Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection Security tool et (autres?)

j0j0

Par j0j0
dans Analyses et éradication malwares

 Partager

Messages recommandés

j0j0 Junior Member

j0j0

Posté(e)
  • Auteur
Posté(e)

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Utilities CameraWindow-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"

Canon Utilities Digital Photo Professional 3.4-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities MyCamera-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"

Canon Utilities Original Data Security Tools-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities Picture Style Editor-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"

Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"

Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"

Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240

DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}

Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE

 

DriverGuide DriverScan-->C:\Program Files\DriverGuide DriverScan\uninstall.exe

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

foobar2000 v0.9.6.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000

Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"

Freecorder 2.3 (with Skype Call Recording)-->C:\WINDOWS\iun6002.exe "C:\Program Files\Freecorder\irunin.ini"

Freecorder Toolbar 3.02 Application-->"C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"

Freecorder Toolbar-->C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}

Guitar Pro 4-->MsiExec.exe /X{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}

Hattrick Organizer (remove only)-->C:\HattrickOrganizer\Uninstall.exe

Hercules Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}\Setup.exe" -l0x40c

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

 

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Kelly Slater's Pro Surfer-->MsiExec.exe /X{A4479693-378E-49EB-AD5A-C5A8B2BC097A}

KnC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71C554B9-79B7-4B5A-8AF0-C6E5CBE108CC}\setup.exe" -l0x40c -removeonly

Ma-Config.com-->MsiExec.exe /X{B312D12A-0320-4462-B6F7-C9B69EB3DB5C}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"

MicroBR Effect Manager-->MsiExec.exe /I{C864758B-73FC-48AB-98AC-409CAB127F72}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}

Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe

Open Video Converter version 3.22-->"C:\Program Files\VideoConverter\unins000.exe"

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

 

OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Outils de Guitare-Online - Accordeur (Version Light), version 2-->"C:\Program Files\Accordeur guitare\unins000.exe"

Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf

Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Photomatix Pro version 3.2.5-->"C:\Program Files\PhotomatixPro3\unins000.exe"

Pin High Country Club Golf-->C:\PROGRA~1\GAMEHO~1\PINHIG~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\PINHIG~1\INSTALL.LOG

PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"

PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

Proxifier version 2.7-->"C:\Program Files\Proxifier\unins000.exe"

ProxyCap-->MsiExec.exe /I{094D498F-466E-4822-97BF-FB43A961B669}

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

River Past Audio Converter Pro-->"C:\WINDOWS\Audio Converter Pro Uninstaller.exe"

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

 

SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe

SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025\HXFSETUP.EXE -U -Iqta00665.inf

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Stop Motion Animator 1.1.XP-->"C:\Program Files\Stop Motion Animator\setup\setup.exe" /u

TrackMania Nations ESWC 1.7.9-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"

TrackMania Nations Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11020

Trophy Bass 2007-->"C:\Program Files\Trophy Bass 2007\uninstall.exe"

TVUPlayer 2.3.6.1-->C:\Program Files\TVUPlayer\uninst.exe

Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}

Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}

Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}

Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}

VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Your Freedom 20071214-01-->C:\Program Files\Your Freedom\Uninstall.exe

 

 

======Security center information======

 

AV: Kaspersky Anti-Virus (disabled) (outdated)

 

======System event log======

 

Computer Name: MCE2005

Event Code: 7009

Message: Délai (30000 millisecondes) d'attente pour une connexion du service Service de planification Media Center.

 

Record Number: 20673

Source Name: Service Control Manager

Time Written: 20091102155914.000000+060

Event Type: erreur

User:

 

Computer Name: MCE2005

Event Code: 10005

Message: DCOM a reçu l'erreur "%1053" lors de la mise en route du service ehSched avec les arguments "-Service"

pour démarrer le serveur :

{4B635ECB-0887-4015-8CA6-D621362F98D1}

 

Record Number: 20672

Source Name: DCOM

Time Written: 20091102155913.000000+060

Event Type: erreur

User: MCE2005\Administrateur

 

 

Computer Name: MCE2005

Event Code: 4226

Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Record Number: 20671

Source Name: Tcpip

Time Written: 20091102152915.000000+060

Event Type: Avertissement

User:

 

Computer Name: MCE2005

Event Code: 7000

Message: Le service Service de planification Media Center n'a pas pu démarrer en raison de l'erreur :

Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.

