Aller au contenu

MCFIVE

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    450

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par MCFIVE

  1. MCFIVE
    falfra, je te remercie vivement
  2. MCFIVE
  3. MCFIVE
    BONSOIR FALKRA, nom de zeus! on peut dire que tu as cartonné, mais j aimerais bien comprendre pourquoi je n'ai rien remarquer + tôt , car je dois dois être infecté depuis 1 temps certain ....quels dégats ai je pu subir ?? ce qui m a fait réagir c'est l'apparition du P Security indécrotable de ces derniers jours.. voici le rapport : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3383 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/12/2009 23:59:08 mbam-log-2009-12-18 (23-59-08).txt Type de recherche: Examen complet (C:\|F:\|) Eléments examinés: 207809 Temps écoulé: 12 hour(s), 55 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\PSecurity (Rogue.PSecurity) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\eoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\eoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3A6B117D-5968-40B2-8270-3C2E8FF1856C}\RP229\A0062966.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\12112009_001807\c_program files\PSecurity\psecurity.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Computer Scan.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Help.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Registration.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Security Center.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Settings.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Update.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\LIBRAIRIE\Bureau\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\LIBRAIRIE\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully.
  4. MCFIVE
    bonsoir, alors, voici, ComboFix 09-12-16.05 - LIBRAIRIE 17/12/2009 22:10:44.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.248 [GMT 1:00] Lancé depuis: c:\documents and settings\LIBRAIRIE\Mes documents\Téléchargements\KittyFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll c:\windows\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys -------\Legacy_MSIVXserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-17 au 2009-12-17 )))))))))))))))))))))))))))))))))))) . 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\program files\MSBuild 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\program files\Reference Assemblies 2009-12-16 16:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-16 16:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-16 16:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-16 16:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-16 16:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-16 16:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-16 16:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-16 16:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-16 16:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-15 10:25 . 2009-12-15 10:25 -------- d-----w- c:\documents and settings\LIBRAIRIE\Local Settings\Application Data\Kayenko 2009-12-15 10:25 . 2009-12-15 10:25 -------- d-----w- c:\program files\kayenko 2009-12-13 23:54 . 2009-12-13 23:54 -------- d-----w- c:\program files\Gadwin Systems 2009-12-13 11:28 . 2009-12-13 11:28 -------- d-----w- c:\program files\NirSoft 2009-12-12 02:01 . 2009-12-12 02:01 -------- d-----w- c:\windows\ie8updates 2009-12-12 02:00 . 2009-12-12 02:00 -------- d-----w- c:\program files\MSXML 4.0 2009-12-11 23:53 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-11 23:53 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-11 23:53 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-11 23:53 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-11 23:53 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-11 23:53 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-11 23:49 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-11 23:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-10 22:22 . 2009-12-10 22:22 -------- d-----w- C:\_OTM 2009-12-09 14:59 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-09 14:58 . 2009-12-09 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-09 14:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-09 14:58 . 2009-12-09 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-08 08:46 . 2009-12-08 08:46 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-12-08 08:46 . 2009-12-08 08:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-29 16:32 . 2009-11-19 10:48 43008 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-29 16:32 . 2009-11-19 10:48 872960 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-29 16:32 . 2009-11-19 10:48 340480 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-29 16:32 . 2009-11-19 10:48 346624 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-17 20:34 . 2003-04-24 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-17 20:34 . 2003-04-24 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-17 20:28 . 2007-05-26 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-16 21:30 . 2007-05-30 08:42 24448 ----a-w- c:\documents and settings\LIBRAIRIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-16 00:10 . 