Sujet Précédent Sujet Suivant

Virus virtumonde

Résolu
meli750 Messages postés 173 Statut Membre -  
 meli750 -
Bonjour,jaimerais savoir comment supprimer ce virus...mon anti-virus le detecte mais ne peut rien y faire...jai essayer plusieurs autre choses aussi trouver sur le net mais rien de fonctionne ..il ne veut pas seffacer.merci
A voir également:

39 réponses

  • 1
  • 2
Réponse 1 / 39
jrmlpz Messages postés 455 Date d'inscription   Statut Membre Dernière intervention   50
 
Salut,

regardes ici:
http://www.commentcamarche.net/forum/affich 6760596 virus virtumonde#0
0
Réponse 2 / 39
meli750 Messages postés 173 Statut Membre 32
 
j'ai deja essayeer tout sa...il le detecte l'Efacce mais il réaparrait ou il ne le detecte pas du tout....merci
0
Réponse 3 / 39
jrmlpz Messages postés 455 Date d'inscription   Statut Membre Dernière intervention   50
 
en mode sans echec?
0
Réponse 4 / 39
meli750 Messages postés 173 Statut Membre 32
 
ComboFix 08-07-08.5 - mélissa 2008-07-09 6:28:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1248 [GMT -4:00]
Running from: C:\Users\mélissa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 10:36 1,572,864 --sha-w C:\Users\mélissa\NTUSER.DAT
2008-07-09 10:36 1,572,864 --sha-w C:\Users\mélissa\NTUSER.DAT
2008-07-09 10:29 --------- d-----w C:\Users\mélissa\AppData\Roaming\BitTorrent
2008-07-09 07:08 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 07:04 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-09 04:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-09 04:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 03:55 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-09 03:38 --------- d-----w C:\Program Files\ESET
2008-07-09 03:15 --------- d-----w C:\ProgramData\ESET
2008-07-09 01:26 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-07-09 01:25 --------- d-----w C:\Program Files\Microsoft Works
2008-07-09 01:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-09 01:22 --------- d-----w C:\Program Files\Windows Journal
2008-07-09 01:22 --------- d-----w C:\Program Files\Google Video
2008-07-09 01:22 --------- d-----w C:\Program Files\DivX
2008-07-09 01:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-09 01:21 --------- d-----w C:\Program Files\StuffPlug3
2008-07-09 01:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-09 01:20 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-09 01:20 --------- d-----w C:\Program Files\BitTorrent
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Defender
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Calendar
2008-07-09 01:19 --------- d-----w C:\Program Files\QuickTime
2008-07-09 01:19 --------- d-----w C:\Program Files\PowerISO
2008-07-09 01:19 --------- d-----w C:\Program Files\Atomic Alarm Clock
2008-07-09 01:14 --------- d-----w C:\ProgramData\Agnitum
2008-07-09 01:14 --------- d-----w C:\Program Files\Agnitum
2008-07-08 17:14 --------- d-s---w C:\Users\mélissa\AppData\Roaming\Microsoft
2008-07-08 16:33 --------- d-----w C:\Users\mélissa\AppData\Roaming\ESET
2008-07-08 16:26 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-07-08 16:26 --------- d-----w C:\Program Files\BitDefender
2008-07-08 04:44 --------- d-----w C:\Program Files\Yamicsoft
2008-07-08 01:31 --------- d-----w C:\Users\mélissa\AppData\Roaming\Adobe
2008-07-08 01:28 --------- d-----w C:\ProgramData\NOS
2008-07-08 01:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 01:00 --------- d-----w C:\Program Files\Druide
2008-07-08 00:58 --------- d-----w C:\Users\mélissa\AppData\Roaming\Druide
2008-07-07 14:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-06 13:59 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-07-06 13:57 86,792 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-07-06 13:57 77,824 ----a-w C:\Windows\System32\xcomm.dll
2008-07-06 13:43 --------- d-----w C:\ProgramData\NVIDIA
2008-07-06 01:48 174 --sha-w C:\Program Files\desktop.ini
2008-07-06 01:24 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-06 01:24 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-05 23:07 --------- d-----w C:\Users\mélissa\AppData\Roaming\Corel
2008-07-05 23:05 --------- d-----w C:\ProgramData\Corel
2008-07-05 23:02 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-05 23:00 --------- d-----w C:\Program Files\Corel
2008-07-05 22:53 --------- d-----w C:\Users\mélissa\AppData\Roaming\InstallShield
2008-07-05 22:46 --------- d-----w C:\Users\mélissa\AppData\Roaming\CyberLink
2008-07-05 22:46 --------- d-----w C:\ProgramData\CyberLink
2008-07-05 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 22:44 --------- d-----w C:\Program Files\CyberLink
2008-07-05 22:42 29,480 ----a-w C:\Windows\System32\msxml3a.dll
2008-07-05 17:04 --------- d---a-w C:\ProgramData\TEMP
2008-07-05 05:47 --------- d-----w C:\Program Files\adslTV
2008-07-05 05:46 --------- d-----w C:\Users\mélissa\AppData\Roaming\vlc
2008-07-04 21:04 --------- d-----w C:\Users\mélissa\AppData\Roaming\WinRAR
2008-07-04 21:00 --------- d-----w C:\Program Files\EA GAMES
2008-07-04 19:58 --------- d-----w C:\Users\mélissa\AppData\Roaming\DivX
2008-07-04 19:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-04 19:23 --------- d-----w C:\Program Files\MSBuild
2008-07-04 19:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-04 19:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-04 19:11 --------- d-----w C:\Program Files\DNA
2008-07-04 16:59 --------- d-----w C:\Users\mélissa\AppData\Roaming\Skinux
2008-07-04 16:45 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-04 16:42 --------- d-----w C:\Users\mélissa\AppData\Roaming\DAEMON Tools
2008-07-04 16:37 --------- d-----w C:\Users\mélissa\AppData\Roaming\Macromedia
