Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse suite éradication Antivir XP 2008 [Résolu]

jay31

Par jay31
dans Analyses et éradication malwares

 Partager

Messages recommandés

jay31 Mega Power Member

jay31

Posté(e)
Posté(e) (modifié)

Bonjour à tous.

 

Le PC d'une amie était infecté par Antivir XP 2008

 

A l'aide d'antivir et de SDFIX, j'ai apparemment réussi à m'en débarrasser.

 

Voici le log HJT que je viens de faire. Ais-je tout virer ?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:35, on 05/09/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\sandrine\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [gwkwa] "c:\windows\system32\gwkwa.exe" gwkwa

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O8 - Extra context menu item: &Search - ?p=ZNxpt117YYFR

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

O15 - Trusted Zone: *.whataboutadog.com

O15 - Trusted Zone: *.whataboutarabit.com

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ce5f771e954c3e35.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Componen...geUploader5.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://marmaraphoto.com/Components/Upload/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O21 - SSODL: ZdTyxr - {A8927D3D-0238-D797-33E3-360A9DDF4170} - C:\WINDOWS\System32\cycv.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 5965 bytes

 

Est-ce clean ou alors il y a encore des problèmes sur ce PC ?

 

Par contre, je viens de me rendre compte que j'ai obtenu le log en mode "sans échec". Est-ce grave ?

 

Merci d'avance, Jay31

Modifié par jay31

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, vous avez eu un problème avec SDFix, ou le rapport a été fait avant redémarrage.

Redémarre en mode normal.

 

La machine est très vulnérable, le SP2 n'est même pas installé (à faire une fois les infections éliminées : toutes).

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

jay31 Mega Power Member

jay31

Posté(e)
  • Auteur
Posté(e)

J'avais effectué le reboot après SDFix mais en mode sans échec ce qui a empêché de finaliser le traitement. Le redémarrage en mode normal (pour suivre tes consignes) a relancé la fin de SDFix donc wait & see.

 

Merci.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok donc poste le rapport SDFix si tu l'obtiens (c:\SDFix\Report.txt si installé à la bonne place).

 

Puis utilise MBAM et poste son rapport. Ca va lui faire la peau. :P

jay31 Mega Power Member

jay31

Posté(e)
  • Auteur
Posté(e)

Bonsoir

 

Voilà déjà le rapport SDFix en attendant le reboot de la machine pour avoir le rapport suivant

 

SDFix: Version 1.221

Run by Serge BRAYE on 08/09/2008 at 19:02

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt10.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt11.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt12.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt13.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt14.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt15.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt16.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt17.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt18.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt19.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1A.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1B.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1C.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1D.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1E.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt1F.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt20.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt21.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt22.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt23.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt24.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt25.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt26.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt27.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt28.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt29.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2A.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2B.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2C.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2D.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2E.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt2F.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt3.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt30.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt31.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt32.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt33.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt34.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt35.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt36.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt37.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt38.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt39.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt3A.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt3C.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt4.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt4A.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt5.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt6.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt7.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt8.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.tt9.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttA.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttB.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttC.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttD.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttE.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\.ttF.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\tmp5.tmp - Deleted

C:\DOCUME~1\SERGEB~1\LOCALS~1\Temp\tmp5.tmp - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-08 22:46:53

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:8c,83,75,7d,8e,90,d5,cd,33,38,00,7b,f1,c2,42,e1,fc,7a,76,54,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,30,c3,5e,c3,e1,97,30,8f,e8,e9,62,81,a4,38,4d,6f,a6,..

"khjeh"=hex:94,9d,29,dc,ad,46,95,ec,2c,bc,b6,d0,43,03,d8,d4,f6,ee,82,4f,62,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:b3,da,e6,28,41,62,24,58,ce,11,23,8c,83,e9,96,04,30,8b,e4,81,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:8c,83,75,7d,8e,90,d5,cd,33,38,00,7b,f1,c2,42,e1,fc,7a,76,54,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,30,c3,5e,c3,e1,97,30,8f,e8,e9,62,81,a4,38,4d,6f,a6,..