2007-06-01 22:17 -------- d-----w- c:\documents and settings\LIBRAIRIE\Application Data\EoRezo 2009-12-14 22:16 . 2007-05-29 22:11 -------- d-----w- c:\program files\adslTV 2009-12-10 22:05 . 2009-07-24 14:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-29 19:41 . 2009-10-15 13:40 1 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-14 17:23 . 2007-05-26 20:56 -------- d-----w- c:\program files\Google 2009-11-14 17:06 . 2007-09-06 19:53 -------- d-----w- c:\program files\Opera 2009-10-29 07:42 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2008-10-31 09:30 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:39 . 2008-10-31 09:30 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2008-10-31 09:27 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-18 10:00 . 2007-05-18 12:53 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-15 13:36 . 2009-10-15 13:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-13 10:33 . 2006-05-14 09:24 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2003-04-24 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2003-04-24 12:00 150528 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX6000"="c:\windows\vVX6000.exe" [2006-06-29 994096] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280] "Launch LCDMon"="c:\program files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 549376] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-03 68592] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-18 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080] c:\documents and settings\LIBRAIRIE\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Scroll-In-Mouse V2.0.lnk - c:\program files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2008-8-2 459264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-10-15 16:00 1818624 ----a-w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 18:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe] 2002-04-18 16:32 73728 ----a-w- c:\windows\system32\PROMon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"= "c:\\Program Files\\adslTV\\adsltv-r.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [22/11/2001 14:08 70528] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 15:24 108289] S2 gupdate1ca4fd9b60c03fe;Service Google Update (gupdate1ca4fd9b60c03fe);c:\program files\Google\Update\GoogleUpdate.exe [18/10/2009 10:59 133104] S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6704 v1.30\HwIOctl.sys --> c:\program files\Setup Files\MS-6704 v1.30\HwIOctl.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [30/06/2006 00:56 2383152] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.jeuxvideo-flash.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\ FF - prefs.js: browser.startup.homepage - hotmail.com FF - component: c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{06663B56-0D73-4f9f-BCC5-4AA941470AFD} - (no file) HKLM-Run-AA_SecuHDD - (no file) Notify-WgaLogon - (no file) MSConfigStartUp-PSecurity - c:\program files\PSecurity\psecurity.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-17 22:21 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1248) c:\program files\A.C\Scroll-In-Mouse V2.0\MouseSrv.dll c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Microsoft LifeCam\MSCamSvc.exe c:\windows\System32\NMSSvc.exe c:\windows\System32\wdfmgr.exe c:\windows\System32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-12-17 22:24:33 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-17 21:24 Avant-CF: 30 472 675 328 octets libres Après-CF: 30 849 306 624 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - AD4D4A3A7E3287854B7A737C07638A54
  5. MCFIVE
    BONJOUR FALKRA, voici : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-16 19:24:23 Windows 5.1.2600 Service Pack 3 Running: p10wcrnt.exe; Driver: C:\DOCUME~1\LIBRAI~1\LOCALS~1\Temp\fwkirkod.sys ---- System - GMER 1.0.15 ---- SSDT F8C3AF5E ZwCreateKey SSDT F8C3AF54 ZwCreateThread SSDT F8C3AF63 ZwDeleteKey SSDT F8C3AF6D ZwDeleteValueKey SSDT F8C3AF72 ZwLoadKey SSDT F8C3AF40 ZwOpenProcess SSDT F8C3AF45 ZwOpenThread SSDT F8C3AF7C ZwReplaceKey SSDT F8C3AF77 ZwRestoreKey SSDT F8C3AF68 ZwSetValueKey SSDT F8C3AF4F ZwTerminateProcess Code 82CA39D8 ZwEnumerateKey Code 82C0D3F8 ZwFlushInstructionCache Code 82CA139E IofCallDriver Code 82CA00EE IofCompleteRequest ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys (*** hidden *** ) [sYSTEM] MSIVXserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\MSIVXcount 4 bytes File C:\WINDOWS\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll 22528 bytes executable File C:\WINDOWS\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll 52224 bytes executable File C:\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys 74240 bytes executable <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
  6. MCFIVE
    bonjour, j ai été acheter 1 clée, Mais dis moi pourquoi ce PC n a pas pu ouvrir le lien chez Dylav là, je vais essayer : http://img33.imageshack.us/img33/5796/scre...t005moyenne.jpg http://img268.imageshack.us/img268/5554/sc...t001moyenne.jpg http://img687.imageshack.us/img687/9706/sc...t002moyenne.jpg http://img200.imageshack.us/img200/5821/sc...t003moyenne.jpg http://img268.imageshack.us/img268/6319/sc...t004moyenne.jpg JESP7RE QUE CELA IRA .