2008-07-04 16:10 --------- d-----w C:\Program Files\Kodak
2008-07-04 16:06 --------- d-----w C:\Program Files\Common Files\Kodak
2008-07-04 07:14 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-04 07:14 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-04 07:14 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-04 07:14 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-04 07:14 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-04 07:14 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-04 07:14 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-04 07:14 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-04 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-04 07:14 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-04 07:12 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-04 07:11 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-04 07:08 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-04 07:08 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-04 07:07 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-04 07:07 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 07:07 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 07:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-04 07:07 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-04 07:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 07:07 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-04 07:05 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-04 07:04 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-04 07:04 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-04 07:03 826,880 ----a-w C:\Windows\System32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2008-05-30 14:54 4501912]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-08 00:55 1737216]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll" [2008-07-08 23:05 281600]
"BMffb81017"="C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll" [2008-07-08 23:06 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"OEM03Mon.exe"="C:\Windows\OEM03Mon.exe" [2007-05-18 13:00 36864]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-04-23 10:43 1098568]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-04-22 12:31 419144]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56E2ED6C-077A-4D1F-8535-D6F4191EB53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5F280B6-0395-4C9D-8BDE-EC3913FD09EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{48977CE1-0318-497A-A451-4BEF567ECF66}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{3A9C73EC-AE77-43C8-9B0B-E231C5C1384B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5BBE4B3E-ADAF-4A3E-95BE-F9818A80E0FD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5A148FEF-3C7B-4D99-8B12-DA6ADE0AA674}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{25F3CC89-D5E8-4A3F-A716-86339FC99257}C:\\program files\\adsltv\\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{FD23E670-44EC-494B-832A-B3AA58EE5515}C:\\program files\\adsltv\\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{0CC9180B-4583-41F1-A6F8-1FE301A87D10}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{92483556-5709-4524-BFF4-3483CCE4DB32}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{C7499B54-BBB4-4C5C-8A0C-D9BED0CDFA0B}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{87883B5F-CBCD-4378-8DBA-63382871E0DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4320C60E-50BB-45B6-92A1-B6F980E45572}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-02-27 18:26]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 06:45]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-04-24 13:00]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 12:31]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-07 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8734-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - G:\Sims2Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8743-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - H:\Sims2Menu.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 06:35:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Windows\OP_CACHE.ATR 1248 bytes
C:\Windows\OP_CACHE.IDX 624 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.ATR 24 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.IDX 12 bytes
C:\Windows\TEMP\TMP00000061576CBCC2C3E109FB 524288 bytes
C:\OP_CACHE.ATR 456 bytes
C:\OP_CACHE.IDX 228 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\Windows\system32\wbem\OP_CACHE.ATR 1296 bytes
C:\Windows\system32\wbem\OP_CACHE.IDX 648 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.ATR 24 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\OP_CACHE.ATR 5856 bytes
C:\Windows\system32\drivers\OP_CACHE.IDX 2928 bytes
C:\Windows\system32\OP_CACHE.ATR 51336 bytes
C:\Windows\system32\OP_CACHE.IDX 25668 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.ATR 672 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.IDX 336 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt00.sqm
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt01.sqm
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt02.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt03.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt04.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt05.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.ATR 96 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.ATR 480 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.IDX 240 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.IDX 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.IDX 24 bytes

