Sujet Précédent Sujet Suivant

Flash fun pages, infiltration sur mon bureau

Fermé
Shay - 19 juin 2008 à 20:27
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 20 juin 2008 à 10:10
Bonjour,

J'ai un problème avec mon arrière-plan de bureau. flashfunpages.com s'est aproprié mon arrière-plan de bureau.
J'ai suivi les conseils suivants sur ce forum avec Hijackthis
Je vous copie/colle le résultat abouti

Je voudrais savoir comment en finir avec ces pages de flashfunpages.com, comment procéder & ainsi pouvoir profiter de mon ordinateur sans perturbations graphiques ou autres.

Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:56, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Julie barbarin\Mes documents\antiespion\Nouveau dossier\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\DOCUME~1\JULIEB~1\Bureau\RACCOU~1\NOUVEA~1\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\JULIEB~1\Bureau\ANTIES~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: BrowsingSoftware - {B886C1F4-D1D3-45F5-F45E-75EB024320AC} - C:\Program Files\BrowsingSoftware\BrowsingSoftware-2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Julie barbarin\Application Data\Deskbar_{88BE8A27-0E66-4966-86D3-9077E6B72E50}\starter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453980 14
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Burn Axis] C:\DOCUME~1\JULIEB~1\APPLIC~1\TYPEBI~1\Dead Phone.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Julie barbarin\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Julie barbarin\Bureau\antiespion\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\DOCUME~1\JULIEB~1\Bureau\RACCOU~1\NOUVEA~1\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\JULIEB~1\Bureau\ANTIES~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\JULIEB~1\Bureau\ANTIES~1\SPYBOT~1\SDHelper.dll (file missing)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\Julie barbarin\Mes documents\antiespion\Nouveau dossier\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

2 réponses

Réponse 1 / 2
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 juin 2008 à 21:06
slt,


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

_______________


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Shay
19 juin 2008 à 23:32
Je poste ici le "Report"
Y'a t'il encore quelque chose à y faire ?
Merci Beaucoup.


[b]SDFix: Version 1.194 [/b]
Run by Julie barbarin on 07/06/2007 at 23:06

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Julie barbarin\Local Settings\Temp\tem3.tmp.exe - Deleted
C:\Documents and Settings\Julie barbarin\Local Settings\Temp\tem7.tmp.exe - Deleted
C:\Documents and Settings\Julie barbarin\Local Settings\Temp\temB.tmp.exe - Deleted
C:\Documents and Settings\Julie barbarin\Local Settings\Temp\updE.tmp.exe - Deleted
C:\Program Files\dbar\dbaruninst.exe - Deleted
C:\Program Files\winvi\Uninst.exe - Deleted
C:\Program Files\winvi\version.ini - Deleted
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program Files\winvi\dsktp\desktop.html - Deleted
C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted
C:\Program Files\winvi\dsktp\settings.sol - Deleted
C:\Program Files\winvi\icons\bufferthis.ico - Deleted
C:\Program Files\winvi\icons\flashfunpages.ico - Deleted
C:\Program Files\winvi\icons\funnies.ico - Deleted
C:\Program Files\winvi\icons\funnyfunpages.ico - Deleted
C:\Program Files\winvi\icons\goodcleanvideos.ico - Deleted
C:\Program Files\winvi\icons\newfunpages.ico - Deleted
C:\Program Files\winvi\icons\positivethoughts.ico - Deleted
C:\Program Files\winvi\icons\removespyware.ico - Deleted
C:\Program Files\winvi\icons\thissiterocks.ico - Deleted
C:\Program Files\winvi\temp\version.ini - Deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted



Folder C:\Program Files\dbar - Removed
Folder C:\Program Files\winvi - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 23:14:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FrissonV5\\Fri$$oN ScripT V5.exe"="C:\\Program Files\\FrissonV5\\Fri$$oN ScripT V5.exe:*:Enabled:Fri$$on`ScripT"
"C:\\Program Files\\Rastafarai Script V4\\RasTaFaRai-ScRipT.exe"="C:\\Program Files\\Rastafarai Script V4\\RasTaFaRai-ScRipT.exe:*:Enabled:mIRC"
"C:\\Program Files\\Rastafarai Script V4\\mirc.exe"="C:\\Program Files\\Rastafarai Script V4\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 29 Aug 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\1ޝ13.sys"
Fri 27 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 1 Nov 2007 15,872 A.SH. --- "C:\Program Files\4Musics Multiformat Converter\wdmdrvmgr\amd64\wdmdrvmgr.exe"
Thu 1 Nov 2007 9,216 A.SH. --- "C:\Program Files\4Musics Multiformat Converter\wdmdrvmgr\i386\wdmdrvmgr.exe"
Fri 27 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Julie barbarin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 28 Oct 2006 20 A..H. --- "C:\Documents and Settings\Julie barbarin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 27 Oct 2006 9,655 A.SH. --- "C:\Documents and Settings\Julie barbarin\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 14 Mar 2006 95,892 ...H. --- "C:\Documents and Settings\Julie barbarin\Bureau\Raccourcis Bureau non utilis‚s\Nouveau dossier\Nero PhotoShow 4\data\Nero PhotoShow Express.exe"