 

 

Record Number: 20670

Source Name: Service Control Manager

Time Written: 20091102152913.000000+060

Event Type: erreur

User:

 

Computer Name: MCE2005

Event Code: 7009

Message: Délai (30000 millisecondes) d'attente pour une connexion du service Service de planification Media Center.

 

Record Number: 20669

Source Name: Service Control Manager

Time Written: 20091102152913.000000+060

Event Type: erreur

User:

 

=====Application event log=====

 

Computer Name: MCE2005

Event Code: 1000

Message: Application défaillante qtplugin.exe, version 1.1.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0xfb1769db.

 

Record Number: 6219

Source Name: Application Error

Time Written: 20091113191145.000000+060

Event Type: erreur

User:

 

Computer Name: MCE2005

Event Code: 105

Message: The service was started.

 

Record Number: 6218

Source Name: ATI Smart

Time Written: 20091113191119.000000+060

Event Type: Informations

User:

 

Computer Name: MCE2005

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 6217

Source Name: SecurityCenter

Time Written: 20091112201139.000000+060

Event Type: Informations

User:

 

 

Computer Name: MCE2005

Event Code: 1

Message:

Record Number: 6216

Source Name: Bonjour Service

Time Written: 20091112201138.000000+060

Event Type: Informations

User:

 

Computer Name: MCE2005

Event Code: 105

Message: The service was started.

 

Record Number: 6215

Source Name: ATI Smart

Time Written: 20091112201132.000000+060

Event Type: Informations

User:

 

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0d06

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

et Malwarebytes log : :P

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3176

Windows 5.1.2600 Service Pack 2

 

16/11/2009 04:49:50

mbam-log-2009-11-16 (04-49-50).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 233505

Temps écoulé: 2 hour(s), 28 minute(s), 22 second(s)

 

Processus mémoire infecté(s): 5

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 10

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 199

 

Processus mémoire infecté(s):

C:\WINDOWS\system32\sfhsncf.exe (Trojan.Dropper) -> Unloaded process successfully.

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Unloaded process successfully.

C:\Documents and Settings\Administrateur\restorer32_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINDOWS\system32\pqrs.tmo (Backdoor.Bredavi) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfhsncf (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pqrs.tmo printer) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (c:\windows\system32\userinit.exe,C:\Documents and Settings\Administrateur\octanwf.exe \s) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users.WINDOWS\Application Data\81280423 (Rogue.Multiple) -> Quarantined and deleted successfully.

 

 

Fichier(s) infecté(s):

C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINDOWS\system32\sfhsncf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pqrs.tmo (Backdoor.Bredavi) -> Delete on reboot.

C:\Documents and Settings\Administrateur\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\22yj2fy1.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\ctu8r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\l61yyp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\ph.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\afpfdtc.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\1BE.tmp (Backdoor.Bredavi) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\bcxafagy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C1.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C2.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C3.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C4.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C5.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C6.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C7.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C8.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1C9.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1CA.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1CB.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1CC.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\BN1CD.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\jugsiykb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\TMP1FF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\tqeefenu.exe (Trojan.Crypt) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\81280423\81280423.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Program Files\Samsung\Samsung PC Studio 3\util\ProfileLoadX800.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Samsung\Samsung PC Studio 3\util\ProfileLoadZ510.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

 

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP250\A0080434.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP250\A0080504.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP250\A0080550.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP251\A0080554.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP251\A0080567.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP251\A0080613.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080616.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080625.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080636.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080648.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080680.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080694.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP252\A0080705.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP253\A0080710.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP253\A0080724.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP253\A0080738.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP253\A0080749.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP254\A0080774.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP254\A0080794.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP254\A0080795.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP254\A0080811.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP254\A0080812.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080816.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080824.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080825.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080842.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080843.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080852.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP255\A0080853.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP256\A0080874.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0080958.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0080986.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0080987.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0080996.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0080997.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081010.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081011.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}

j0j0 Junior Member

j0j0

Posté(e)
  • Auteur
Posté(e)