scan completed successfully
hidden files: 134

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\MLISSA~1\AppData\Local\Temp\jytokpqr.dll
-> C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
-> C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
Completion time: 2008-07-09 6:37:28
ComboFix-quarantined-files.txt 2008-07-09 10:37:22

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 179,935,764,480 bytes free

338 --- E O F --- 2008-07-09 07:02:56
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 39
meli750 Messages postés 173 Statut Membre 32
 
Et vundofix ne detecte rien.Il faudrait que j'essaie de faire ces 2 scan en mode sans échec?
0
Réponse 6 / 39
jrmlpz Messages postés 455 Date d'inscription   Statut Membre Dernière intervention   50
 
oui!
0
Réponse 7 / 39
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

si vundofix ne détecte rien , il ne dectera rien en mode sans echec de plus

fais ceci:

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-
"BMffb81017"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________
scan avec malwarebyte's vire ce qui est trouvé et colle le rapport:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_______________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 8 / 39
meli750 Messages postés 173 Statut Membre 32
 
ferme tout les navigateur tu veut dire quoi par la?
0
Réponse 9 / 39
meli750 Messages postés 173 Statut Membre 32
 
dsl je ne suis pas tres bonne en informatique..je vais faire ce que tu a écrit et je poste les rapport le plus vite possible..merci beaucoup!
0
Réponse 10 / 39
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
les navigateur sont internet explorer , firefox, safari et opera: tu quitte le net en gros!
0
Réponse 11 / 39
meli750 Messages postés 173 Statut Membre 32
 