  7. MCFIVE
    1 idée m'est venue d'essayer sur 1 autre PC , et là j obtiens l ouverture du lien "#Comment participer à un forum,: # Mettre en forme un message.". donc c'est sur le PC sur lequel j'ai c"comme 1 souci" qui n'arrive pas à ouvrir ?? qu'en penses - tu ?
  8. MCFIVE
    bobsoir, je suis désolé, mais lorsque je clique ,re-clique et encore : rien ne s'ouvre ..; sauf, une nouvelle page avec le même contenu #Comment participer à un forum,: # Mettre en forme un message.
  9. MCFIVE
    je vais essayer : j ai fait 1 saisie d'écran avec " screenshot001"( car j ai 1 clavier où je n ai pas impresssion ecran) mais je ne parviens pas à le coller ici ...??
  10. MCFIVE
    JE NE SUIS PAS TRES SUR DE MOI vu que tt à l'heure je ne t'avais pas compris, j ai cliqué sur connexion réseau local, puis sur protocol internet TCP/IP et la fenêtre qui s'affiche diffère qque peu de ton modèle . voici ce que j'ai : est coché : utiliser l afdresse IP suivante : 0.0.0.0 Masque sous réseau : 255.0.0.0 puis plus bas: utiliser l'adresse servEUR DNS SUIVANTE : est cochée mais aucun chiffre n'apparait
  11. MCFIVE
    ok! voici le résultat : HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:52:51 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} DhcpNameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:52:51 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:19:33 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:19:33 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:19:33 0 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:19:33 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 02/09/2009 23:53:11 1 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:52:51 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} DhcpNameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:52:51 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0
  12. MCFIVE
    .....et je crois que c'est lié a Personal Security qui ressurgit sous 1 forme différente et qui me pose problème
  13. MCFIVE
    j ai tout simplement copier/coller ds la barre d'adresse la série de chiffre que tu m'as indiqué :"85.255.112.116" et j'ai abouti sur le site :" http://www.trusted-dns.com/index.php?page=setup" et sont apparues ces 2 fenetres de dialogues
  14. MCFIVE
    BON ! J AI 1 DOUTE : car dans les fenêtres de dialogue , je nbe retrouve pas le nom du site que tu m'as indiqué est ce bien :" trusted-dns.com" (j utilisie 1 traducteur de langue pour l anglais -bof); j ai 2 fenêtres de dialogues qui s'ouvrent : - _ le nom du logiciel dont 1 fenetre de dialogue s'ouvre porte le nom de "nfcleaner.exe " _ l'autre fenêtre inst_257.exe.... 3 se sont ouvertes et comme c'est en anglais je ne sais que comprendre , j'en ai 3 ou 4 qui se st ouvertes malgré que je les annule où est le piège
  15. MCFIVE
    bonjour HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 12:24:10 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 12:24:10 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 11/12/2009 23:40:50 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 12:24:10 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 12:24:10 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 11/12/2009 23:40:50 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 02/09/2009 23:53:11 1 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters NameServer REG_SZ 12/12/2009 03:25:19 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 12/12/2009 03:25:19 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 12/12/2009 03:25:19 0 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 12/12/2009 03:25:19 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 02/09/2009 23:53:11 1 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 12:24:10 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 12:24:10 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 11/12/2009 23:40:50 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 12:24:10 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 12:24:10 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 11/12/2009 23:40:50 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 02/09/2009 23:53:11 1 alors voici :
  16. MCFIVE
