Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Infecté par Antivirxp 2008

BaK

Par BaK
dans Analyses et éradication malwares

 Partager

Messages recommandés

BaK Godlike Member

BaK

Posté(e)
Posté(e) (modifié)

Bonjour à tous,

 

J'ai suivi les infos d'Angélique :P sur ce post.

 

1) Rapport SDfix:

SDFix: Version 1.220

Run by Administrateur on 02.09.2008 at 20:03

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default Desktop Wallpaper

Restoring Default ScreenSaver value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\lphcrwdj0epb7.exe - Deleted

C:\WINDOWS\system32\pphcrwdj0epb7.exe - Deleted

C:\Program Files\rhcvwdj0epb7\database.dat - Deleted

C:\Program Files\rhcvwdj0epb7\license.txt - Deleted

C:\Program Files\rhcvwdj0epb7\MFC71.dll - Deleted

C:\Program Files\rhcvwdj0epb7\MFC71ENU.DLL - Deleted

C:\Program Files\rhcvwdj0epb7\msvcp71.dll - Deleted

C:\Program Files\rhcvwdj0epb7\msvcr71.dll - Deleted

C:\Program Files\rhcvwdj0epb7\rhcvwdj0epb7.exe - Deleted

C:\Program Files\rhcvwdj0epb7\rhcvwdj0epb7.exe.local - Deleted

C:\Program Files\rhcvwdj0epb7\Uninstall.exe - Deleted

C:\WINDOWS\system32\phcrwdj0epb7.bmp - Deleted

C:\WINDOWS\system32\blphcrwdj0epb7.scr - Deleted

C:\WINDOWS\system32\a.exe - Deleted

C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

C:\WINDOWS\system32\tdssadw.dll - Deleted

C:\WINDOWS\system32\tdssinit.dll - Deleted

C:\WINDOWS\system32\tdssl.dll - Deleted

C:\WINDOWS\system32\tdsslog.dll - Deleted

C:\WINDOWS\system32\tdssmain.dll - Deleted

C:\WINDOWS\system32\tdssservers.dat - Deleted

 

 

 

Folder C:\Program Files\rhcvwdj0epb7 - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 20:19:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="28ED97DF60925E22368F63A2EA996DA992EAAA4F39A2A7EB9DEEE61FAD5DEF6CBE857235B86

