:00] Running from: C:\Documents and Settings\Administrator\Desktop\2nd\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator avmonlog C:\Documents and Settings\Guest avmonlog C:\Program Files\internet explorer\iekey.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NWSAPAGENT -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))) . 2007-11-23 11:01 d-------- C:\Program Files\Trend Micro 2007-11-22 17:34 97,953 -r-hs---- C: tde1ect.com 2007-11-19 17:52 d--h----- C:\WINDOWS\PIF 2007-11-13 20:28 97,953 -r-hs---- C:\WINDOWS\system32\avpo.exe 2007-11-13 20:28 32,753 -r-hs---- C:\WINDOWS\system32\avpo0.dll 2007-11-10 14:01 d-------- C:\Program Files\Native Instruments 2007-11-09 19:32 d-------- C:\Program Files\Macromedia 2007-11-09 19:27 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2007-11-09 19:17 d-------- C:\TEMP 2007-11-05 20:16 d-------- C:\Documents and Settings\Administrator\CG Cache 2007-11-05 14:49 d-------- C:\Documents and Settings\Administrator\Application Data\Snapfish 2007-10-30 09:11 d-------- C:\Program Files\Steinberg 2007-10-30 09:07 d-------- C:\Program Files\FLStudio4 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 18:53 --------- d-----w C:\Program Files\McAfee.com 2007-11-23 18:53 --------- d-----w C:\Program Files\Aclient 2007-11-09 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-09 16:27 --------- d-----w C:\Program Files\Sony 2007-11-05 17:36 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-03 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground 2007-11-03 11:36 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-30 06:15 --------- d-----w C:\Program Files\FruityLoops 3.4 2007-10-25 12:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2007-10-21 02:50 --------- d-----w C:\Program Files\MTV Networks 2007-10-20 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-10-20 10:55 --------- d-----w C:\Program Files\Avanquest update 2007-10-20 10:54 --------- d-----w C:\Program Files\Motorola Phone Tools 2007-10-20 10:53 25,600 ----a-w C:\WINDOWS\system32\drivers\usbsermptxp.sys 2007-10-20 10:32 --------- d-----w C:\Program Files\NavDiag 2007-10-20 10:18 --------- d-----w C:\Program Files\Ahead 2007-10-06 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2004-08-04 08:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll 2006-12-11 13:11 10 --sh--r C:\WINDOWS\system32\sistem.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24] "Tok-Cirrhatus"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe" [2005-02-26 03:28] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-15 19:45] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 13:11] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 18:57] "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 15:34] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2006-09-15 19:44] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2006-09-15 19:44] "AClntUsr"="C:\Program Files\Aclient\AClntUsr.EXE" [2007-11-23 21:59] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-16 18:00] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] "Bron-Spizaetus"="" [] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "NWEReboot"="" [] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 17:59] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "CPQDFWAG"="C:\WINDOWS\Cpqdiag\CpqDfwAg.exe" [2003-03-13 16:14] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Tok-Cirrhatus-1860"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" [] "Tok-Cirrhatus"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-05 20:37:19] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-08-27 14:54:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] PCSuiteForNokia6600 Detect.lnk - C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe [2007-08-11 15:30:30] PCSuiteForNokia6600 TS.lnk - C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe [2007-08-11 15:30:32] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableCMD"= 0 (0x0) S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142faef0-45c7-11dc-b363-001321f4d464}] \Shell\AutoOpen\command - D:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{414333b2-7ef6-11dc-b3bd-001321f4d464}] \Shell\AutoOpen\command - E:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55259767-472e-11db-b1ef-001321f4d464}] \Shell\AutoRun\command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e90d628-7942-11dc-b3b1-001321f4d464}] \Shell\Auto\command - MicrosoftPowerPoint.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d44e9a-9461-11db-b2c7-001321f4d464}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fda3c5b-f3d2-11db-b2db-001321f4d464}] \Shell\AutoRun\command - E: tde1ect.com \Shell\explore\Command - E: tde1ect.com \Shell\open\Command - E: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c38627-5f8e-11db-b239-001321f4d464}] \Shell\AutoRun\command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5a4e04-2cb9-11dc-b313-001321f4d464}] \Shell\AutoRun\command - dolqcaa.exe \Shell\explore\Command - dolqcaa.exe \Shell\open\Command - dolqcaa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5cded01-7d89-11dc-b3b9-001321f4d464}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac1b4d40-2bce-11dc-b30c-001321f4d464}] \Shell\AutoRun\command - D: tde1ect.com \Shell\explore\Command - D: tde1ect.com \Shell\open\Command - D: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d079727a-4cf3-11dc-b37b-001321f4d464}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e30410e6-4a51-11db-b1f7-001321f4d464}] \Shell\AutoRun\command - RavMon.exe . Contents of the 'Scheduled Tasks' folder "2007-11-17 14:08:00 C:\WINDOWS\Tasks\At1.job" - C:\Documents and Settings\Administrator\Templates\14004-NendangBro.com "2007-11-17 14:08:00 C:\WINDOWS\Tasks\At2.job" - C:\Documents and Settings\Administrator\Templates\14004-NendangBro.com "2007-11-23 08:03:00 C:\WINDOWS\Tasks\At3.job" - C:\Documents and Settings\Administrator\Templates\14004-NendangBro.com "2007-11-23 08:03:00 C:\WINDOWS\Tasks\At4.job" - C:\Documents and Settings\Administrator\Templates\14004-NendangBro.com . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 22:00:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-23 22:01:36 - machine was rebooted . --- E O F ---

