Sujet Précédent Sujet Suivant

Infection StorageProtector

caro_stan -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je suis infectée depuis hier par StrorageProtector je ne sais pas du tout ce que je dois faire j'ai telechargé Hijackthis mais que dois faire ... merci beaucoup de votre aide.

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 15
caro_stan
 
alors j'ai essayé de suivre un de tes conseils avec justement ce rapport j'ai telechargé spybot et vundofix mon problème est à peu prés resolu mais j'ai tjs une croix rouge designant mon disque dur donc je te colle le rapport aprés toute ces manip si tu veux j'ai celui que j'ai fait avant . Merci de ton aide .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:09, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\CtrlVol .exe
C:\Program Files\Launch Manager\WButton .exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\WButton .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\tuspm.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\fccdcax.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: XBTP05715 - {8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3} - C:\PROGRA~1\TextoWeb\Textobar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qtsorcld.dll (file missing)
O2 - BHO: {ea8ae45d-917a-ba09-2134-e6300f2c771c} - {c177c2f0-036e-4312-90ab-a719d54ea8ae} - C:\WINDOWS\system32\ypmfcyqh.dll
O3 - Toolbar: TextoWeb - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\TextoWeb\Textobar.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [34175fad] rundll32.exe "C:\WINDOWS\system32\barsuniq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - Startup: Raccourci vers LaunchAp.lnk = C:\Documents and Settings\Caroline\Local Settings\Temp\TMP2F.tmp
O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: fccdcax - fccdcax.dll (file missing)
O20 - Winlogon Notify: qtsorcld - qtsorcld.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.onetreehillweb.net/images/wallpapers/001_1024x768.jpg
0
Réponse 3 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

F3 - REG:win.ini: load=C:\WINDOWS\system32\tuspm.exe
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\fccdcax.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qtsorcld.dll (file missing)
O2 - BHO: {ea8ae45d-917a-ba09-2134-e6300f2c771c} - {c177c2f0-036e-4312-90ab-a719d54ea8ae} - C:\WINDOWS\system32\ypmfcyqh.dll

O4 - HKLM\..\Run: [34175fad] rundll32.exe "C:\WINDOWS\system32\barsuniq.dll",b
O4 - Startup: Raccourci vers LaunchAp.lnk = C:\Documents and Settings\Caroline\Local Settings\Temp\TMP2F.tmp
O20 - Winlogon Notify: fccdcax - fccdcax.dll (file missing)
O20 - Winlogon Notify: qtsorcld - qtsorcld.dll (file missing)

_______________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\ypmfcyqh.dll
C:\WINDOWS\system32\barsuniq.dll
C:\WINDOWS\system32\tuspm.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
__________________________

recolle un rapport hijackhtis et dis tes soucis
0
Réponse 4 / 15
caro_stan
 
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ypmfcyqh.dll
C:\WINDOWS\system32\ypmfcyqh.dll NOT unregistered.
C:\WINDOWS\system32\ypmfcyqh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\barsuniq.dll
C:\WINDOWS\system32\barsuniq.dll NOT unregistered.
C:\WINDOWS\system32\barsuniq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tuspm.dll
C:\WINDOWS\system32\tuspm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\tuspm.dll scheduled to be moved on reboot.

Created on 01/15/2008 21:07

L'icone du DD est toujours une croix ... à noter que je n'ai pas reussi à enlever un des fichiers :
O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll

Merci encore ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\tuspm.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

_______________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
__________________________

dis tes soucis
0
Réponse 6 / 15
caro_stan
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:46, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WButton.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: XBTP05715 - {8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3} - C:\PROGRA~1\TextoWeb\Textobar.dll
O3 - Toolbar: TextoWeb - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\TextoWeb\Textobar.dll
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.onetreehillweb.net/images/wallpapers/001_1024x768.jpg
0
Réponse 7 / 15
caro_stan
 