3BA8E1688AD3A8D937851B481ADC4E9C20B65EE44828DE9355A0A3C50047C716BE43EA206BB8221B

C

EFC3372B523BDB493FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7

4

CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3

D

A9C6AECB7A5D14078FAE6BE91B50A2AB575FCDC6C43313F8C66EDE538003161D5C19C3F21BFE1557

5

B17CDE16A0B1E51D294F7207EB8CADE6742C27C9558FD447AF5502364A6731314D4E03C327C1814A

A

9693263D18B841ADD079B2F5767CD1E7D3FC7B883537D1B0A196C4AE8A7D4F6CE04D6CE1CC1695DA

7

30F71CB0738F2BC91D38514A59299BCFA93AAF3A02D8337B1886B24CF90F3464B439B1237497BA24

F

91A867F2AC1658233301662DFA55400DDA008E21491A56BC087597B5BEDFD7F1A436B822A0953520

8

0404023AF8BCD3911E90046D4688970862881389A3A2F22B35F8F36FD0C9ABC3FC210F808123FC12

7

4FABC3BCE4F1511AC2C67753498D4E96B9C8394710E507E349B5293379027551B517A77C36B211D1

3

5333052ED6FA7D9C095B9F35B05D09775E8B255F41D68F58B9D0108AA0822F1D5662375AEE0223E5

2

F9496D4DFA2FB850321786DCA6F0AEA1EE64C1343DBDF0DC55148EB405F7B7B050FC156ADEFED843

E

EDE522D4AAB4A2A8C678365B360FAE8C5CBE4CF91256E03C3EE3D575D5B3C20D213B8864BF44C404

E

A69A7961C86E7A5519B16FD26C40D2553C2B60B4295E1862432FAA7B726A5EDD42C74B4E7B617773

C

8222AA452BC0FDA071C74B70C6BC477011C04C48A0FE5BBDD3F5D1AC1192A63B35ABB7A9FA989FC7

4

3E254FF0C420BFE5DB1C22675999B8A02CD3F3A792BD3CAEEE7FDAE07E7AB6AEB42B758380893D88

B

FA424F91B247C36AAF7A1FB7B45EB99E979DF6867F95AE3966039B668C4460A0A706EF45B11014E4

A

36FC54B8363053C94E384BC4078DC46EC33FC07AF8040D7378BB4E5350171D129EF288E2E81E4080

C

724E1AC8547073C78BC1DE53273B6A8D755C1F3B6DFD8F96804B2421C9C4A7354FB4A66BA54E4714

5

7F8792DE67B349CD1DCE5EFB523FEF6B4636596F67DDFD8629E5EECFD69B7794E40419D285326840

8

7B869BDB90FD22464355BE98F6A6C13AA58F5D5426CA6F5E0D846C5C7638E359C069F7CB40BFA331

9

19ADF477E58254120B613D609DCF1CFA8D9DD2FB7EB8D9F882BE9AB57C2EDD368CEDDC5748F4C785

2

CC95CCD78B5DD4D73D27AC2BE567DCABDB9E1832D2C8DA280EAD3BB8E6E10C02DF9EE7BCB8E37091

B

511E1363CB93D888387FB86EA34FD52929EE83B90D7290C1F313ADE786C4EF5BB38636AD70B47AFC

1

3024513BAD2DD7E5E27E14DE25957"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:0000003c

"TracesSuccessful"=dword:00000027

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 19 Jun 2007 56 ..SHR --- "C:\WINDOWS\system32\629303D370.sys"

Tue 19 Jun 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Sat 27 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

 

Finished!

 

2) Les 2 rapports RSIT:

Logfile of random's system information tool (written by random/random)

Run by Serge at 2008-09-02 20:23:12

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 13 GB (64%) free of 20 GB

Total RAM: 767 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:23:24, on 02.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Serge\Bureau\RSIT.exe

C:\Program Files\trend micro\Serge.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Raccourci vers Rainlendar.exe.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 4380 bytes

 

Registry dump

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]

Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{4596013b-6c31-408b-a266-deae5c086dc2} - Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-24 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier.exe"=C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-19 1667584]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Raccourci vers Rainlendar.exe.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

 

C:\Documents and Settings\Serge\Menu Démarrer\Programmes\Démarrage

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6483ba12-3fb8-11dd-9a92-0040f4a0329b}]

shell\AutoRun\command - J:\InstallTomTomHOME.exe

 

 

List of files/folders created in the last three months

 

2008-09-02 20:23:14 ----D---- C:\Program Files\trend micro

2008-09-02 20:23:12 ----D---- C:\rsit

2008-09-02 19:52:46 ----D---- C:\WINDOWS\ERUNT

2008-09-02 19:49:01 ----D---- C:\SDFix

2008-09-02 17:54:56 ----D---- C:\Documents and Settings\Serge\Application Data\rhcvwdj0epb7

2008-09-02 17:54:17 ----A---- C:\WINDOWS\system32\tdssserf.dll

2008-07-27 20:42:13 ----D---- C:\Program Files\MosArt

2008-07-27 20:38:42 ----D---- C:\Program Files\Actions

2008-07-16 22:24:32 ----D---- C:\Program Files\Share_Accelerator_MM

2008-07-16 22:24:28 ----A---- C:\WINDOWS\system32\Msvcrtd.dll

2008-07-16 22:24:16 ----D---- C:\Program Files\Zapu

2008-07-16 22:20:02 ----D---- C:\Documents and Settings\Serge\Application Data\AlauxSoft

2008-07-16 22:20:01 ----D---- C:\Program Files\Comptes et Budget Free V5.0

2008-06-21 19:53:30 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom

2008-06-21 19:53:22 ----D---- C:\Documents and Settings\Serge\Application Data\TomTom

2008-06-21 19:52:54 ----D---- C:\Program Files\TomTom HOME 2

2008-06-21 19:34:12 ----D---- C:\Program Files\TomTom HOME

 

List of drivers

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-24 75072]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 AR5211;Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-21 411680]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-19 701440]

R3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]

R3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2004-08-04 73216]

R3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2004-08-04 52224]

R3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2004-08-04 63488]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 catchme;catchme; \??\C:\DOCUME~1\Serge\LOCALS~1\Temp\catchme.sys []

R3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-19 47360]

R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-17 186592]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

 

List of services

 

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-24 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-17 149761]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-01-12 707344]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 2008-09-02 20:23:26

 

Uninstall list

 

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Actions MP3 Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A6F0AF8-5AD2-4E0D-8A92-B0706570C40D}\Setup.exe"

AlauxSoft Comptes et Budget Free V5.0-->"C:\Program Files\Comptes et Budget Free V5.0\unins000.exe"

Assistant Avery 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB7A2041-6A16-4BAC-8079-43B985673C2C}

Aston Flash v2.0-->"C:\Program Files\Aston-Team 2002\Aston Flash\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

BankPerfect 6.21-->"C:\Program Files\BankPerfect\uninstall.exe"

CAS Interface Studio 8.3a-->MsiExec.exe /X{E6E8CFD3-1A0C-4957-95AF-32E7F31A736A}

CAS Interface Studio 8.4-->MsiExec.exe /X{E28B99C0-7953-4960-B575-02E31F20A609}

Ch Editor-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Ch Editor\IFU159.inf

ConvertXtoDVD 2.2.0.251-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"

CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}

DISKdata-->C:\PROGRA~1\DISKdata\UNWISE.EXE C:\PROGRA~1\DISKdata\INSTALL.LOG

eMulev0.47c.-MorphXTv9.5-->"C:\Program Files\eMule\unins000.exe"

FileMaker Pro 8.5 Advanced-->MsiExec.exe /I{C978F5A7-5E75-4DBD-BFD7-A0488E8EFF9E}

Folder Marker v 1.4-->"C:\Program Files\Folder Marker\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Ma-Config.com plugin-->MsiExec.exe /I{BC2D90DE-8D75-4DEB-8865-B4F710CD4ABA}

Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}

Micro Application - PrintPratic 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC79B672-686B-4C0A-9402-12EA1A04A99C}\Setup.exe" -l0x40c

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}

Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Nero 7 Premium-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}

OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe

Rainlendar (remove only)-->"C:\Program Files\Rainlendar\uninst.exe"

SetEditAston (remove only)-->"C:\Program Files\SetEditAston\uninstall.exe"

Share Accelerator MM Toolbar-->C:\PROGRA~1\SHARE_~1\UNWISE.EXE C:\PROGRA~1\SHARE_~1\INSTALL.LOG

SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"

Symphony 7.0-->MsiExec.exe /X{FF46B3FA-EC31-4218-8595-F7D90D08796D}

TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

USB MP3 Driver v1.17r014-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68CD2C2F-1271-11D7-9D8C-00E018AAC9EC}\Setup.exe" -l0x40c

Vantage Editor-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Vantage Editor\IFU155.inf

VaudTax2007-->"C:\Program Files\VaudTax2007\UninstallerData\Uninstall VaudTax2007.exe"

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WDN4OAK+-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Humax Digital\WDN4OAK+\DeIsL2.isu" -cC:\PROGRA~1\HUMAXD~1\WDN4OA~1\_ISREG32.DLL

Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

 

Hosts File

 

127.0.0.1 localhost

 

Security center information

 

AV: Avira AntiVir PersonalEdition

 

Environment variables

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0007

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

Qqun pourait-il prendre le relai pour me dire s'il reste des traces du malware?

Et me dire comment mon paternel a fait pour le choper? :P

 

 

Merci d'avance, a+ :P

Modifié par BaK

angelique Devil Member !

angelique

Posté(e)
Posté(e)

» Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

==> ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

http://forum.zebulon.fr/infecte-par-antivirxp-2008-t150572.html
Collect::[27]
C:\WINDOWS\system32\tdssserf.dll

Folder::
C:\SDFix
C:\Documents and Settings\Serge\Application Data\rhcvwdj0epb7
C:\PROGRA~1\ALWILS~1

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

- Un fichier zippé sera créé sur ton bureau > [4]-Submit_Date_Time.zip

- Un autre fichier est ajouté à présent sur le bureau > CF-Submit.htm

 

Lorsque CF termine son travail, il affiche le rapport CF > si le fichier CF-Submit.htm est détecté, le message suivant va s'afficher

 

CF-Submit_notice.gif

 

 

clique sur [OK], le navigateur va charger CF-Submit.htm comme ceci >

 

CF-Submit.gif

 

Tu n'as qu'à copier/coller le chemin du fichier dans la boite et à cliquer sur [OK]\send File

BaK Godlike Member

BaK

Posté(e)
  • Auteur
Posté(e)

Salut Angélique!

 

Merci pour ton aide!

 

Voilà le rapport log.txt ComboFix:

ComboFix 08-09-01.05 - Serge 2008-09-03 20:11:22.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.473 [GMT 2:00]

Endroit: C:\Documents and Settings\Serge\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Serge\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk

C:\Documents and Settings\Serge\Application Data\inst.exe

C:\Documents and Settings\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\Serge\Application Data\rhcvwdj0epb7

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\Cghtme.exe

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\Csweg.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBeep.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HaxdFix.reg

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\HPFix8.reg

C:\SDFix\apps\HPFix9.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\moveex.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\command.com

C:\SDFix\apps\Replace\w2k\command.PIF

C:\SDFix\apps\Replace\w2k\CONFIG.NT

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\xp\AUTOEXEC.NT

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\command.com

C:\SDFix\apps\Replace\xp\command.PIF

C:\SDFix\apps\Replace\xp\CONFIG.NT

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg

C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg

C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\catchme.log

C:\SDFix\backups\HOSTS

C:\SDFix\catchme.exe

C:\SDFix\DBFix.bat

C:\SDFix\DBFIX_Report.txt

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\SDFix\W2K_VirusAlert_Repair.inf

C:\SDFix\XP_VirusAlert_Repair.inf

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\tdssserf.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSSERV

-------\Service_TDSSserv

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-02 20:23 . 2008-09-02 20:23 <REP> d-------- C:\rsit

2008-09-02 20:23 . 2008-09-02 20:23 <REP> d-------- C:\Program Files\trend micro

2008-09-02 19:52 . 2008-09-02 19:52 <REP> d-------- C:\WINDOWS\ERUNT

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-03 16:52 --------- d-----w C:\Program Files\eMule

2008-08-14 08:34 --------- d-----w C:\Program Files\Director Assistant

2008-07-30 17:33 --------- d-----w C:\Documents and Settings\Serge\Application Data\Ahead

2008-07-27 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-27 18:42 --------- d-----w C:\Program Files\MosArt

2008-07-27 18:38 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-07-27 18:38 --------- d-----w C:\Program Files\Actions

2008-07-24 17:51 --------- d-----w C:\Program Files\Zapu

2008-07-16 20:24 --------- d-----w C:\Program Files\Share_Accelerator_MM

2008-07-16 20:20 --------- d-----w C:\Program Files\Comptes et Budget Free V5.0

2008-07-16 20:20 --------- d-----w C:\Documents and Settings\Serge\Application Data\AlauxSoft

2007-06-19 21:56 47,360 ----a-w C:\Documents and Settings\Serge\Application Data\pcouffin.sys

2007-06-19 21:19 56 --sh--r C:\WINDOWS\system32\629303D370.sys

2007-06-19 21:19 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

2004-08-19 16:09 694784 848baaf9d7e2a2ce9ca1cd0c2db43833 C:\WINDOWS\system32\wininet.dll

2004-08-19 16:09 694784 848baaf9d7e2a2ce9ca1cd0c2db43833 C:\WINDOWS\system32\dllcache\wininet.dll