g!rly · Answer

re,

a l´aide de hijack this coche et fix ceci :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MFC32DLL.dll.vbs
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bron-Spizaetus"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus-1860"=-
"Tok-Cirrhatus"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Attention no 1: Il y a une ligne blanche après la dernière ligne et regedit4 doit etre sur la premiere ligne

Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    
C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe


Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

post le rapport de ot_move it

et un nouveau hijack this

ps : si tu ne comprends pas quelque chose demande avant de commencer

@+

zib@zib · Answer

merci de votre aide,, mais j n rien compris ,, j n sais pas meme par ou commencer?

g!rly · Answer

commence par fixer les lignes a l´aide de hijack this tu ouvre hijack this et tu coche et fix les lignes que je t´ai marquées

regarde la video pour savoir comment faire 

je vais t´envoyé le fichier reg pour que ca soie plus facil

g!rly · Answer

voici le fichier qui renferme le fix reg :

http://serveur1.archive-host.com/membres/up/1366464061/zibzib.rar

tu le telecharge sur ton bureau, dezip le fichier zib@zib.rar sur ton bureau et apres avoir fixé les lignes dans hijack this tu double click dessus  zib@zib.reg et reponds oui aux questions de windows a savoir  : voulez vous accepter la fusion avec le registre 

en suite il te reste  ot_move it a faire :

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe


Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

post le rapport de ot_move it

et un nouveau hijack this

zib@zib · Answer

l chose on changer ,, j peur d n rien fixer ,, car tout ce que tu ma dit de fixer n c trouver pas la ,, donc j vu un changement c qui v dir d'autre qui ne correspond pas a ca,,,pardonne moi de vous derranger mais j croi qu j du mal faire ,,, ? en clicken encore sur hijackthis ,, un autre log se presenter,,,?? j n sai pas comment faire

g!rly · Answer

peux tu ecrire normalement car la c´est moi qui ne comprends rien

g!rly · Answer

repost un hijack this stp

zib@zib · Answer

j ouvrir hijack this et puis aulieu de voir le ligne que vous m'avais di de cocher et suprimer ,, ? j vois d'autre ligne ,,,

donc j voi pas de ligne qui ressemble a ca?car j ouvrir hijack this,, j vois d'autre ligne comme ce si mais qui n ressemble pas a ca? 

:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MFC32DLL.dll.vbs
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'Default user')
 mais il

g!rly · Answer

bon post un nouveau hijack this stp

zib@zib · Answer

j vien de trouver ca

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:52 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aclient\AClient.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

g!rly · Answer

bon c´est mieux,

ton antivirus est toujours actif?

puis

instale ce par feu :

zone alarm version personnel :

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

puis 

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html   

post le rapport d´analyse a la fin du scan stp

@+

zib@zib · Answer

bonjour,, no mon antivirus ne pas active,, car je le desinstaller,, mais j voulais installer l'autre antivirus qui est Symantec corporate edution
est ce cela est bien si j'installer symantec? car l'anntivirus que j'utiliser etait macafee,, est il n'etait pas ajour,,

g!rly · Answer

salut zib@zib

telecharge et instal zone alarm ici :

https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html

et telecharge personnal et instal antivir :

https://www.avira.com/en/prime

puis une fois installé fais un scan complet avec et post le rapport ici 

@´+

zib@zib · Answer

ok merci ,, donc j laisse tomber SymantecCorporateEdition??

g!rly · Answer

oui laisse tomber norton, pas tres performant...

mais desinstale correctement macafee avant de te lancer dans les installations :

Desinstaller McAfee:
http://tools.mcafeehelp.com/doc.php?siteid=1&docid=71541&support=ts

zib@zib · Answer

echoue , sa me di que le programe d'installation na pas trouver le package ou collectif,,, j aussi essayer antivir,,, ca me di que some files are corrupt please install antivir again

g!rly · Answer

ca doit venir du faite que tu es encore infecté

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

https://www.commentcamarche.net/telecharger/ 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

post le rapport d´analyse a la fin du scan stp

zib@zib · Answer

slt j utuliser ewido antispaware et j trouver ca,,, 



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	7:39:02 PM 11/24/2007

 + Scan result:	



C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-aha.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.


::Report end

g!rly · Answer

ok 

ou en sont tes soucis?

zib@zib · Answer

salut j f le mis a jour du antivir et puis j scanner  voila le resultat
j croi que l'ordi va bien maintenant,, mais j reste avec un problem c de ce connecter en utilisent enternet explorer,,, tou le temps il me dit de internet a trouver un problem sur add -on and needs to close, the following add-on was running when the problem occured, the file :flash.ocx
macromedia flash 6



AntiVir PersonalEdition Classic
Report file date: Sunday, November 25, 2007  05:08

Scanning for 941284 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    HP15786294363

Version information:
BUILD.DAT    : 270           15603 Bytes   9/19/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   8/23/2007 11:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   8/16/2007 10:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes   8/14/2007 13:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes   8/21/2007 10:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes   7/18/2007 12:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes   9/13/2007 12:26:55
ANTIVIR2.VDF : 7.0.1.0     1393152 Bytes  11/23/2007 02:04:10
ANTIVIR3.VDF : 7.0.1.4       11776 Bytes  11/23/2007 02:04:10
AVEWIN32.DLL : 7.6.0.34    3125760 Bytes  11/25/2007 02:04:10
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2/26/2007 08:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes   7/18/2007 05:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes   4/16/2007 11:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes    8/3/2007 06:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes   7/18/2007 05:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes   8/28/2007 10:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   7/18/2007 05:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes    3/8/2007 09:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes    8/7/2007 10:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   8/21/2007 10:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   7/23/2007 07:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, November 25, 2007  05:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'freecell.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SSScsiSV.exe' - '1' Module(s) have been scanned
Scan process 'SCRFS.exe' - '1' Module(s) have been scanned
Scan process 'BROADC~1.EXE' - '1' Module(s) have been scanned
Scan process 'Elogerr.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'AClntUsr.EXE' - '1' Module(s) have been scanned
Scan process 'mRouterRuntime.exe' - '1' Module(s) have been scanned
Scan process 'ECTaskScheduler.exe' - '1' Module(s) have been scanned
Scan process 'ConnMngmntBox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'CPQDFWAG.EXE' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ACLIENT.EXE' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Administrator\Local Settings\Application Data\JunkAtx18.bin
      [DETECTION] Contains detection pattern of the worm WORM/Brontok.N.1
      [INFO]      The file was deleted!
C:\Documents and Settings\Guest\Local Settings\Application Data\JunkAtx18.bin
      [DETECTION] Contains detection pattern of the worm WORM/Brontok.N.1
      [INFO]      The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\JunkAtx18.bin
      [DETECTION] Contains detection pattern of the worm WORM/Brontok.N.1
      [INFO]      The file was deleted!
C:\Documents and Settings\wbm30\Local Settings\Temp\vylid.dll
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP5\A0002172.dll
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP6\A0002199.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP6\A0002200.dll
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP7\A0002247.com
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
      [INFO]      The file was deleted!


End of the scan: Sunday, November 25, 2007  05:38
Used time: 30:36 min

The scan has been done completely.

   6200 Scanning directories
 183523 Files were scanned
      8 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      8 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 183515 Files not concerned
   7536 Archives were scanned
      2 Warnings
      1 Notes

g!rly · Answer

bonjour,

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique. 

et 

regarde ceci pour desinstaller macromedia falsh player :

Programmes de désinstallation de Flash Player 6

https://www.adobe.com/?id=tn_14157

tu peux en suite installer la derniere version :

https://get.adobe.com/flashplayer/

@+

zib@zib · Answer

oooooooooooh vraiment Merci ,, tout va bien maintenant,,, j  Désactive ma restauration système j bien suivi tou l etapes,,,j aussi desinstaller macromedia flash et maintenant ,,  tou va bien,, , est vraiment encore une fois merci infiniment pour votre aide????ca r tu ma bien aide ....
.a +

g!rly · Answer

de rien ;-)

tiens moi au courrant

bon dimanche 

@+

Hijackthis resultat...

39 réponses

Discussions similaires