    bonsoir Falkra, alors voici : SmitFraudFix v2.424 Rapport fait à 23:43:59,79, 11/12/2009 Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Description: Realtek RTL8185 54M Wireless LAN Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.240 DNS Server Search Order: 212.27.40.241 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix Description: Realtek RTL8185 54M Wireless LAN Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.240 DNS Server Search Order: 212.27.40.241
  17. MCFIVE
    BONJOUR, t'as plusieurs cordes à ton arc semble t il; voici le rapport : SmitFraudFix v2.424 Rapport fait à 9:39:05,96, 11/12/2009 Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\vVX6000.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\docume~1\librai~1\locals~1\temp\sj-utility.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LIBRAIRIE »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LIBRAI~1\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LIBRAIRIE\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LOCALS~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Intel® PRO/1000 MT Desktop Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.112.116 DNS Server Search Order: 85.255.112.157 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: VIA Rhine III Fast Ethernet Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.112.116 DNS Server Search Order: 85.255.112.157 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Realtek RTL8185 54M Wireless LAN Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.112.116 DNS Server Search Order: 85.255.112.157 HKLM\SYSTEM\CCS\Services\Tcpip\..\{61C90031-F09A-4748-A4CB-05B7B452AD91}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS1\Services\Tcpip\..\{61C90031-F09A-4748-A4CB-05B7B452AD91}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS3\Services\Tcpip\..\{61C90031-F09A-4748-A4CB-05B7B452AD91}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6690AE63-C50B-4383-B9EF-7BACC2C62574}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22}: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.116,85.255.112.157 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.116,85.255.112.157 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  18. MCFIVE
    Je reviens car , hier, j'ai balancé à la poubelle " Personal security" et là je viens de le restaurer; j ai relancé "OTMoveIt (OTM) par OldTimer." et LA, rien n' a disparu du bureau ..mais MBAM reste toujours inerte quand je clique sur l'icône voici le nouveau rapport : Error: Unable to interpret <processes> in the current context! Error: Unable to interpret <explorer.exe> in the current context! ========== FILES ========== File/Folder c:\program files\fichiers communs\PSecurityUninstall not found. c:\program files\PSecurity folder moved successfully. ========== COMMANDS ========== OTM by OldTimer - Version 3.1.2.2 log created on 12112009_001807 Je te dis à tout à l'heure
  19. MCFIVE
    re.. MBAM ne réagit toujours pas. Loersque j'ai ouvert " OTMoveIt (OTM) par OldTimer " TOUT mon bureau a disparu...j ai éteind mon PC électriquement , réouvert et tout est réapparut. j'ai donc dû faire quelque chose d'incorrect ? Le presse papier, est-ce bien le "Bloc Note" ? j'ai recommencé la dite manoeuvre et dès que j'ai cliqué sur Moveit TOUT le bureau est à nouveau disparu...je re-eteinds/re-ouvre l'ordi. QUID ?
  20. MCFIVE
    BONSOIR FALKRA, Merci Falkra de répondre, excuse mon retard de réaction mais je suis rentré il y a peu de temps. - TOUT mon bureau a disparu plus d'icône, plus de barre de tâche, normal ou pas ? voici le rapport : ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== File/Folder c:\program files\fichiers communs\PSecurityUninstall not found. File/Folder c:\program files\PSecurity not found. ========== COMMANDS ========== OTM by OldTimer - Version 3.1.2.2 log created on 12102009_233457
  21. MCFIVE
    bonjour Thanos .... OK;pas de souc mercii
  22. MCFIVE
    BONSOIR tHANOS, LA est tout mon problème MBAM ne s'ouvre pas mon clic laisse MBAM i n e r t e ( et maintenant "Hijack this" même problème..que j ai télécharger pour le cas où...) je m'explique pour les 2 sujets : oui, c'est pour le même PC, il y a eu 2 périodes : -en juin dernier le problème concernant "MBAM" c'est produit je ne suis pas parvenu à le résoudre et je n ai pa eu de moment pour vous contacter; -cette semaine le problème avec "PERSONAL SECURITY" est apparu étant en anglais- je ne le comprends mal - le clic de refus à fait l inverse..voilà pourquoi 2 sujets ont été ouverts car je pense qu'ils sont indépendants et le problème est bien réel ..voilà. je te remercie de ta franche cordialité .
  23. MCFIVE
    OK ! alors voici : DDS (Ver_09-12-01.01) - NTFSx86 Run by LIBRAIRIE at 17:57:22,90 on 09/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.50 [GMT 1:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\vVX6000.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\docume~1\librai~1\locals~1\temp\sj-utility.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\PSecurity\psecurity.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\LIBRAIRIE\Mes documents\Téléchargements\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.jeuxvideo-flash.com/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://www.01net.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: &Security Update: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - c:\windows\system32\win32extension.dll BHO: EoBho Class: {64f56fc1-1272-44cd-ba6e-39723696e350} - c:\program files\eorezo\eoadv\EoRezoBHO.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background uRun: [EPSON Stylus SX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_SB6.tmp" /EF "HKCU" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [VX6000] c:\windows\vVX6000.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AA_SecuHDD] c:\docume~1\librai~1\locals~1\temp\sj-utility.exe sys_auto_run c:\docume~1\librai~1\locals~1\temp\ mRun: [Launch LCDMon] "c:\program files\fichiers communs\logitech\lcd manager\lcdmon.exe" mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [WUAppSetup] c:\program files\fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\librai~1\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\scroll~1.lnk - c:\program files\a.c\scroll-in-mouse v2.0\Scroll.exe uPolicies-system: DisableTaskMgr = IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179559769484 DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://config.zebulon.fr/plugins/MaConfig_3_5_1_0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.116,85.255.112.157 TCP: {61C90031-F09A-4748-A4CB-05B7B452AD91} = 85.255.112.116,85.255.112.157 TCP: {6690AE63-C50B-4383-B9EF-7BACC2C62574} = 85.255.112.116,85.255.112.157 TCP: {7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} = 85.255.112.116,85.255.112.157 Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\librai~1\applic~1\mozilla\firefox\profiles\6ri7nb6m.default\ FF - prefs.js: browser.startup.homepage - hotmail.com FF - component: c:\documents and settings\librairie\application data\mozilla\firefox\profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2001-11-22 70528] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-24 11608] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-7-24 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-24 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-24 55656] S2 gupdate1ca4fd9b60c03fe;Service Google Update (gupdate1ca4fd9b60c03fe);c:\program files\google\update\GoogleUpdate.exe [2009-10-18 133104] S3 HwIOctl;HwIOctl;\??\c:\program files\setup files\ms-6704 v1.30\hwioctl.sys --> c:\program files\setup files\ms-6704 v1.30\HwIOctl.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-5-29 234864] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-30 2383152] =============== Created Last 30 ================ 2009-12-09 14:59:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-09 14:58:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-09 14:58:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-09 14:58:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-06 14:58:14 0 d-----w- c:\program files\fichiers communs\PSecurityUninstall 2009-12-06 14:53:11 0 d-----w- c:\program files\PSecurity 2009-11-14 18:45:34 0 dc-h--w- c:\windows\ie8 ==================== Find3M ==================== 2009-11-16 22:57:40 49494 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-16 22:57:40 370414 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-18 10:00:40 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-15 13:36:30 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-24 19:00:17 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 17:58:05,57 =============== c'est très efficace ctrl etc...
  24. MCFIVE
    Voici le rapport DDS.txt comment dois je faire pour te le transmettre
  25. MCFIVE
    j ai télécharger "Hijack this" même problème...impossible de l'ouvrir je clique sur son icône et.... rien!
×
×
  • Créer...