[b]Finished![/b]


Et enfin ici je poste le fichier "lopR"


-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Julie barbarin ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 07/06/2007 | 23:25:18,40 ] [ PC : BARBARIN ]
[ MAJ : 16-06-2008 | 23:01 ]

-------------[ Listing des dossiers dans Application Data ]------------

[20/07/2007|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
[29/08/2007|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1ޝ13.sys
[01/09/2007|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[19/04/2007|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20/07/2007|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[06/08/2007|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/08/2007|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/06/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[02/09/2006|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[10/04/2006|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[29/09/2007|00:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ELSE DEAD META MAGS
[16/06/2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
[19/04/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/05/2007|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/08/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[19/03/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/05/2007|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/06/2007|00:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[20/07/2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/02/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[19/03/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[10/04/2006|21:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[19/03/2008|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
[19/03/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[27/10/2006|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[25/05/2007|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[10/12/2006|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/06/2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[10/04/2006|22:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[10/04/2006|20:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/04/2006|21:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[10/04/2006|21:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[01/09/2007|16:28] C:\DOCUME~1\JULIEB~1\APPLIC~1\ACD Systems
[19/04/2007|12:21] C:\DOCUME~1\JULIEB~1\APPLIC~1\Adobe
[08/10/2007|20:46] C:\DOCUME~1\JULIEB~1\APPLIC~1\AdobeUM
[20/07/2007|17:31] C:\DOCUME~1\JULIEB~1\APPLIC~1\Ahead
[06/08/2007|11:18] C:\DOCUME~1\JULIEB~1\APPLIC~1\Apple Computer
[01/06/2007|15:22] C:\DOCUME~1\JULIEB~1\APPLIC~1\ArcSoft
[01/06/2007|20:53] C:\DOCUME~1\JULIEB~1\APPLIC~1\AVS4YOU
[03/12/2007|14:35] C:\DOCUME~1\JULIEB~1\APPLIC~1\CamfrogWEB
[03/03/2007|11:56] C:\DOCUME~1\JULIEB~1\APPLIC~1\ConvertTemp
[02/09/2006|16:07] C:\DOCUME~1\JULIEB~1\APPLIC~1\CyberLink
[23/02/2007|23:42] C:\DOCUME~1\JULIEB~1\APPLIC~1\Datalayer
[10/04/2006|22:25] C:\DOCUME~1\JULIEB~1\APPLIC~1\desktop.ini
[12/09/2007|20:58] C:\DOCUME~1\JULIEB~1\APPLIC~1\ENJOY Plus!
[30/10/2006|19:36] C:\DOCUME~1\JULIEB~1\APPLIC~1\Google
[09/06/2007|17:49] C:\DOCUME~1\JULIEB~1\APPLIC~1\Help
[10/04/2006|20:31] C:\DOCUME~1\JULIEB~1\APPLIC~1\Identities
[21/03/2007|02:38] C:\DOCUME~1\JULIEB~1\APPLIC~1\InstallShield
[12/12/2006|17:26] C:\DOCUME~1\JULIEB~1\APPLIC~1\Jasc
[10/04/2006|21:13] C:\DOCUME~1\JULIEB~1\APPLIC~1\Macromedia
[17/04/2006|16:39] C:\DOCUME~1\JULIEB~1\APPLIC~1\Microsoft
[14/04/2007|20:07] C:\DOCUME~1\JULIEB~1\APPLIC~1\mIRC
[29/08/2007|21:25] C:\DOCUME~1\JULIEB~1\APPLIC~1\Morpheus Software
[04/08/2007|17:21] C:\DOCUME~1\JULIEB~1\APPLIC~1\Mozilla
[17/05/2007|21:53] C:\DOCUME~1\JULIEB~1\APPLIC~1\MSN Pictures Displayer
[18/03/2008|16:33] C:\DOCUME~1\JULIEB~1\APPLIC~1\MSNInstaller
[22/03/2007|01:08] C:\DOCUME~1\JULIEB~1\APPLIC~1\muvee Technologies
[19/03/2008|15:32] C:\DOCUME~1\JULIEB~1\APPLIC~1\Nero
[22/04/2007|18:53] C:\DOCUME~1\JULIEB~1\APPLIC~1\Nero PhotoShow Express.txt
[19/03/2008|15:32] C:\DOCUME~1\JULIEB~1\APPLIC~1\nero_photoshow_express_4_eu.txt
[07/04/2007|10:38] C:\DOCUME~1\JULIEB~1\APPLIC~1\NMM-MetaData.db
[23/02/2007|23:41] C:\DOCUME~1\JULIEB~1\APPLIC~1\Nokia
[15/04/2006|01:24] C:\DOCUME~1\JULIEB~1\APPLIC~1\Nokia Multimedia Player
[18/03/2008|16:26] C:\DOCUME~1\JULIEB~1\APPLIC~1\Panasonic
[17/02/2007|15:20] C:\DOCUME~1\JULIEB~1\APPLIC~1\PC Suite
[23/11/2006|16:23] C:\DOCUME~1\JULIEB~1\APPLIC~1\Samsung
[24/09/2007|16:47] C:\DOCUME~1\JULIEB~1\APPLIC~1\Screenshot Sender
[19/03/2008|15:32] C:\DOCUME~1\JULIEB~1\APPLIC~1\Simple Star
[07/06/2007|22:52] C:\DOCUME~1\JULIEB~1\APPLIC~1\Skype
[18/03/2008|16:14] C:\DOCUME~1\JULIEB~1\APPLIC~1\Studio-Scrap
[30/10/2006|19:37] C:\DOCUME~1\JULIEB~1\APPLIC~1\Sun
[23/02/2008|17:06] C:\DOCUME~1\JULIEB~1\APPLIC~1\teamspeak2
[10/12/2006|12:39] C:\DOCUME~1\JULIEB~1\APPLIC~1\Temporary
[04/08/2007|17:21] C:\DOCUME~1\JULIEB~1\APPLIC~1\Thunderbird
[10/12/2006|12:39] C:\DOCUME~1\JULIEB~1\APPLIC~1\TransRender
[26/12/2007|13:25] C:\DOCUME~1\JULIEB~1\APPLIC~1\Type Bits More
[28/04/2007|17:44] C:\DOCUME~1\JULIEB~1\APPLIC~1\U3
[10/04/2006|04:53] C:\DOCUME~1\JULIEB~1\APPLIC~1\vlc
[22/06/2007|15:32] C:\DOCUME~1\JULIEB~1\APPLIC~1\WinRAR