ComboFix 08-07-08.5 - mélissa 2008-07-09 14:26:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1015 [GMT -4:00]
Running from: C:\Users\mélissa\Desktop\ComboFix.exe
Command switches used :: C:\Users\mélissa\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:29 1,572,864 --sha-w C:\Users\mélissa\NTUSER.DAT
2008-07-09 18:29 1,572,864 --sha-w C:\Users\mélissa\NTUSER.DAT
2008-07-09 18:26 --------- d-----w C:\Users\mélissa\AppData\Roaming\BitTorrent
2008-07-09 18:19 --------- d-----w C:\Program Files\Gogglebox TV
2008-07-09 07:08 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 07:04 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-09 04:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-09 04:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 03:55 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-09 03:38 --------- d-----w C:\Program Files\ESET
2008-07-09 03:15 --------- d-----w C:\ProgramData\ESET
2008-07-09 01:26 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-07-09 01:25 --------- d-----w C:\Program Files\Microsoft Works
2008-07-09 01:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-09 01:22 --------- d-----w C:\Program Files\Windows Journal
2008-07-09 01:22 --------- d-----w C:\Program Files\Google Video
2008-07-09 01:22 --------- d-----w C:\Program Files\DivX
2008-07-09 01:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-09 01:21 --------- d-----w C:\Program Files\StuffPlug3
2008-07-09 01:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-09 01:20 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-09 01:20 --------- d-----w C:\Program Files\BitTorrent
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Defender
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-09 01:19 --------- d-----w C:\Program Files\Windows Calendar
2008-07-09 01:19 --------- d-----w C:\Program Files\QuickTime
2008-07-09 01:19 --------- d-----w C:\Program Files\PowerISO
2008-07-09 01:19 --------- d-----w C:\Program Files\Atomic Alarm Clock
2008-07-09 01:14 --------- d-----w C:\ProgramData\Agnitum
2008-07-09 01:14 --------- d-----w C:\Program Files\Agnitum
2008-07-08 17:14 --------- d-s---w C:\Users\mélissa\AppData\Roaming\Microsoft
2008-07-08 16:33 --------- d-----w C:\Users\mélissa\AppData\Roaming\ESET
2008-07-08 16:26 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-07-08 16:26 --------- d-----w C:\Program Files\BitDefender
2008-07-08 04:44 --------- d-----w C:\Program Files\Yamicsoft
2008-07-08 01:31 --------- d-----w C:\Users\mélissa\AppData\Roaming\Adobe
2008-07-08 01:28 --------- d-----w C:\ProgramData\NOS
2008-07-08 01:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 01:00 --------- d-----w C:\Program Files\Druide
2008-07-08 00:58 --------- d-----w C:\Users\mélissa\AppData\Roaming\Druide
2008-07-07 14:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-06 13:59 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-07-06 13:57 86,792 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-07-06 13:57 77,824 ----a-w C:\Windows\System32\xcomm.dll
2008-07-06 13:43 --------- d-----w C:\ProgramData\NVIDIA
2008-07-06 01:48 174 --sha-w C:\Program Files\desktop.ini
2008-07-06 01:24 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-06 01:24 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-05 23:07 --------- d-----w C:\Users\mélissa\AppData\Roaming\Corel
2008-07-05 23:05 --------- d-----w C:\ProgramData\Corel
2008-07-05 23:02 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-05 23:00 --------- d-----w C:\Program Files\Corel
2008-07-05 22:53 --------- d-----w C:\Users\mélissa\AppData\Roaming\InstallShield
2008-07-05 22:46 --------- d-----w C:\Users\mélissa\AppData\Roaming\CyberLink
2008-07-05 22:46 --------- d-----w C:\ProgramData\CyberLink
2008-07-05 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 22:44 --------- d-----w C:\Program Files\CyberLink
2008-07-05 22:42 29,480 ----a-w C:\Windows\System32\msxml3a.dll
2008-07-05 17:04 --------- d---a-w C:\ProgramData\TEMP
2008-07-05 05:47 --------- d-----w C:\Program Files\adslTV
2008-07-05 05:46 --------- d-----w C:\Users\mélissa\AppData\Roaming\vlc
2008-07-04 21:04 --------- d-----w C:\Users\mélissa\AppData\Roaming\WinRAR
2008-07-04 21:00 --------- d-----w C:\Program Files\EA GAMES
2008-07-04 19:58 --------- d-----w C:\Users\mélissa\AppData\Roaming\DivX
2008-07-04 19:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-04 19:23 --------- d-----w C:\Program Files\MSBuild
2008-07-04 19:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-04 19:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-04 19:11 --------- d-----w C:\Program Files\DNA
2008-07-04 16:59 --------- d-----w C:\Users\mélissa\AppData\Roaming\Skinux
2008-07-04 16:45 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-04 16:42 --------- d-----w C:\Users\mélissa\AppData\Roaming\DAEMON Tools
2008-07-04 16:37 --------- d-----w C:\Users\mélissa\AppData\Roaming\Macromedia
2008-07-04 16:10 --------- d-----w C:\Program Files\Kodak
2008-07-04 16:06 --------- d-----w C:\Program Files\Common Files\Kodak
2008-07-04 07:14 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-04 07:14 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-04 07:14 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-04 07:14 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-04 07:14 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-04 07:14 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-04 07:14 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-04 07:14 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-04 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-04 07:14 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-04 07:12 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-04 07:11 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-04 07:08 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-04 07:08 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-04 07:07 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-04 07:07 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 07:07 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 07:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-04 07:07 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-04 07:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 07:07 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-04 07:05 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-04 07:04 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-04 07:04 293,376 ----a-w C:\Windows\System32\psisdecd.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_ 6.36.44,58 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 10:28:37 6,258,688 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-07-09 18:26:19 6,258,688 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-07-09 18:19:40 10,134 ----a-r C:\Windows\Installer\{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}\_1E3BE74B3D6C6CF62A6AEF.exe
+ 2008-07-09 18:19:40 10,134 ----a-r C:\Windows\Installer\{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}\_91E5AEF66E662E9D3A48FA.exe
- 2008-07-06 01:49:22 2,637,068 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-09 10:44:59 2,682,570 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2008-05-30 14:54 4501912]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-08 00:55 1737216]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"OEM03Mon.exe"="C:\Windows\OEM03Mon.exe" [2007-05-18 13:00 36864]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-04-23 10:43 1098568]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-04-22 12:31 419144]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56E2ED6C-077A-4D1F-8535-D6F4191EB53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5F280B6-0395-4C9D-8BDE-EC3913FD09EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{48977CE1-0318-497A-A451-4BEF567ECF66}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{3A9C73EC-AE77-43C8-9B0B-E231C5C1384B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5BBE4B3E-ADAF-4A3E-95BE-F9818A80E0FD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5A148FEF-3C7B-4D99-8B12-DA6ADE0AA674}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{25F3CC89-D5E8-4A3F-A716-86339FC99257}C:\\program files\\adsltv\\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{FD23E670-44EC-494B-832A-B3AA58EE5515}C:\\program files\\adsltv\\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{0CC9180B-4583-41F1-A6F8-1FE301A87D10}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{92483556-5709-4524-BFF4-3483CCE4DB32}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{C7499B54-BBB4-4C5C-8A0C-D9BED0CDFA0B}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{87883B5F-CBCD-4378-8DBA-63382871E0DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4320C60E-50BB-45B6-92A1-B6F980E45572}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-02-27 18:26]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 06:45]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-04-24 13:00]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 12:31]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-07 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8734-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - G:\Sims2Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8743-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - H:\Sims2Menu.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 14:29:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.ATR 24 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.IDX 12 bytes
C:\Windows\OP_CACHE.ATR 1248 bytes
C:\Windows\OP_CACHE.IDX 624 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.ATR 24 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\OP_CACHE.ATR 5856 bytes
C:\Windows\system32\drivers\OP_CACHE.IDX 2928 bytes
C:\Windows\system32\OP_CACHE.ATR 51336 bytes
C:\Windows\system32\OP_CACHE.IDX 25668 bytes
C:\OP_CACHE.ATR 456 bytes
C:\OP_CACHE.IDX 228 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\Windows\system32\wbem\OP_CACHE.ATR 1296 bytes
C:\Windows\system32\wbem\OP_CACHE.IDX 648 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.IDX 24 bytes
C:\Program Files\catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.ATR 672 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.IDX 336 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.ATR 96 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.ATR 480 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.IDX 240 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Messenger\belllia20@hotmail.com\SharingMetadata\Working\database_A8FC_8B5B_FC8B_2324\$db_clean$ 0 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.ATR 72 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.IDX 24 bytes

scan completed successfully
hidden files: 128

**************************************************************************
.
Completion time: 2008-07-09 14:30:59
ComboFix-quarantined-files.txt 2008-07-09 18:30:55
ComboFix2.txt 2008-07-09 10:37:31

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 171,101,208,576 bytes free

342 --- E O F --- 2008-07-09 07:02:56
0
Réponse 12 / 39
meli750 Messages postés 173 Statut Membre 32
 
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 935
Windows 6.0.6001 Service Pack 1

15:43:12 2008-07-09
mbam-log-7-9-2008 (15-43-09).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 215648
Temps écoulé: 1 hour(s), 0 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\windows.bat (Trojan.Agent) -> No action taken.
0
Réponse 13 / 39
meli750 Messages postés 173 Statut Membre 32
 
pour Hijackthis je choisit quel option quand je louvre?
0
Réponse 14 / 39
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
0
Réponse 15 / 39
meli750 Messages postés 173 Statut Membre 32
 
oui jai fait tout sa mais dans note pad ya rien decrit
0
Réponse 16 / 39
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance hijakchtis et colle un rapport

http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
0
Réponse 17 / 39
meli750 Messages postés 173 Statut Membre 32
 
Logfile of HijackThis v1.99.1
Scan saved at 12:34:23, on 2008-07-11
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\mélissa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 18 / 39
meli750 Messages postés 173 Statut Membre 32
 
quand je fais le rapport il me sort 2 messages d'erreur!
0
Réponse 19 / 39
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok rien encore des soucis?
0
Réponse 20 / 39
meli750 Messages postés 173 Statut Membre 32
 
Rien que veut tu dire?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses