Just-in-time debugging
Dernière réponse : dans Sécurité
j'ai une fenetre just in time debugging qui souvre toujour et depuis je ne suis plus cspable de faire mes mise a jour de windows.
merci
merci
Autres pages sur : just time debugging
Lassé par la pub ? Créez un compte
Bonjour,
--> Fais un scan avec TDSSKiller et poste le rapport :
http://forum.malekal.com/tdsskiller-kaspersky-t28637.ht...
--> Fais un scan avec TDSSKiller et poste le rapport :
http://forum.malekal.com/tdsskiller-kaspersky-t28637.ht...
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Réponds Oui au message d'avertissement pour que ComboFix commence l'analyse de ton PC.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Voilà!!
ComboFix 11-04-25.01 - Caroline 2011-04-25 15:07:57.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.511.134 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 40 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome.manifest
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome\content\_cfg.js
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome\content\overlay.xul
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\install.rdf
c:\windows\ajavukubonerav.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-25 au 2011-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-25 17:55 . 2011-04-25 17:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Avira
2011-04-25 15:55 . 2011-04-25 16:33 -------- d-----w- c:\windows\system32\NtmsData
2011-04-25 15:16 . 2011-04-25 15:16 -------- d-----w- c:\documents and settings\Caroline\Application Data\Avira
2011-04-25 15:07 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-25 15:07 . 2011-03-04 18:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-25 15:07 . 2009-05-11 15:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-25 15:07 . 2009-05-11 15:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-25 15:07 . 2011-04-25 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-25 15:07 . 2011-04-25 15:07 -------- d-----w- c:\program files\Avira
2011-04-24 18:01 . 2011-04-24 18:01 -------- d-----w- c:\documents and settings\Caroline\Application Data\GARMIN
2011-04-24 15:21 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 14:27 . 2011-04-25 12:54 0 ----a-w- c:\windows\Myabusevih.bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-07-03 13:58 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-02-08 23:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-02-08 23:43 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-02-08 23:43 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-02-08 23:43 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-02-08 23:43 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-02-08 23:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-02-08 23:43 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-02-08 23:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2009-12-08 16:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2008-04-14 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 12:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2008-04-14 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:34 . 2008-04-14 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:34 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:59 . 2009-12-08 16:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-08 16:16 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-01 399736]
"WeatherEye"="c:\documents and settings\Caroline\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-09-25 4512704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2009-12-18 69632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:69862335
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 19:33 570664 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ULiRaid]
2005-08-24 01:59 409600 ------w- c:\program files\ULi5287\ULi5287.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2009-12-08 101120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-08 307288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-04-25 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-25 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2011-04-25 421032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-08 19544]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-12-08 28672]
S0 povnjc;povnjc;c:\windows\system32\drivers\ftpoqth.sys --> c:\windows\system32\drivers\ftpoqth.sys [?]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-12-18 515803]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-28 691696]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SSMDRV
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
.
------- Associations de fichier -------
.
exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\bed.exe" -a "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-Bciyeh - c:\windows\ajavukubonerav.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JB-00REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x822FB57B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(772)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Heure de fin: 2011-04-25 15:29:10
ComboFix-quarantined-files.txt 2011-04-25 19:29
ComboFix2.txt 2010-06-04 10:34
.