[10/04/2006|20:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[14/04/2007|05:43] C:\DOCUME~1\maman\APPLIC~1\Adobe
[20/02/2007|09:07] C:\DOCUME~1\maman\APPLIC~1\AdobeUM
[13/02/2007|09:10] C:\DOCUME~1\maman\APPLIC~1\Apple Computer
[20/10/2006|16:27] C:\DOCUME~1\maman\APPLIC~1\CyberLink
[10/04/2006|22:25] C:\DOCUME~1\maman\APPLIC~1\desktop.ini
[04/11/2006|13:50] C:\DOCUME~1\maman\APPLIC~1\Google
[10/01/2007|17:32] C:\DOCUME~1\maman\APPLIC~1\Help
[10/04/2006|20:31] C:\DOCUME~1\maman\APPLIC~1\Identities
[10/01/2007|17:32] C:\DOCUME~1\maman\APPLIC~1\Jasc
[10/04/2006|21:13] C:\DOCUME~1\maman\APPLIC~1\Macromedia
[27/03/2007|06:04] C:\DOCUME~1\maman\APPLIC~1\Microsoft
[30/03/2007|06:39] C:\DOCUME~1\maman\APPLIC~1\Nokia
[30/03/2007|06:40] C:\DOCUME~1\maman\APPLIC~1\Nokia Multimedia Player
[20/02/2007|08:08] C:\DOCUME~1\maman\APPLIC~1\PC Suite
[18/01/2007|08:31] C:\DOCUME~1\maman\APPLIC~1\Sun
[26/06/2007|06:13] C:\DOCUME~1\maman\APPLIC~1\WinRAR