"khjeh"=hex:94,9d,29,dc,ad,46,95,ec,2c,bc,b6,d0,43,03,d8,d4,f6,ee,82,4f,62,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:b3,da,e6,28,41,62,24,58,ce,11,23,8c,83,e9,96,04,30,8b,e4,81,03,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 20 Aug 2002 1,511,453 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"

Fri 16 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 16 Feb 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"

Fri 18 May 2007 22,016 ...H. --- "C:\Documents and Settings\sandrine\Application Data\Microsoft\Word\~WRL0003.tmp"

Fri 18 May 2007 23,040 ...H. --- "C:\Documents and Settings\sandrine\Application Data\Microsoft\Word\~WRL0540.tmp"

Fri 18 May 2007 25,088 ...H. --- "C:\Documents and Settings\sandrine\Application Data\Microsoft\Word\~WRL2026.tmp"

Fri 18 May 2007 23,552 ...H. --- "C:\Documents and Settings\sandrine\Application Data\Microsoft\Word\~WRL3748.tmp"

 

Finished!

jay31 Mega Power Member

jay31

Posté(e)
  • Auteur
Posté(e)

et voici le rapport de MBAM

 

Par contre, j'ai été obligé de le faire tourner en mode sans échec car en mode normal, le PC ne tourne quasiment pas :P

 

Si cela pose problème, j'essaierais de le refaire tourner demain en mode normal

 

Par contre, à la fin, il ne m'a pas ouvert le bloc notes mais il m'a demandé de redémarré ce que j'ai fait mais je ne trouve pas le rapport :?:

 

Où puis-je le trouver ???

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Pour poster le rapport MBAM, ouvre MBAM puis va dans l'onglet log/rapports tu pourras poster le bon (ils sont triés par dates, double clique dessus pour retrouver le tien).

 

Poste ensuite un nouveau rapport HijackThis stp (en mode normal).

jay31 Mega Power Member

jay31

Posté(e)
  • Auteur
Posté(e) (modifié)

Bon alors j'ai killé MBAM au bout de 35H d'analyses et il n'avait pas fini !!!

 

voici quand même le premier log

Malwarebytes' Anti-Malware 1.26

Version de la base de données: 1103

Windows 5.1.2600 Service Pack 1

 

08/09/2008 23:58:21

mbam-log-2008-09-08 (23-58-21).txt

 

Type de recherche: Examen rapide

Eléments examinés: 55084

Temps écoulé: 7 minute(s), 32 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 13

Valeur(s) du Registre infectée(s): 7

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 26

Fichier(s) infecté(s): 39

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\toolbar.tb (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.tb.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.

C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\rhcvkvj0e50l\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Application Data\rhcvkvj0e50l\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\33.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\34.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\35.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\37.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\39.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\4.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\5.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\56.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\6.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\7.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\8.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\9.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\B.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\C.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\D.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\E.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\F.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

C:\Program Files\WinBudget\bin\matrix.dat (Adware.AdMedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Serge BRAYE\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\celine\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gwkwa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\matbdtdcze_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcghmeh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nhrhmf_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qsgosbkkr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gwkwa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\matbdtdcze_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcghmeh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nhrhmf_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qsgosbkkr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

 

 

 

Par contre, voici le rapport HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:29:15, on 10/09/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\cleanmgr.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Serge BRAYE\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fluo.com/?m=Claudine

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe,

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [nhrhmf] c:\windows\system32\nhrhmf.exe nhrhmf

O4 - HKCU\..\Run: [qsgosbkkr] c:\windows\system32\qsgosbkkr.exe qsgosbkkr

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

O15 - Trusted Zone: *.whataboutadog.com

O15 - Trusted Zone: *.whataboutarabit.com

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ce5f771e954c3e35.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {8B1A14AF-E603-4356-B687-1F7D46522DD3} (Image Uploader Combo Control) - http://www.mesvacancesenphoto.com/Componen...geUploader5.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://marmaraphoto.com/Components/Upload/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O21 - SSODL: ZdTyxr - {A8927D3D-0238-D797-33E3-360A9DDF4170} - C:\WINDOWS\System32\cycv.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 6962 bytes

 

Merci

Modifié par jay31

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...