Avant-CF: 60 475 342 848 octets libres
Après-CF: 60 615 618 560 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 9E4D1D109E1F038FF4580DEF1620258D
ComboFix 11-04-25.01 - Caroline 2011-04-25 15:07:57.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.511.134 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 40 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome.manifest
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome\content\_cfg.js
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\chrome\content\overlay.xul
c:\documents and settings\Caroline\Local Settings\Application Data\{F69BD34B-5312-43E6-9D85-2B83D979EAF0}\install.rdf
c:\windows\ajavukubonerav.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-25 au 2011-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-25 17:55 . 2011-04-25 17:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Avira
2011-04-25 15:55 . 2011-04-25 16:33 -------- d-----w- c:\windows\system32\NtmsData
2011-04-25 15:16 . 2011-04-25 15:16 -------- d-----w- c:\documents and settings\Caroline\Application Data\Avira
2011-04-25 15:07 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-25 15:07 . 2011-03-04 18:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-25 15:07 . 2009-05-11 15:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-25 15:07 . 2009-05-11 15:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-25 15:07 . 2011-04-25 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-25 15:07 . 2011-04-25 15:07 -------- d-----w- c:\program files\Avira
2011-04-24 18:01 . 2011-04-24 18:01 -------- d-----w- c:\documents and settings\Caroline\Application Data\GARMIN
2011-04-24 15:21 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 14:27 . 2011-04-25 12:54 0 ----a-w- c:\windows\Myabusevih.bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-07-03 13:58 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-02-08 23:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-02-08 23:43 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-02-08 23:43 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-02-08 23:43 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-02-08 23:43 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-02-08 23:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-02-08 23:43 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-02-08 23:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2009-12-08 16:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2008-04-14 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 12:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2008-04-14 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:34 . 2008-04-14 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:34 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:59 . 2009-12-08 16:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-08 16:16 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-01 399736]
"WeatherEye"="c:\documents and settings\Caroline\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-09-25 4512704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2009-12-18 69632]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:69862335
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 19:33 570664 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ULiRaid]
2005-08-24 01:59 409600 ------w- c:\program files\ULi5287\ULi5287.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2009-12-08 101120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-08 307288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-04-25 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-25 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2011-04-25 421032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-08 19544]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-12-08 28672]
S0 povnjc;povnjc;c:\windows\system32\drivers\ftpoqth.sys --> c:\windows\system32\drivers\ftpoqth.sys [?]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-12-18 515803]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-28 691696]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SSMDRV
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
.
------- Associations de fichier -------
.
exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\bed.exe" -a "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-Bciyeh - c:\windows\ajavukubonerav.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JB-00REA0 rev.20.00K20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x822FB57B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(772)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Heure de fin: 2011-04-25 15:29:10
ComboFix-quarantined-files.txt 2011-04-25 19:29
ComboFix2.txt 2010-06-04 10:34
.
Avant-CF: 60 475 342 848 octets libres
Après-CF: 60 615 618 560 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 9E4D1D109E1F038FF4580DEF1620258D
/!\ Seul tigusi peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
![]()
Cela va relancer Combofix : au message qui apparaît, accepte.
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
![;)]( ";)")
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
Driver::
povnjc
File::
c:\windows\Myabusevih.bin
c:\windows\system32\drivers\ftpoqth.sys
Driver::
povnjc
File::
c:\windows\Myabusevih.bin
c:\windows\system32\drivers\ftpoqth.sys
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
ComboFix 10-06-03.01 - Caroline 2010-06-04 6:22.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.511.247 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Caroline\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Caroline\Local Settings\Application Data\xdwmfqyon
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-04 au 2010-06-04 ))))))))))))))))))))))))))))))))))))
.
2010-06-03 01:42 . 2010-06-04 00:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 13:44 . 2010-05-28 13:52 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-28 13:43 . 2010-05-28 13:48 -------- d-----w- c:\documents and settings\Caroline\Application Data\DAEMON Tools Lite
2010-05-28 13:39 . 2010-05-28 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-28 13:30 . 2010-05-28 13:30 -------- d-----w- c:\documents and settings\Caroline\Application Data\DAEMON Tools Pro