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081020.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081021.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081030.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081031.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081040.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081041.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081050.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081051.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081064.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP257\A0081065.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP258\A0081067.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081081.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081129.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081130.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081139.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081142.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081151.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP259\A0081153.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP260\A0081155.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP260\A0081164.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP260\A0081165.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP260\A0081176.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP260\A0081177.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081199.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081180.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081188.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081189.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081198.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081208.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP261\A0081209.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081212.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081214.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081222.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081223.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081239.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081241.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081281.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081282.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081291.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP262\A0081292.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP263\A0081295.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP263\A0081305.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP263\A0081306.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP263\A0082305.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP263\A0082306.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP264\A0082331.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP264\A0082312.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP264\A0082320.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP264\A0082322.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP264\A0082330.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082356.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082340.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082341.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082351.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082353.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082363.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP265\A0082365.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP266\A0082367.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP266\A0082376.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP266\A0082377.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0082398.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0082482.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0082483.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087549.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0082530.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0082531.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0083532.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0083535.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0084538.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0085532.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0085533.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0086534.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0086535.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087534.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087536.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087547.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087559.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0087563.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0088559.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0088562.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0088573.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP267\A0088574.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0090572.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0090575.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0091571.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0092573.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0092575.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0093573.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0093575.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0094575.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0094585.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0094587.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0094597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0094599.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0095599.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0096597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0091574.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0096599.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0096609.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0096610.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0097612.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0097626.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0097638.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP268\A0097639.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP269\A0097644.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{71C39EDC-2092-4254-8FCA-A921A9BF9962}\RP269\A0097646.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\zavupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Bureau\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\removeMe0467.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Delete on reboot.

 

 

C:\Documents and Settings\Administrateur\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\get_file.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\media.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\video1166.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\video1166.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv271257061249.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv791257179558.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv971255562528.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

 

 

 

J'espere que tu ne seras pas desesperé en voyant ça!

Merci

 

Si tu préfères je peu te mailer un fichier texte avec les 3 rapports. J'ai peur que tout les copier coller que j'ai du faire perturbent la lecture...

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

Tu as bien fait de poster les rapports.... Le pc est encore infecté!!

Tu me dis que tu n'as pas appliqué ComboFix à la fin de la procédure, mais on en voit une trace sur le rapport.

 

On va supprimer ComboFix comme ceci et le réinstaller pour terminer le travail >>

 

1°) Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et tape ceci > ComboFix /uninstall (il ya un espace entre x et / )

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

2°) Installation de ComboFix

  • Fais un clic sur le bouton droit de ta souris ICI
  • Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  • Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> j0j0.exe
  • Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  • Assure toi que tous les programmes soient fermés avant de lancer le fix!
  • Fait un double clique sur j0j0.exe.
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  • Si le rapport est trop long, poste le en deux fois.
  • Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt

Attention! Ton pc n'est plus protégé par un antiviru!! surtout n'utilise pas ta connexion tant que celui ci n'est pas désinfecté et de nouveau protégé. Débranche ta connexion pendant ce temps.

Modifié par Thanos
j0j0 Junior Member

j0j0

Posté(e)
  • Auteur
Posté(e)

Je viens de lancer ComboFix, j'ai une fenêtre bleu, en en-tête C:\.

Et rien ne se passe...

 

"Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !"

 

J'ai peur de fermer la fenetre maintenant... :P

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

jOjO, peux tu me poster le contenu de ce fichier stp ? >> C:\Bug.txt

 

On va procéder autrement >>

 

Désinstalle: Ask & Record Toolbar 4.00 et Ask Toolbar

Est ce toi qui as installé ces deux programmes ? >> Proxifier et ProxyCap

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

 