 

2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe

2004-08-19 16:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\system32\dllcache\explorer.exe

 

2004-08-19 16:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\wuauclt.exe

2004-08-19 16:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-25 683520]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-24 266497]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

 

R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6483ba12-3fb8-11dd-9a92-0040f4a0329b}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-03 20:17:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-03 20:20:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-03 18:20:00

 

Pre-Run: 13,434,187,776 octets libres

Post-Run: 14,196,736,000 octets libres

 

232

 

Pas de trace de CF-Submit.htm, l'analyse s'est terminée après que la génération du rapport ci-dessus.

 

Par contre, au reboot de ComboFix, j'ai eu droit à un BSOD! :P

J'ai pu noté que mrxsmb.sys était en cause... :P

 

Voilà, j'attends la suite en espérant que le PC soit propre!

 

Encore merci, a+

angelique Devil Member !

angelique

Posté(e)
Posté(e)

ça me parait propre.

 

• as tu sur ton bureau [27]-Submit_Date_Time.zip ?? si non , regarde dans c:\qoobox , tu dois avoir un dossier quarantaine et dedans "tdssserf.dll", si oui , upload la à cette adresse:

http://www.bleepingcomputer.com/submit-mal....php?channel=27

 

• Pour ComboFix c'est ok , tu peux le desinstaller en copiant_collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

supprime ensuite si restant c:\combofix , c:\bug , c:\qoobox

 

 

 

• pour ton bsod , peu d'info, cela s'est il reproduit??

 

j'ai trouvé ça:

mrxsmb.sys est lié au "Windows NT SMB Minirdr"

patch pour sp1 et sp2 au cas ou :

http://www.microsoft.com/downloads/details...5a-36b7865a030c

 

• as tu fait un scan antivir ? si non fait le et poste le rapport.

BaK Godlike Member

BaK

Posté(e)
  • Auteur
Posté(e) (modifié)

Cool!

 

J'ai dû faire le reste par téléphone...

 

- On a uploadé [27]-Submit_Date_Time.zip, qui se trouvait bien dans C:\qoobox\quarantaine, sur bleeping computer

 

- La suppression de combofix avec "ComboFix /u" a été refusée

 

- La suppression du dossier C:\qoobox a été refusée

 

Sinon le BSOD ne s'est pas reproduit, je garde ton lien sous la main au cas où!

 

Je posterai le rapport Antivir dans un jour ou deux, lorsque j'aurais accès au PC moi-même. Je retenterai les manips ci-dessus qui n'ont pas marché :P

 

Le PC se comporte bien à part ça, tout semble en ordre!

 

 

Encore merci pour le support, a+ :P:P

 

 

EDIT: Je vois que ce virus est à la mode ces temps-ci. Cela veut-il dire que son mode d'opération est plus vicieux que la normale, ou est-ce simplement dû aux mauvais comportements des utilisateurs?

Modifié par BaK
angelique Devil Member !

angelique

Posté(e)
Posté(e)
- La suppression de combofix avec "ComboFix /u" a été refusée

 

- La suppression du dossier C:\qoobox a été refusée

 

tu feras un reboot du pc , et tu renouvelleras l'opération.

 

- On a uploadé [27]-Submit_Date_Time.zip, qui se trouvait bien dans C:\qoobox\quarantaine, sur bleeping computer

 

:P

 

Sinon le BSOD ne s'est pas reproduit, je garde ton lien sous la main au cas où!

 

Tant mieux :P

 

Je posterai le rapport Antivir dans un jour ou deux, lorsque j'aurais accès au PC moi-même. Je retenterai les manips ci-dessus qui n'ont pas marché

 

ça devrait fonctionner :P , ok pour la rapport antivir , tu le posteras quand tu auras le temps, c'est vraiement pour virer les residus non actifs.

 

edit:: Pour le mode de fonctionnement , je dirais pages malicieuses et comportement de l'user sont les fautifs \o_

  • 2 semaines après...
BaK Godlike Member

BaK

Posté(e)
  • Auteur
Posté(e)

Hello

 

Désolé pour le délai...

 

Voilà le rapport Antivir:

 

Avira AntiVir Personal

Report file date: mardi, 9. septembre 2008 20:22

 

Scanning for 1605222 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: GA-8TX

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 24.07.2008 17:49:20

AVSCAN.DLL : 8.1.4.0 40705 Bytes 24.07.2008 17:49:20

LUKE.DLL : 8.1.4.5 164097 Bytes 24.07.2008 17:49:20

LUKERES.DLL : 8.1.4.0 12033 Bytes 24.07.2008 17:49:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 14:27:15

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 18:02:40

ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31.08.2008 16:51:51

ANTIVIR3.VDF : 7.0.6.133 272896 Bytes 09.09.2008 10:53:31

Engineversion : 8.1.1.28

AEVDF.DLL : 8.1.0.5 102772 Bytes 27.04.2008 18:04:25

AESCRIPT.DLL : 8.1.0.70 319866 Bytes 09.09.2008 10:53:48

AESCN.DLL : 8.1.0.23 119156 Bytes 24.07.2008 17:49:21

AERDL.DLL : 8.1.1.1 397683 Bytes 09.09.2008 10:53:45

AEPACK.DLL : 8.1.2.1 364917 Bytes 24.07.2008 17:49:21

AEOFFICE.DLL : 8.1.0.23 196987 Bytes 09.09.2008 10:53:42

AEHEUR.DLL : 8.1.0.51 1397111 Bytes 09.09.2008 10:53:41

AEHELP.DLL : 8.1.0.15 115063 Bytes 09.06.2008 18:02:40

AEGEN.DLL : 8.1.0.36 315764 Bytes 18.08.2008 18:28:33

AEEMU.DLL : 8.1.0.7 430452 Bytes 03.08.2008 19:59:55

AECORE.DLL : 8.1.1.11 172406 Bytes 09.09.2008 10:53:33

AEBB.DLL : 8.1.0.1 53617 Bytes 24.07.2008 17:49:21

AVWINLL.DLL : 1.0.0.12 15105 Bytes 24.07.2008 17:49:20

AVPREF.DLL : 8.0.2.0 38657 Bytes 24.07.2008 17:49:20

AVREP.DLL : 8.0.0.2 98344 Bytes 03.08.2008 19:59:52

AVREG.DLL : 8.0.0.1 33537 Bytes 24.07.2008 17:49:20

AVARKT.DLL : 1.0.0.23 307457 Bytes 27.04.2008 18:04:24

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 24.07.2008 17:49:20

SQLITE3.DLL : 3.3.17.1 339968 Bytes 27.04.2008 18:04:24

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 24.07.2008 17:49:20

NETNT.DLL : 8.0.0.1 7937 Bytes 27.04.2008 18:04:24

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 24.07.2008 17:49:17

RCTEXT.DLL : 8.0.52.0 86273 Bytes 24.07.2008 17:49:17

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:, F:, G:, H:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: off

 

Start of the scan: mardi, 9. septembre 2008 20:22

 

The scan of running processes will be started

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'oodag.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned

Scan process 'RocketDock.exe' - '1' Module(s) have been scanned

Scan process 'Rainlendar.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

32 processes with 32 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

Boot sector 'H:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '49' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <XP>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <XP2>

Begin scan in 'E:\' <Swap>

E:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'F:\' <Donnees>

Begin scan in 'G:\' <Save>

Begin scan in 'H:\' <Video>

 

 

End of the scan: mardi, 9. septembre 2008 21:41

Used time: 1:18:45 Hour(s)

 

The scan has been done completely.

 

5627 Scanning directories

357908 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

357906 Files not concerned

8780 Archives were scanned

2 Warnings

0 Notes

 

Ca me semble OK, les fichiers swap n'ont pas pu être lu, c'est tout! :P

 

ok pour la rapport antivir , tu le posteras quand tu auras le temps, c'est vraiement pour virer les residus non actifs.

Encore qqch à supprimer? :P

 

Merci, a+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...