[10/04/2006|20:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/02/2008 18:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[07/06/2007 23:11][--ah-----] C:\WINDOWS\tasks\SA.DAT

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[27/05/2007|11:34] C:\Program Files\4Musics Multiformat Converter
[19/04/2007|01:16] C:\Program Files\Adobe
[17/03/2008|16:30] C:\Program Files\Advanced Messenger Plus
[27/10/2006|17:55] C:\Program Files\Alwil Software
[25/12/2007|12:37] C:\Program Files\Apple Software Update
[01/06/2007|15:03] C:\Program Files\ArcSoft
[13/05/2007|18:03] C:\Program Files\AskTBar
[28/12/2007|11:47] C:\Program Files\ATnotes
[18/03/2008|16:44] C:\Program Files\AVS4YOU
[19/04/2007|01:14] C:\Program Files\Bonjour
[17/03/2008|16:02] C:\Program Files\BrowsingSoftware
[18/03/2008|16:24] C:\Program Files\CoffeeCup Software
[10/04/2006|20:27] C:\Program Files\ComPlus Applications
[02/09/2006|15:56] C:\Program Files\CyberLink
[17/02/2007|15:20] C:\Program Files\DIFX
[12/09/2007|20:58] C:\Program Files\ENJOY Plus!
[17/05/2007|15:29] C:\Program Files\Fichiers communs
[28/04/2007|18:38] C:\Program Files\Fight for Kisses
[05/01/2007|23:46] C:\Program Files\FiLoUScRiPt V3
[17/03/2008|16:42] C:\Program Files\FrissonV5
[16/06/2007|11:35] C:\Program Files\Geneatique2007
[13/05/2007|17:24] C:\Program Files\Google
[08/09/2006|17:41] C:\Program Files\Hasbro Interactive
[21/03/2007|02:38] C:\Program Files\HT Photo DVD 3.0 Trial
[21/03/2007|02:39] C:\Program Files\InstallShield Installation Information
[14/02/2008|03:19] C:\Program Files\Internet Explorer
[25/12/2007|12:39] C:\Program Files\iPod
[25/12/2007|12:44] C:\Program Files\iTunes
[12/12/2006|17:24] C:\Program Files\Jasc Software Inc
[17/05/2007|15:32] C:\Program Files\Java
[27/12/2007|16:41] C:\Program Files\LiveCAD
[27/03/2007|16:18] C:\Program Files\LoCoSoft
[14/04/2007|05:48] C:\Program Files\Ludi
[18/03/2008|16:25] C:\Program Files\Ludiclub
[13/05/2007|17:19] C:\Program Files\Messenger
[19/03/2008|13:03] C:\Program Files\Micro Application
[10/04/2006|20:29] C:\Program Files\microsoft frontpage
[24/04/2007|22:02] C:\Program Files\Microsoft Office
[17/03/2008|16:42] C:\Program Files\Morpheus Photo Animation Suite
[10/04/2006|20:27] C:\Program Files\Movie Maker
[18/03/2008|16:34] C:\Program Files\Mozilla Thunderbird
[10/04/2006|20:27] C:\Program Files\MSN Gaming Zone
[17/05/2007|21:56] C:\Program Files\MSN Pictures Displayer
[25/11/2006|06:55] C:\Program Files\MSXML 4.0
[21/03/2007|02:39] C:\Program Files\muvee Technologies
[20/07/2007|17:28] C:\Program Files\Nero
[10/04/2006|20:28] C:\Program Files\NetMeeting
[17/02/2007|15:20] C:\Program Files\Nokia
[19/03/2007|20:45] C:\Program Files\Obscure
[17/05/2007|21:56] C:\Program Files\Online Services
[13/06/2007|12:39] C:\Program Files\Outlook Express
[18/03/2008|16:26] C:\Program Files\Panasonic
[17/02/2007|15:20] C:\Program Files\PC Connectivity Solution
[17/05/2007|16:06] C:\Program Files\Photo Viewer
[25/05/2007|16:57] C:\Program Files\PhotoFiltre
[17/05/2007|17:29] C:\Program Files\PhotoFiltre Studio
[01/06/2007|15:41] C:\Program Files\PIXELA
[25/12/2007|12:38] C:\Program Files\QuickTime
[01/09/2006|16:16] C:\Program Files\Raccourcis de programmes
[22/09/2007|13:08] C:\Program Files\RM-X Player V4.2
[23/11/2006|16:06] C:\Program Files\Samsung
[10/04/2006|20:28] C:\Program Files\Services en ligne
[16/07/2007|13:08] C:\Program Files\Sierra On-Line
[30/10/2006|19:03] C:\Program Files\Skype
[18/03/2008|16:23] C:\Program Files\SlySoft
[28/04/2007|22:50] C:\Program Files\Street Challenge
[27/10/2006|17:52] C:\Program Files\Symantec
[23/02/2008|17:06] C:\Program Files\Teamspeak2_RC2
[07/06/2007|20:16] C:\Program Files\Trend Micro
[18/07/2007|19:08] C:\Program Files\Type Bits More
[10/04/2006|20:31] C:\Program Files\Uninstall Information
[18/03/2008|16:53] C:\Program Files\WinAVI MP4 Converter
[26/01/2008|01:16] C:\Program Files\Windows Journal Viewer
[13/05/2007|17:31] C:\Program Files\Windows Live
[06/01/2008|20:44] C:\Program Files\Windows Live Safety Center
[09/12/2006|01:22] C:\Program Files\Windows Media Connect 2
[09/12/2006|20:34] C:\Program Files\Windows Media Player
[10/04/2006|20:27] C:\Program Files\Windows NT
[10/04/2006|20:28] C:\Program Files\WindowsUpdate
[22/06/2007|15:31] C:\Program Files\WinRAR
[10/04/2006|20:29] C:\Program Files\xerox
[19/03/2008|13:04] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[19/04/2007|01:14] C:\Program Files\Fichiers communs\Adobe
[20/07/2007|17:30] C:\Program Files\Fichiers communs\Ahead
[06/08/2007|11:17] C:\Program Files\Fichiers communs\Apple
[01/06/2007|15:04] C:\Program Files\Fichiers communs\ArcSoft
[18/03/2008|16:23] C:\Program Files\Fichiers communs\AVSMedia
[15/11/2006|17:40] C:\Program Files\Fichiers communs\InstallShield
[17/05/2007|15:29] C:\Program Files\Fichiers communs\Java
[19/04/2007|01:02] C:\Program Files\Fichiers communs\Macrovision Shared
[26/01/2008|01:16] C:\Program Files\Fichiers communs\Microsoft Shared
[10/04/2006|20:27] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|02:39] C:\Program Files\Fichiers communs\muvee Technologies
[17/02/2007|15:20] C:\Program Files\Fichiers communs\Nokia
[10/04/2006|22:25] C:\Program Files\Fichiers communs\ODBC
[17/02/2007|15:20] C:\Program Files\Fichiers communs\PCSuite
[10/04/2006|20:27] C:\Program Files\Fichiers communs\Services
[19/03/2008|14:56] C:\Program Files\Fichiers communs\Simple Star Shared
[15/11/2006|17:41] C:\Program Files\Fichiers communs\snpstd3
[10/04/2006|22:25] C:\Program Files\Fichiers communs\SpeechEngines
[27/10/2006|17:52] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|12:39] C:\Program Files\Fichiers communs\System
[13/05/2007|17:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[19/03/2008|13:26] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 46

iexplore.exe ~ [3568]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\JULIEB~1\Cookies\julie_barbarin@adopt.euroclick[2].txt
C:\DOCUME~1\JULIEB~1\Cookies\julie_barbarin@www.swisstools[2].txt

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 23:26:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\Julie barbarin\Bureau\keygen.exe


[F:37][D:189]-> C:\DOCUME~1\JULIEB~1\LOCALS~1\Temp
[F:325][D:0]-> C:\DOCUME~1\JULIEB~1\Cookies
[F:3054][D:13]-> C:\DOCUME~1\JULIEB~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 23:26:48,34 ]----------------------
0
Réponse 2 / 2
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 juin 2008 à 10:10
vire le dossier keygen que tu dois avoir sur ton bureau . Recolle un rapport hijackthis et dis tes soucis actuels
0

Discussions similaires

lire un fichier.page sur word
crycry_78 -
Yves -

25 réponses
Convertir un fichier PAGES en word
ForzaItalia -
Blablack -

5 réponses
Comment ouvrir un document "Pages" d'Apple sur Windows ?
diablerti2 -
pascal -

24 réponses