1°) Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :first

:processes
explorer.exe

:files
C:\WINDOWS\system32\photo_id.exe
C:\WINDOWS\system32\r7vejjttdnou.exe
C:\WINDOWS\system32\regedit.exe
C:\WINDOWS\system32\sfhsncf.exe
C:\WINDOWS\system32\xtsocx.exe
C:\Program Files\AskBarDis
C:\Program Files\Ask & Record Toolbar
C:\WINDOWS\system32\config\system
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\81280423
C:\WINDOWS\Temp\wpv791257179558.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\sysupd32.exe
G:\l61yyp.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Ask and Record FLV Service"=-
r7vejjwtdn8t"=-
"photo_id"=-
"Regedit32"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"photo_id"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\81280423]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysgif32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\xtsocx.exe"=-
"C:\WINDOWS\system32\sfhsncf.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec8b826e-16e2-11dd-8587-9bc57b5f4e43}]

:commands
[emptytemp]
[start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée img-025804xb055.png puis choisis Coller.
  • Clique sur le bouton rouge img-025919bxiq4.png
  • Ferme OTM
  • Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

2°) Télécharge Antivir sur le bureau, et installe le programme.

 

Mets Antivir à jour et configure le en suivant les indications du Tutoriel vidéo d'angelique

(les réglages sont identiques même si la la version décrite est en anglais).

 

Fais un scan du pc avec Antivir comme ceci >>

 

Double-clique sur son icône près de l'horloge: cela ouvre l'interface principale.

Clique ensuite sur "Contrôler syst." à droite de "Dernier contrôle syst. intégral".

/!\ Cela peut être long.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Rapport").

 

Si Antivir détecte des fichiers infectés, mets les en quarantaine: choisis "Déplacer en quarantaine" dans la liste des actions.

Tu peux automatiser ce type d'action en cochant la case Appliquer la sélection à toutes les détections.

img-215734c8f3z.png

Cela permet de ne pas rester à la surveiller.:P

 

Poste stp les rapports d'Antivir et d'OTM.

A cela ajoute un rapport RSIT (poste le rapport log.txt mais en un seul message stp sans le découper).

 

@+

j0j0 Junior Member

j0j0

Posté(e)
  • Auteur
Posté(e)

Bonjour Thanos, je n'étais pas chez moi ce week end, je répond donc que maintenant.

 

(Pour Proxifier et ProxyCap, c'est moi qui les aient installer pour essayer de jouer sur une connexion bridée, sans succès d'ailleurs...)

 

L'autre jour avec combofix je n'en suis pas resté là, je pense avoir eu le bug car j'ai voulu le faire avec une connexion internet active.

Donc 'ai retenté sans la connexion. Là combofix s'est lancé, mais avec un problème de récupération de console windows si mes souvenirs sont bons.

 

Je te poste donc le seul fichier texte qui s'apparente à un rapport :

 

ComboFix 09-11-19.05 - Administrateur 20/11/2009 3:26:30.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.284 [GMT 1:00]

Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\j0j0.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

Pas de console, pas de rapport?

 

Je suis la nouvelle procédure quand même?

Je n'est pas trouver de fichier bug.

 

Merci encore

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Donc 'ai retenté sans la connexion. Là combofix s'est lancé, mais avec un problème de récupération de console windows si mes souvenirs sont bons.

Oui c'est normal. ComboFix télécharge la Console de Récupération pour ta version de Windows au lancement. Si la connexion n'est pas activée, il ne peut pas se connecter au serveur et affiche donc un message d'erreur.

 

Pas de console, pas de rapport?

Non: il devrait y avoir un rapport même si ComboFix ne parvient pas à télécharger la Console. L'outil a donc eu un problème. Si tu trouves le fichier C:\Bug.txt, poste son contenu stp.

Je suis la nouvelle procédure quand même?

Oui! car le pc est infecté. Poste le rapport d'OTM puis lance le scan avec Antivir et poste son rapport avec un nouveau rapport RSIT.

 

Courage :P

j0j0 Junior Member

j0j0

Posté(e)
  • Auteur
Posté(e)

Salut,

 

J'ai un petit souci pour la mise à jour d'antivir : "lors de la tentative de lancement de la mise à jour via internet, l'erreur suivante s'est produite : Scheduler not loaded."

 

Sinon OTM à fonctionné, je te posterai le rapport aprés avoir fait tourner Antivir.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...