Sujet Précédent Sujet Suivant

Probleme vundo et spyware

lenykrav Messages postés 13 Statut Membre -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
salut j ne comprend plus rien je suis infcté par des virus harwaes et spywares. j'ai telechargé avast qui m'a fait le menage mais je garde encore TR/vundo.gen alors d frum en forum j'ai pu tester plusieur chose qui ne marche pas. j'ai telechargé vundofix rien a faire il est encore la, le programme ne le detecte meme pas. ensuite j'ai telechargé hijhackthis et fais tout cequ'il y as sur les forum mais il est encore la. je ne sait plus quoi faire. e bien que j'ai un antivirs les spyware persiste. aidez moi s'il vous plait. je suis sur vista
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

---> Désactive l'UAC le temps de la désinfection :
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 2 / 27
raphy00 Messages postés 1112 Statut Membre 9
 
Salut,

Je parie que tu as tout fait sauf MBAM :

Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Verifie la mise a jour.

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

Fais un scan complet et postes le rapport.

0
Réponse 3 / 27
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

1- protocole à suivre pour Windows Vista :

*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

* Important :
Pour installer ou pour lancer les outils, que tu utiliseras au court de la désinfection, fait toujours ainsi :
cliques DROIT ( sur le setup d'installe ou l'outil )-> choisis " Exécuter entant qu'administrateur " .
Fais ce-ci systématiquement ! ...

2- postes moi le rapport hijackthis que tu as pour analyse stp ...
0
Réponse 4 / 27
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Re,

et bien .... il y a du monde sur les starting-block au jourd'hui .... =)

Je vous laisse ...

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
lenykrav Messages postés 13 Statut Membre
 
j'ai pas eu de rapport mon ordi a planté et il a redemarré aprsla retauration system
0
Réponse 6 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
?

Sois plus précis.
0
Réponse 7 / 27
lenykrav Messages postés 13 Statut Membre
 
voici le raport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:12, on 29/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP6HBLG4\HiJackThis[1].exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {27E1F636-2037-4878-8A0F-8B42B8E52C28} - C:\Users\admin\AppData\Local\Temp\awtqnkhe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: D - {CBA10D10-741A-33E9-B1A9-F49FB0409DEE} - C:\Windows\kx93624.dll (file missing)
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\Windows\rodqgpvlkoa.dll (file missing)
O3 - Toolbar: (no name) - {18C388BB-5014-4906-AE38-E62BA5AA7387} - (no file)
O3 - Toolbar: (no name) - {FA9CBCB5-3330-4AF1-A2A3-30FE4C366215} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnnOeBT.dll,#1
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [lphc7njj0ej6c] C:\Windows\system32\lphc7njj0ej6c.exe
O4 - HKLM\..\Run: [SMrhc3njj0ej6c] C:\Program Files\rhc3njj0ej6c\rhc3njj0ej6c.exe
O4 - HKLM\..\Run: [\VIEAE48.exe] C:\Windows\System32\VIEAE48.exe
O4 - HKLM\..\Run: [\VIEB460.exe] C:\Windows\System32\VIEB460.exe
O4 - HKLM\..\Run: [\VIEB9FB.exe] C:\Windows\System32\VIEB9FB.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE39B5.exe] C:\Windows\System32\VIE39B5.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\urqNFvvV.dll,c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01FEFFF9-5B35-F3E0-091B-FF808CF511AE} - http://download.pcprivacycleaner.com/PCPC_Setup_Free_fr.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219059033940&h=0f6033b74a95b94507c431c1a1f31603/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
0
Réponse 8 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Tu as fait quoi pour l'instant ?
0
Réponse 9 / 27
lenykrav Messages postés 13 Statut Membre
 
combofix a ouvert le panneau de commande a fait le netoyage e a redemmaré l'ordi. mais aumoment du demarrage windows m'a demandé comment je voulai redemarrer( j'ai choisi nrmalement) et quelque seconde apres le programme de restauration c'est ouvert et a trvaillé. et pas de nouvelle de combofix.
0
Réponse 10 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
0
lenykrav Messages postés 13 Statut Membre
 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1094
Windows 6.0.6001 Service Pack 1

12:33:32 2008-08-29
mbam-log-08-29-2008 (12-33-32).txt

Type de recherche: Examen rapide
Eléments examinés: 41749
Temps écoulé: 2 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\admin\AppData\Local\Temp\urqNFvvV.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1bcf236-5f7a-4cda-afbf-efd707442580} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d1bcf236-5f7a-4cda-afbf-efd707442580} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27e1f636-2037-4878-8a0f-8b42b8e52c28} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{27e1f636-2037-4878-8a0f-8b42b8e52c28} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc3njj0ej6c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3njj0ej6c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bgrm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bpqk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cba10d10-741a-33e9-b1a9-f49fb0409dee} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cba10d10-741a-33e9-b1a9-f49fb0409dee} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieae48.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb460.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb9fb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie39b5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7njj0ej6c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3njj0ej6c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\users\admin\appdata\local\temp\urqnfvvv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\admin\appdata\local\temp\urqnfvvv -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\admin\AppData\Local\Temp\urqNFvvV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Users\admin\AppData\Local\Temp\VvvFNqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\VvvFNqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\awtqnkhe.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\eekv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\etbr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\ltjkxdok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\acdnrxtg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\bqgqmaqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\giwdyoqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\oadtaqom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\pjmktwlt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\pmnoNFus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\qoMcbCSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\qoMdBTmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\sklbsfwl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\ssqoljJC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\vbhdttrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\xxyawuSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\yayyAtQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\sflpt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 11 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Redémarre et refais ComboFix
0
Réponse 12 / 27
lenykrav Messages postés 13 Statut Membre
 
voici

ComboFix 08-08-28.06 - admin 2008-08-29 12:42:03.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1470 [GMT 2:00]
Endroit: C:\Users\admin\Desktop\download\Programme\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\wurhspoi.ini
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCPrivacyCleaner
C:\Users\admin\AppData\Roaming\rhc3njj0ej6c
C:\Windows\eekv.exe
C:\Windows\etbr.exe
C:\Windows\system32\wurhspoi.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 12:24 . 2008-08-29 12:24 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-29 12:24 . 2008-08-29 12:24 <REP> d-------- C:\Users\admin\AppData\Roaming\Malwarebytes
2008-08-29 12:24 . 2008-08-29 12:24 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-29 12:24 . 2008-08-29 12:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 12:24 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-29 12:24 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-29 11:56 . 2008-08-29 12:45 175,052,389 --a------ C:\Windows\MEMORY.DMP
2008-08-29 09:27 . 2008-08-29 09:51 <REP> d-a------ C:\Users\All Users\TEMP
2008-08-29 09:27 . 2008-08-29 09:51 <REP> d-a------ C:\ProgramData\TEMP
2008-08-27 21:50 . 2008-08-27 21:50 <REP> d-------- C:\VundoFix Backups
2008-08-27 20:47 . 2008-08-27 20:47 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-27 16:39 . 2008-08-27 16:39 <REP> d-------- C:\Program Files\Alwil Software
2008-08-27 16:39 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-27 14:56 . 2008-08-27 14:56 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-08-27 14:35 . 2008-08-29 12:33 <REP> d-------- C:\Program Files\MSA
2008-08-25 14:00 . 2008-08-25 14:00 0 --a------ C:\Windows\System32\C4B5.tmp
2008-08-24 19:56 . 2008-08-24 19:59 <REP> d-------- C:\Users\All Users\Lavasoft
2008-08-24 19:56 . 2008-08-24 19:59 <REP> d-------- C:\ProgramData\Lavasoft
2008-08-24 19:56 . 2008-08-24 19:56 <REP> d-------- C:\Program Files\Lavasoft
2008-08-24 14:32 . 2008-08-24 16:26 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-24 14:32 . 2008-08-24 16:26 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-23 21:11 . 2008-08-23 21:11 <REP> d-------- C:\Users\All Users\eMule
2008-08-23 21:11 . 2008-08-23 21:11 <REP> d-------- C:\ProgramData\eMule
2008-08-22 10:26 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 10:26 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 10:26 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 10:26 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 10:26 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 10:26 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 10:26 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 10:26 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 10:26 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-18 13:30 . 2008-08-18 13:31 <REP> d-------- C:\Program Files\Java
2008-08-18 13:29 . 2008-08-18 13:29 <REP> d-------- C:\Program Files\Common Files\Java
2008-08-14 13:58 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 11:55 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 11:55 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 11:55 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 11:55 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 11:55 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-08 21:40 . 2008-08-08 21:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-08 21:40 . 2008-08-25 13:55 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-08 21:15 . 2008-08-08 21:15 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-08 21:12 . 2008-08-08 21:12 <REP> d-------- C:\Program Files\Microsoft.NET
2008-08-08 21:08 . 2008-08-08 21:08 <REP> dr-h----- C:\MSOCache
2008-08-04 02:14 . 2008-08-04 02:14 <REP> d-------- C:\Windows\Watson
2008-08-03 23:17 . 2008-08-03 23:17 <REP> d-------- C:\Users\All Users\Ubisoft
2008-08-03 23:17 . 2008-08-03 23:17 <REP> d-------- C:\ProgramData\Ubisoft
2008-08-03 01:43 . 2007-11-08 11:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-08-02 23:40 . 2008-08-02 23:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-02 23:37 . 2008-08-17 19:05 <REP> d-------- C:\Users\admin\AppData\Roaming\DAEMON Tools
2008-08-02 23:37 . 2008-08-02 23:37 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-31 20:29 . 2008-07-31 20:29 <REP> d-------- C:\PerfLogs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 07:43 --------- d-----w C:\Users\admin\AppData\Roaming\DNA
2008-08-27 19:48 --------- d-----w C:\ProgramData\NVIDIA
2008-08-27 13:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-25 12:53 --------- d-----w C:\Program Files\DivX
2008-08-25 11:24 --------- d-----w C:\Program Files\BitLord
2008-08-24 13:42 --------- d-----w C:\Program Files\Packard Bell
2008-08-18 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 11:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-14 11:56 --------- d-----w C:\Program Files\Windows Mail
2008-08-08 19:43 --------- d-----w C:\ProgramData\Roxio
2008-08-08 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-08-08 19:30 2,756 ----a-w C:\Users\admin\AppData\Roaming\wklnhst.dat
2008-08-08 19:15 --------- d-----w C:\Program Files\MSBuild
2008-08-04 00:14 --------- d-----w C:\Program Files\Microsoft Games
2008-07-31 18:36 174 --sha-w C:\Program Files\desktop.ini
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 18:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-27 23:42 --------- d-----w C:\Users\admin\AppData\Roaming\Yahoo!
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-03 11:30 --------- d-----w C:\Program Files\HDReg
2008-07-03 01:14 --------- d-----w C:\Users\admin\AppData\Roaming\ItsLabel
2008-07-03 01:12 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-07-03 01:10 --------- d-----w C:\Users\admin\AppData\Roaming\EoRezo
2008-06-28 01:02 --------- d-----w C:\Program Files\Windows Live
2008-06-27 01:08 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-27 01:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-27 01:08 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-27 01:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A0EA457A-C9EF-45C1-B776-8C688A1AE10B}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{90DC3733-8D8F-427F-AC18-AD54A07FA845}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A095BF4C-2E74-461E-8B9D-B451778DFEC0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0D60B5F1-1981-4411-AD37-9EA96A6E23C5}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{FF6AE0D4-CF04-49F9-A7EB-85D7A8A0A511}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{DB599D5E-0F13-4B4F-A439-392313A8B2E4}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2002D52D-2866-46C3-A554-820357EF3497}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{2FE21B75-FB29-4317-926A-6A912BECFD8E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9CFD23A6-EC51-4C16-9AF4-B4F90EFE5AF0}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{8BBF2B42-952E-4112-B006-D23DF88C4667}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35E6548E-9A9E-4F95-AAEC-DC0DFD55C2B9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5DCE8119-8185-4075-A85B-583D317E07F8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E53938A8-F77E-4647-A303-9E6440B40D17}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C4F9813A-4826-465E-938D-2741ABD535EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7D373036-AD87-4F1A-9483-1A8A938F591D}C:\\users\\admin\\program files\\dna\\btdna.exe"= Disabled:UDP:C:\users\admin\program files\dna\btdna.exe:btdna.exe
"UDP Query User{47C6FE6B-D6BA-45C8-8555-9D0C38394F71}C:\\users\\admin\\program files\\dna\\btdna.exe"= Disabled:TCP:C:\users\admin\program files\dna\btdna.exe:btdna.exe
"{FE42DE9C-F433-482C-B2A7-19FF48A423D4}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{142F32E1-B2C9-4D40-A5FF-012368E8775D}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\program files\\bcd_installed.exe"= c:\program files\bcd_installed.exe:*:Enabled:Windows Application Service

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10266b24-f7e0-11dc-856e-001d7d23adce}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{604bef8d-60db-11dd-a29c-001d7d23adce}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad1aaa57-f97a-11dc-a240-001d7d23adce}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{18C388BB-5014-4906-AE38-E62BA5AA7387} - (no file)
Toolbar-{FA9CBCB5-3330-4AF1-A2A3-30FE4C366215} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
ShellExecuteHooks-{74CE56FF-3469-47C0-93E1-D0CB8B203EA9} - (no file)
ShellExecuteHooks-{FEEAD861-8455-42F3-8A7E-B7756084BB36} - C:\Windows\system32\nnnnOeBT.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O16 -: {01FEFFF9-5B35-F3E0-091B-FF808CF511AE} - hxxp://download.pcprivacycleaner.com/PCPC_Setup_Free_fr.exe
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 12:46:16
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 12:49:44 - machine was rebooted [admin]
ComboFix-quarantined-files.txt 2008-08-29 10:49:32

Pre-Run: 338,091,085,824 octets libres
Post-Run: 338,027,012,096 octets libres

224 --- E O F --- 2008-08-27 18:51:27
0
Réponse 13 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Je me renseigne par rapport à un logiciel.
0
Réponse 14 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
BitLord, ça te dit quelque chose ?
0
Réponse 15 / 27
lenykrav Messages postés 13 Statut Membre
 
oui c'est mon emulateur
0
Réponse 16 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Emulateur de quoi ?
0
Réponse 17 / 27
lenykrav Messages postés 13 Statut Membre
 
tout va bien plus de souci merci beaucoup pour ton aide.
0
Réponse 18 / 27
lenykrav Messages postés 13 Statut Membre
 
je m'en sert pour remplacer emul. ca va 10 fois plus vite. bitlord, bitcomet. en tout cas moi je prefere
0
Réponse 19 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis
0
Réponse 20 / 27
lenykrav Messages postés 13 Statut Membre
 
toi tu doit avoir emul je suppose
0

Discussions similaires

Surinfection Win32:Virut,Win32:Rootkit-gen,tr
gorgutz -
gorgutz -

29 réponses