2010-05-28 13:29 . 2010-05-28 13:41 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-05-28 13:27 . 2010-05-28 13:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-28 13:19 . 2010-05-28 13:19 -------- d-----w- c:\documents and settings\Caroline\Local Settings\Application Data\PowerCinema
2010-05-28 13:19 . 2010-05-28 13:19 -------- d-----w- c:\documents and settings\Caroline\Local Settings\Application Data\Cyberlink
2010-05-28 13:15 . 2010-05-28 13:15 -------- d-----w- c:\program files\Fichiers communs\CyberLink
2010-05-28 13:13 . 2010-05-28 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-05-28 10:53 . 2010-05-28 11:40 -------- d-----w- c:\documents and settings\Caroline\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 10:28 . 2009-12-11 00:20 -------- d-----w- c:\documents and settings\Caroline\Application Data\uTorrent
2010-06-04 10:27 . 2010-02-13 03:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 04:28 . 2010-06-04 04:28 503808 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\msvcp71.dll
2010-06-04 04:28 . 2010-06-04 04:28 499712 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\jmc.dll
2010-06-04 04:28 . 2010-06-04 04:28 348160 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\msvcr71.dll
2010-06-01 10:56 . 2008-04-14 12:00 85608 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-01 10:56 . 2008-04-14 12:00 513410 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 23:05 . 2009-12-11 00:39 -------- d-----w- c:\program files\SlySoft
2010-05-31 22:31 . 2010-03-17 01:49 -------- d-----w- c:\documents and settings\Caroline\Application Data\vlc
2010-05-31 11:04 . 2009-12-09 22:39 -------- d-----w- c:\documents and settings\Caroline\Application Data\BudgetExpress
2010-05-31 10:58 . 2009-12-09 22:39 -------- d-----w- c:\program files\BudgetExpress
2010-05-28 15:25 . 2010-04-07 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 13:25 . 2009-12-09 14:25 -------- d-----w- c:\program files\CyberLink
2010-05-28 13:23 . 2010-05-28 13:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-05-28 13:20 . 2010-01-31 19:42 -------- d-----w- c:\documents and settings\Caroline\Application Data\CyberLink
2010-05-28 13:19 . 2010-01-31 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-28 13:15 . 2009-12-08 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 13:13 . 2009-12-09 22:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-28 13:13 . 2009-12-09 22:29 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 13:13 . 2009-12-08 22:47 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-06 20:59 . 2010-02-08 23:42 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-08 23:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-08 23:43 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-08 23:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-02-08 23:43 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-02-08 23:43 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-02-08 23:43 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-02-08 23:43 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 23:47 . 2010-01-27 12:12 -------- d-----w- c:\documents and settings\Caroline\Application Data\Vso
2010-04-29 19:39 . 2010-04-07 00:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-07 00:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 23:18 . 2010-04-18 23:18 -------- d-----w- c:\program files\Golden
2010-04-14 16:47 . 2010-02-08 23:42 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-07 23:29 . 2010-04-07 01:04 -------- d-----w- c:\program files\Yahoo!
2010-04-07 01:05 . 2010-04-07 01:03 -------- d-----w- c:\program files\CCleaner
2010-04-07 01:04 . 2010-04-07 01:04 -------- d-----w- c:\documents and settings\Caroline\Application Data\Yahoo!
2010-04-07 00:55 . 2010-04-07 00:55 -------- d-----w- c:\documents and settings\Caroline\Application Data\Malwarebytes
2010-04-07 00:53 . 2010-04-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 07:17 . 2009-12-08 22:19 78192 ----a-w- c:\documents and settings\Caroline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:34 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-11 00:35 . 2009-12-11 00:35 48 --sha-w- c:\windows\SB2528676.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-06-04_02.20.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-04 10:28 . 2010-06-04 10:28 16384 c:\windows\temp\Perflib_Perfdata_94.dat
+ 2010-06-04 07:01 . 2010-06-04 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:00 . 2010-06-04 07:00 20242432 c:\windows\Installer\106db67.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-14 319792]
"WeatherEye"="c:\documents and settings\Caroline\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2009-12-18 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 19:33 570664 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ULiRaid]
2005-08-24 01:59 409600 ------w- c:\program files\ULi5287\ULi5287.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2009-12-08 101120]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-08 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-08 19024]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-12-08 28672]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-12-18 515803]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-28 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\ImpotRapide 2009\ic2009pp.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 06:28
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-06-04 06:34:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-04 10:34
ComboFix2.txt 2010-06-04 02:22
Avant-CF: 156 496 744 448 octets libres
Après-CF: 156 434 296 832 octets libres
- - End Of File - - 092FB0B38C19CC0379263CCEBB422AC0
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.511.247 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Caroline\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Caroline\Local Settings\Application Data\xdwmfqyon
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-04 au 2010-06-04 ))))))))))))))))))))))))))))))))))))
.
2010-06-03 01:42 . 2010-06-04 00:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 13:44 . 2010-05-28 13:52 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-28 13:43 . 2010-05-28 13:48 -------- d-----w- c:\documents and settings\Caroline\Application Data\DAEMON Tools Lite
2010-05-28 13:39 . 2010-05-28 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-28 13:30 . 2010-05-28 13:30 -------- d-----w- c:\documents and settings\Caroline\Application Data\DAEMON Tools Pro
2010-05-28 13:29 . 2010-05-28 13:41 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-05-28 13:27 . 2010-05-28 13:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-28 13:19 . 2010-05-28 13:19 -------- d-----w- c:\documents and settings\Caroline\Local Settings\Application Data\PowerCinema
2010-05-28 13:19 . 2010-05-28 13:19 -------- d-----w- c:\documents and settings\Caroline\Local Settings\Application Data\Cyberlink
2010-05-28 13:15 . 2010-05-28 13:15 -------- d-----w- c:\program files\Fichiers communs\CyberLink
2010-05-28 13:13 . 2010-05-28 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-05-28 10:53 . 2010-05-28 11:40 -------- d-----w- c:\documents and settings\Caroline\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 10:28 . 2009-12-11 00:20 -------- d-----w- c:\documents and settings\Caroline\Application Data\uTorrent
2010-06-04 10:27 . 2010-02-13 03:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 04:28 . 2010-06-04 04:28 503808 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\msvcp71.dll
2010-06-04 04:28 . 2010-06-04 04:28 499712 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\jmc.dll
2010-06-04 04:28 . 2010-06-04 04:28 348160 ----a-w- c:\documents and settings\Caroline\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55eaf11b-n\msvcr71.dll
2010-06-01 10:56 . 2008-04-14 12:00 85608 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-01 10:56 . 2008-04-14 12:00 513410 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 23:05 . 2009-12-11 00:39 -------- d-----w- c:\program files\SlySoft
2010-05-31 22:31 . 2010-03-17 01:49 -------- d-----w- c:\documents and settings\Caroline\Application Data\vlc
2010-05-31 11:04 . 2009-12-09 22:39 -------- d-----w- c:\documents and settings\Caroline\Application Data\BudgetExpress
2010-05-31 10:58 . 2009-12-09 22:39 -------- d-----w- c:\program files\BudgetExpress
2010-05-28 15:25 . 2010-04-07 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 13:25 . 2009-12-09 14:25 -------- d-----w- c:\program files\CyberLink
2010-05-28 13:23 . 2010-05-28 13:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-05-28 13:20 . 2010-01-31 19:42 -------- d-----w- c:\documents and settings\Caroline\Application Data\CyberLink
2010-05-28 13:19 . 2010-01-31 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-28 13:15 . 2009-12-08 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 13:13 . 2009-12-09 22:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-28 13:13 . 2009-12-09 22:29 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 13:13 . 2009-12-08 22:47 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-06 20:59 . 2010-02-08 23:42 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-08 23:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-08 23:43 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-08 23:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-02-08 23:43 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-02-08 23:43 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-02-08 23:43 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-02-08 23:43 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 23:47 . 2010-01-27 12:12 -------- d-----w- c:\documents and settings\Caroline\Application Data\Vso
2010-04-29 19:39 . 2010-04-07 00:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-07 00:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 23:18 . 2010-04-18 23:18 -------- d-----w- c:\program files\Golden
2010-04-14 16:47 . 2010-02-08 23:42 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-07 23:29 . 2010-04-07 01:04 -------- d-----w- c:\program files\Yahoo!
2010-04-07 01:05 . 2010-04-07 01:03 -------- d-----w- c:\program files\CCleaner
2010-04-07 01:04 . 2010-04-07 01:04 -------- d-----w- c:\documents and settings\Caroline\Application Data\Yahoo!
2010-04-07 00:55 . 2010-04-07 00:55 -------- d-----w- c:\documents and settings\Caroline\Application Data\Malwarebytes
2010-04-07 00:53 . 2010-04-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 07:17 . 2009-12-08 22:19 78192 ----a-w- c:\documents and settings\Caroline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:34 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-11 00:35 . 2009-12-11 00:35 48 --sha-w- c:\windows\SB2528676.tmp
.
((((((((((((((((((((((((((((( SnapShot@2010-06-04_02.20.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-04 10:28 . 2010-06-04 10:28 16384 c:\windows\temp\Perflib_Perfdata_94.dat
+ 2010-06-04 07:01 . 2010-06-04 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:00 . 2010-06-04 07:00 20242432 c:\windows\Installer\106db67.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-14 319792]
"WeatherEye"="c:\documents and settings\Caroline\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2009-12-18 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 19:33 570664 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ULiRaid]
2005-08-24 01:59 409600 ------w- c:\program files\ULi5287\ULi5287.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2009-12-08 101120]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-08 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-08 19024]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-12-08 28672]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-12-18 515803]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-28 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\ImpotRapide 2009\ic2009pp.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 06:28
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-06-04 06:34:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-04 10:34
ComboFix2.txt 2010-06-04 02:22
Avant-CF: 156 496 744 448 octets libres
Après-CF: 156 434 296 832 octets libres
- - End Of File - - 092FB0B38C19CC0379263CCEBB422AC0
Lassé par la pub ? Créez un compte