ComboFix 08-01-15.4 - Caroline 2008-01-15 22:08:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.828 [GMT 1:00]
Running from: C:\Documents and Settings\Caroline\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 09:51 . 2008-01-15 09:51 206 --a------ C:\WINDOWS\wininit.ini
2008-01-15 08:47 . 2008-01-15 22:00 <REP> d-------- C:\VundoFix Backups
2008-01-15 08:23 . 2008-01-15 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 08:03 . 2008-01-15 08:03 <REP> d-------- C:\Program Files\Trend Micro
2008-01-12 23:31 . 2008-01-12 23:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-12 23:31 . 2008-01-12 23:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-09 18:04 . 2008-01-09 18:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 23:08 . 2008-01-08 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-01-08 23:06 . 2008-01-09 20:33 <REP> d-------- C:\Program Files\Last.fm
2008-01-07 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-07 20:32 . 2008-01-07 20:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-07 20:22 . 2008-01-07 20:41 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 18:16 . 2008-01-04 18:16 <REP> d-------- C:\Documents and Settings\Caroline\Shared
2008-01-04 18:16 . 2008-01-04 18:16 <REP> d-------- C:\Documents and Settings\Caroline\Incomplete
2008-01-04 18:15 . 2008-01-04 18:15 <REP> d-------- C:\Program Files\LimeWire
2008-01-04 18:15 . 2008-01-12 09:24 <REP> d-------- C:\Documents and Settings\Caroline\Application Data\LimeWire
2008-01-04 16:29 . 2008-01-04 16:29 <REP> d-------- C:\Program Files\UltraVNC
2008-01-04 16:29 . 2005-06-11 00:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
2008-01-04 16:29 . 2004-06-26 15:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2008-01-04 16:29 . 2004-06-26 15:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
2008-01-04 16:29 . 2004-06-26 15:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
2008-01-04 16:29 . 2008-01-04 16:29 17 --a------ C:\WINDOWS\system32\'
2008-01-04 14:23 . 2008-01-04 14:23 <REP> d-------- C:\Program Files\RealVNC
2008-01-02 13:58 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-02 13:58 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-02 13:58 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-02 13:58 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-02 13:58 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-02 13:58 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-02 13:58 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-02 13:58 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-02 13:58 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-01 14:30 . 2008-01-03 19:51 414 ---hs---- C:\WINDOWS\system32\sbstgckq.ini
2007-12-30 11:03 . 2007-12-30 11:03 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-30 11:01 . 2007-12-30 11:01 <REP> d-------- C:\Program Files\Real
2007-12-30 11:01 . 2007-12-30 11:03 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-29 17:35 . 2007-12-29 17:35 <REP> d-------- C:\Program Files\TVUPlayer
2007-12-29 12:59 . 2007-12-29 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 11:39 . 2007-12-29 11:39 <REP> d-------- C:\Program Files\Bonjour
2007-12-29 11:09 . 2007-12-29 11:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-29 10:43 . 2007-12-29 10:43 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
2007-12-29 10:43 . 2008-01-15 21:11 221,184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
2007-12-29 10:17 . 2007-12-29 10:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 10:14 . 2007-12-29 10:14 134 --a------ C:\n.bat
2007-12-27 23:53 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-27 23:46 . 2007-12-27 23:46 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-27 23:46 . 2005-01-31 11:18 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-27 23:46 . 2005-01-31 11:20 211,712 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-12-27 23:46 . 2005-01-31 11:10 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-27 23:46 . 2005-01-31 11:08 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-27 23:46 . 2005-01-31 11:00 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-27 23:46 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-27 23:46 . 2005-01-31 11:12 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-27 23:46 . 2005-01-31 09:37 9,255 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-27 23:44 . 2007-12-27 23:44 272 --a------ C:\WINDOWS\_delis32.ini
2007-12-25 12:07 . 2007-12-25 12:07 <REP> d-------- C:\ConvertTemp
2007-12-22 15:20 . 2007-12-22 15:20 <REP> d-------- C:\Documents and Settings\Caroline\Application Data\Samsung
2007-12-22 15:18 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-12-22 15:13 . 2007-12-22 15:18 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-12-22 15:13 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-12-22 15:13 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-12-22 15:13 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-12-22 15:13 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-12-22 15:13 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-12-22 15:13 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-12-22 15:13 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-12-22 14:47 . 2008-01-13 12:27 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 20:52 --------- d-----w C:\Program Files\Launch Manager
2008-01-15 20:50 --------- d-----w C:\Program Files\iTunes
2008-01-15 20:49 --------- d-----w C:\Program Files\QuickTime
2008-01-15 18:49 --------- d-----w C:\Program Files\Corel
2008-01-15 18:44 --------- d-----w C:\Program Files\BankPerfect
2008-01-13 11:30 --------- d-----w C:\Documents and Settings\Caroline\Application Data\Corel
2008-01-12 08:51 --------- d-----w C:\Program Files\eMule
2008-01-12 08:15 --------- d-----w C:\Documents and Settings\Caroline\Application Data\Apple Computer
2008-01-11 15:48 --------- d-----w C:\Program Files\Apple Software Update
2008-01-07 19:46 --------- d-----w C:\Program Files\Windows Live
2008-01-01 13:30 --------- d-----w C:\Documents and Settings\Caroline\Application Data\FrostWire
2008-01-01 13:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 11:28 511,488 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2007-12-29 10:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 09:50 --------- d-----w C:\Program Files\MSN Games
2007-12-29 09:48 --------- d-----w C:\Program Files\GrabIt
2007-12-28 17:58 --------- d-----w C:\Documents and Settings\Caroline\Application Data\TVU networks
2007-12-27 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-22 08:51 --------- d-----w C:\Documents and Settings\Caroline\Application Data\CoSoSys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2007-01-01 12:18 56 --sh--r C:\WINDOWS\system32\C3781B4FFB.sys
.
[code]<pre>
----a-w 32,768 2007-12-29 17:13:48 C:\Program Files\Launch Manager\LaunchAp .exe
----a-w 65,536 2007-12-29 09:43:27 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe
----a-w 406,016 2007-12-29 09:43:14 C:\WINDOWS\system32\PSDrvCheck .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-15_21.57.15.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-15 21:03:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_14c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3}]
2006-09-21 15:39 671744 --a------ C:\PROGRA~1\TextoWeb\Textobar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6BE4714-2A3D-4977-BB07-45B3E3B8C87C}]
C:\WINDOWS\system32\tuspm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F}

[HKEY_CLASSES_ROOT\clsid\{ffffffff-ffff-ffff-ffff-ffffffff2d1f}]
[HKEY_CLASSES_ROOT\XBTB05715.XBTB05715.3]
[HKEY_CLASSES_ROOT\TypeLib\{A131043C-8EC2-420D-909F-B3509F2AAA92}]
[HKEY_CLASSES_ROOT\XBTB05715.XBTB05715]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F}"= C:\Program Files\TextoWeb\Textobar.dll [2006-09-21 15:39 671744]

[HKEY_CLASSES_ROOT\clsid\{ffffffff-ffff-ffff-ffff-ffffffff2d1f}]
[HKEY_CLASSES_ROOT\XBTB05715.XBTB05715.3]
[HKEY_CLASSES_ROOT\TypeLib\{A131043C-8EC2-420D-909F-B3509F2AAA92}]
[HKEY_CLASSES_ROOT\XBTB05715.XBTB05715]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-15 21:11 1460560]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2008-01-15 21:11 163840]
"Wbutton"="C:\Program Files\Launch Manager\WButton.exe" [2008-01-15 21:11 53248]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-15 21:11 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-15 21:11 185896]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\Caroline\Menu D‚marrer\Programmes\D‚marrage\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-08 23:06:55]
Raccourci vers HotkeyApp.lnk - C:\Program Files\Launch Manager\HotkeyApp.exe [2006-12-21 20:43:04]
Raccourci vers WButton.lnk - C:\Program Files\Launch Manager\WButton.exe [2007-12-29 10:43:10]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\E-Compagnon.lnk
backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2006-12-15 13:13 590728 C:\Program Files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway]
C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 14:25]
R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 11:25]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22]
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 15:22]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-11-07 19:48]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2002-11-28 17:04]
S3 AVSim;Cx2388x Multifunction Helper driver;C:\WINDOWS\system32\DRIVERS\AVSim.sys [2006-01-04 16:35]
S3 BDA_Capture_220;Digital TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_220.sys [2006-04-04 09:36]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 6.5.4.0;C:\WINDOWS\system32\Drivers\BDA_Loader_220.sys [2006-12-27 19:37]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 16:11]
S3 OmniTV;Cx2388x AvStream Video Capture;C:\WINDOWS\system32\DRIVERS\OmniTV.sys [2006-01-04 16:35]
S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [2004-03-19 02:00]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbbfbc2-919a-11db-bf5e-8503efb3cacf}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbbfbc3-919a-11db-bf5e-000e355f2060}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 15:48:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 22:14:38
ComboFix-quarantined-files.txt 2008-01-15 21:14:13
ComboFix2.txt 2008-01-15 20:57:35
.
2008-01-09 17:04:57 --- E O F ---
0
Réponse 8 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desisntalle via ton panneau de configuration si presents:

XBTP05715 - TextoWeb\Textobar.dll

_______________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

___________________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

 Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
 Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
 Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

_____________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
Réponse 9 / 15
caro_stan
 
Donc voici le rapport de smitfraud:
SmitFraudFix v2.274

Rapport fait à 8:30:24,42, 16/01/2008
Executé à partir de C:\Documents and Settings\Caroline\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.53.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

le rapport de clean:
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 16/01/2008 a 9:26:04,71

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Pour le scan en ligne aucun rapport mais d'aprés panda je ne suis pas infecté.

A noté toujours le même problème de la croix rouge et un demarrage sans echec impossible meme avec utilisation de msconfig=> demarrage en mode diagnostique(possible mais pas mode sans echec) affichage de "Esc to cancel loading SPTD.sys"

Voila sinon si on arrive pas tant pis je formaterai à moin que la croix rouge ne soit pas trés importante je m'y ferai pour le moment RAS l'ordinateur ne rame pas , aucuns messages d'infection tout beigne :) par contre une question quand spybot me demande si je dois accepter une modification je ne sais jamais quoi répondre donc je met tjs accepter peut etre que je ne devrai pas :s ...

Merci en tout cas de ta patience ... c'est la premiere fois que je me fais infecté par un virus.
0
Réponse 10 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le temps de la desisnfection desactive le tea timer de spybot

_______________

AVG antispyware

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
___________________

remplace avast par antivir et colle un rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

__________________
recolle un rapport hiajkcthis
0
Réponse 11 / 15
caro_stan
 
VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:52:19 16/01/2008

+ Résultat de l'analyse:

C:\Program Files\QuickTime\qttask.exe -> Dropper.Agent.dgo : Nettoyé.
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Real\Update_OB\realsched.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Launch Manager\CtrlVol.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Launch Manager\WButton.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\LVCOMSX.EXE.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX13.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX21.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuspm.exe.vir -> Dropper.Agent.dgo : Nettoyé.
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp -> Dropper.Agent.dgo : Nettoyé.
C:\WINDOWS\system32\MRT.exe -> Dropper.Agent.dgo : Nettoyé.
C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Caroline\Cookies\caroline@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Caroline\Cookies\caroline@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.10:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.8:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.9:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.11:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.12:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe -> Trojan.Agent.cmn : Nettoyé.

Fin du rapport
0
Réponse 12 / 15
caro_stan
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:17, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Launch Manager\CtrlVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WButton.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 13 / 15
caro_stan
 
AntiVir PersonalEdition Classic
Report file date: mercredi 16 janvier 2008 13:18

Scanning for 1046165 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NEMO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:08:03
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 12:08:03
ANTIVIR3.VDF : 7.0.2.6 73216 Bytes 16/01/2008 12:08:03
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 16/01/2008 12:08:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 12:08:05
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 16 janvier 2008 13:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CtrlVol.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_NEMO.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> _OTMoveIt/MovedFiles/WINDOWS/system32/barsuniq.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> _OTMoveIt/MovedFiles/WINDOWS/system32/ypmfcyqh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Fichiers communs/Real/Update_OB/realsched.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/Program Files/iTunes/iTunesHelper.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/Program Files/Launch Manager/CtrlVol.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/Program Files/Launch Manager/WButton.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/Program Files/Spybot - Search & Destroy/TeaTimer.exe.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/WINDOWS/Fonts/a.zip.vir
[2] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> qoobox/Quarantine/C/WINDOWS/system32/ctfmon.exe.tmp.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/WINDOWS/system32/LVCOMSX.EXE.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVD
--> qoobox/Quarantine/C/WINDOWS/system32/neshxroy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
--> qoobox/Quarantine/C/WINDOWS/system32/nuqcgnmj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
--> qoobox/Quarantine/C/WINDOWS/system32/RCX13.tmp.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
--> qoobox/Quarantine/C/WINDOWS/system32/RCX21.tmp.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
--> qoobox/Quarantine/C/WINDOWS/system32/tuspm.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47f2f718.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47f2f719.qua'!
C:\Documents and Settings\Caroline\Bureau\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\SmiUpdate.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '47f6ffd0.qua'!
C:\Documents and Settings\Caroline\Bureau\SmitfraudFix\SmiUpdate.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '47f6ffd5.qua'!
C:\Program Files\Mozilla Firefox\SmitfraudFix\SmiUpdate.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '47f70a9b.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '47fc0aa8.qua'!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '47f90aab.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080115-205725-623.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f10b5c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\neshxroy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '48010b8b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nuqcgnmj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '47ff0b9c.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000163.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '47be0b64.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000166.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\SmiUpdate.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '47be0b6c.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000167.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '46c374ed.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000169.exe
[DETECTION] Is the Trojan horse TR/VB.20480.D
[INFO] The file was moved to '47be0b6e.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000170.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '47be0b6d.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000171.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '46c374ee.qua'!
C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000172.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47be0b6f.qua'!
C:\WINDOWS\system32\tuspm.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was moved to '48010ea9.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\barsuniq.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '48000f33.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ypmfcyqh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47fb0f42.qua'!

End of the scan: mercredi 16 janvier 2008 15:04
Used time: 1:45:36 min

The scan has been done completely.

9048 Scanning directories
270641 Files were scanned
33 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
1 files were deleted
0 files were repaired
20 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
270608 Files not concerned
1329 Archives were scanned
2 Warnings
19 Notes

rapport de Avira
0
Réponse 14 / 15
caro_stan
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:32, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Launch Manager\CtrlVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WButton.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 15 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desactive le tea timer de spybot le temps des scan

________________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

_______________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________________

vire en allant dans poste de travail ce qui est dans movedfiles en allant dans poste de travail puis C...

C:\_OTMoveIt\MovedFiles

____________________

vire en allant dans poste de travail ce qui est dans Quarantine en allant dans poste de travail puis C...

c/ qoobox/Quarantine

______________________

vire ce qui est dans la sauvegarde de spybot , et en quarantaine dans antivir

________________________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis
redemarre ton ordi
puis réactive là
(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

__________________________

recolle un scan antivir, un scan hijackthis et dis tes soucis actuels surtout
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses