virus virtumonde Résolu

Question

Bonjour,jaimerais savoir comment supprimer ce virus...mon anti-virus le detecte mais ne peut rien y faire...jai essayer plusieurs autre choses aussi trouver sur le net mais rien de fonctionne ..il ne veut pas seffacer.merci

jrmlpz · Answer

Salut,

regardes ici:
http://www.commentcamarche.net/forum/affich 6760596 virus virtumonde#0

meli750 · Answer

j'ai deja essayeer tout sa...il le detecte l'Efacce mais il réaparrait ou il ne le detecte pas du tout....merci

jrmlpz · Answer

en mode sans echec?

meli750 · Answer

ComboFix 08-07-08.5 - mélissa 2008-07-09  6:28:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1248 [GMT -4:00]
Running from: C:\Users\mélissa\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-06-09 to 2008-07-09  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 10:36	1,572,864	--sha-w	C:\Users\mélissa\NTUSER.DAT
2008-07-09 10:36	1,572,864	--sha-w	C:\Users\mélissa\NTUSER.DAT
2008-07-09 10:29	---------	d-----w	C:\Users\mélissa\AppData\Roaming\BitTorrent
2008-07-09 07:08	---------	d-----w	C:\Program Files\Windows Mail
2008-07-09 07:04	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-07-09 04:48	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-07-09 04:10	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-07-09 03:55	---------	d-----w	C:\Program Files\Enigma Software Group
2008-07-09 03:38	---------	d-----w	C:\Program Files\ESET
2008-07-09 03:15	---------	d-----w	C:\ProgramData\ESET
2008-07-09 01:26	---------	d-----w	C:\Program Files\Common Files\CyberLink
2008-07-09 01:25	---------	d-----w	C:\Program Files\Microsoft Works
2008-07-09 01:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-09 01:22	---------	d-----w	C:\Program Files\Windows Journal
2008-07-09 01:22	---------	d-----w	C:\Program Files\Google Video
2008-07-09 01:22	---------	d-----w	C:\Program Files\DivX
2008-07-09 01:21	---------	d-----w	C:\Program Files\Windows Sidebar
2008-07-09 01:21	---------	d-----w	C:\Program Files\StuffPlug3
2008-07-09 01:21	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-07-09 01:20	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-07-09 01:20	---------	d-----w	C:\Program Files\BitTorrent
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Defender
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Collaboration
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Calendar
2008-07-09 01:19	---------	d-----w	C:\Program Files\QuickTime
2008-07-09 01:19	---------	d-----w	C:\Program Files\PowerISO
2008-07-09 01:19	---------	d-----w	C:\Program Files\Atomic Alarm Clock
2008-07-09 01:14	---------	d-----w	C:\ProgramData\Agnitum
2008-07-09 01:14	---------	d-----w	C:\Program Files\Agnitum
2008-07-08 17:14	---------	d-s---w	C:\Users\mélissa\AppData\Roaming\Microsoft
2008-07-08 16:33	---------	d-----w	C:\Users\mélissa\AppData\Roaming\ESET
2008-07-08 16:26	---------	d-----w	C:\Program Files\Common Files\BitDefender
2008-07-08 16:26	---------	d-----w	C:\Program Files\BitDefender
2008-07-08 04:44	---------	d-----w	C:\Program Files\Yamicsoft
2008-07-08 01:31	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Adobe
2008-07-08 01:28	---------	d-----w	C:\ProgramData\NOS
2008-07-08 01:28	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-08 01:00	---------	d-----w	C:\Program Files\Druide
2008-07-08 00:58	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Druide
2008-07-07 14:59	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-06 13:59	81,984	----a-w	C:\Windows\System32\bdod.bin
2008-07-06 13:57	86,792	----a-w	C:\Windows\system32\drivers\bdfndisf.sys
2008-07-06 13:57	77,824	----a-w	C:\Windows\System32\xcomm.dll
2008-07-06 13:43	---------	d-----w	C:\ProgramData\NVIDIA
2008-07-06 01:48	174	--sha-w	C:\Program Files\desktop.ini
2008-07-06 01:24	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-07-06 01:24	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-07-05 23:07	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Corel
2008-07-05 23:05	---------	d-----w	C:\ProgramData\Corel
2008-07-05 23:02	---------	d-----w	C:\Program Files\Common Files\Corel
2008-07-05 23:00	---------	d-----w	C:\Program Files\Corel
2008-07-05 22:53	---------	d-----w	C:\Users\mélissa\AppData\Roaming\InstallShield
2008-07-05 22:46	---------	d-----w	C:\Users\mélissa\AppData\Roaming\CyberLink
2008-07-05 22:46	---------	d-----w	C:\ProgramData\CyberLink
2008-07-05 22:45	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-05 22:44	---------	d-----w	C:\Program Files\CyberLink
2008-07-05 22:42	29,480	----a-w	C:\Windows\System32\msxml3a.dll
2008-07-05 17:04	---------	d---a-w	C:\ProgramData\TEMP
2008-07-05 05:47	---------	d-----w	C:\Program Files\adslTV
2008-07-05 05:46	---------	d-----w	C:\Users\mélissa\AppData\Roaming\vlc
2008-07-04 21:04	---------	d-----w	C:\Users\mélissa\AppData\Roaming\WinRAR
2008-07-04 21:00	---------	d-----w	C:\Program Files\EA GAMES
2008-07-04 19:58	---------	d-----w	C:\Users\mélissa\AppData\Roaming\DivX
2008-07-04 19:29	---------	d-----w	C:\ProgramData\Microsoft Help
2008-07-04 19:23	---------	d-----w	C:\Program Files\MSBuild
2008-07-04 19:20	---------	d-----w	C:\Program Files\Microsoft.NET
2008-07-04 19:16	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-07-04 19:11	---------	d-----w	C:\Program Files\DNA
2008-07-04 16:59	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Skinux
2008-07-04 16:45	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys
2008-07-04 16:42	---------	d-----w	C:\Users\mélissa\AppData\Roaming\DAEMON Tools
2008-07-04 16:37	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Macromedia
2008-07-04 16:10	---------	d-----w	C:\Program Files\Kodak
2008-07-04 16:06	---------	d-----w	C:\Program Files\Common Files\Kodak
2008-07-04 07:14	988,216	----a-w	C:\Windows\System32\winload.exe
2008-07-04 07:14	927,288	----a-w	C:\Windows\System32\winresume.exe
2008-07-04 07:14	615,992	----a-w	C:\Windows\System32\ci.dll
2008-07-04 07:14	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-07-04 07:14	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll
2008-07-04 07:14	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-07-04 07:14	378,368	----a-w	C:\Windows\System32\srcore.dll
2008-07-04 07:14	318,464	----a-w	C:\Windows\System32\rstrui.exe
2008-07-04 07:14	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-07-04 07:14	14,848	----a-w	C:\Windows\System32\srdelayed.exe
2008-07-04 07:12	2,032,128	----a-w	C:\Windows\System32\win32k.sys
2008-07-04 07:11	295,936	----a-w	C:\Windows\System32\gdi32.dll
2008-07-04 07:08	14,848	----a-w	C:\Windows\System32\wshrm.dll
2008-07-04 07:08	113,664	----a-w	C:\Windows\system32\drivers\rmcast.sys
2008-07-04 07:07	540,672	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-07-04 07:07	458,752	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 07:07	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 07:07	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-07-04 07:07	2,153,984	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-04 07:07	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 07:07	1,695,744	----a-w	C:\Windows\System32\gameux.dll
2008-07-04 07:05	1,314,816	----a-w	C:\Windows\System32\quartz.dll
2008-07-04 07:04	428,544	----a-w	C:\Windows\System32\EncDec.dll
2008-07-04 07:04	293,376	----a-w	C:\Windows\System32\psisdecd.dll
2008-07-04 07:03	826,880	----a-w	C:\Windows\System32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2008-05-30 14:54 4501912]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-08 00:55 1737216]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll" [2008-07-08 23:05 281600]
"BMffb81017"="C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll" [2008-07-08 23:06 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"OEM03Mon.exe"="C:\Windows\OEM03Mon.exe" [2007-05-18 13:00 36864]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-04-23 10:43 1098568]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-04-22 12:31 419144]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56E2ED6C-077A-4D1F-8535-D6F4191EB53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5F280B6-0395-4C9D-8BDE-EC3913FD09EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{48977CE1-0318-497A-A451-4BEF567ECF66}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{3A9C73EC-AE77-43C8-9B0B-E231C5C1384B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5BBE4B3E-ADAF-4A3E-95BE-F9818A80E0FD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5A148FEF-3C7B-4D99-8B12-DA6ADE0AA674}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{25F3CC89-D5E8-4A3F-A716-86339FC99257}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{FD23E670-44EC-494B-832A-B3AA58EE5515}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{0CC9180B-4583-41F1-A6F8-1FE301A87D10}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{92483556-5709-4524-BFF4-3483CCE4DB32}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{C7499B54-BBB4-4C5C-8A0C-D9BED0CDFA0B}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{87883B5F-CBCD-4378-8DBA-63382871E0DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4320C60E-50BB-45B6-92A1-B6F980E45572}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-02-27 18:26]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 06:45]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-04-24 13:00]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 12:31]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-07 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8734-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - G:\Sims2Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8743-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - H:\Sims2Menu.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 06:35:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


C:\Windows\OP_CACHE.ATR 1248 bytes
C:\Windows\OP_CACHE.IDX 624 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.ATR 24 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.IDX 12 bytes
C:\Windows\TEMP\TMP00000061576CBCC2C3E109FB 524288 bytes
C:\OP_CACHE.ATR 456 bytes
C:\OP_CACHE.IDX 228 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\Windows\system32\wbem\OP_CACHE.ATR 1296 bytes
C:\Windows\system32\wbem\OP_CACHE.IDX 648 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.ATR 24 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\OP_CACHE.ATR 5856 bytes
C:\Windows\system32\drivers\OP_CACHE.IDX 2928 bytes
C:\Windows\system32\OP_CACHE.ATR 51336 bytes
C:\Windows\system32\OP_CACHE.IDX 25668 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.ATR 672 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.IDX 336 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt00.sqm
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt01.sqm
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt02.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt03.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt04.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\MSN Messenger\843298666\sqmnoopt05.sqm 368 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.ATR 96 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.ATR 480 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.IDX 240 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.IDX 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.IDX 24 bytes

scan completed successfully
hidden files: 134

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\MLISSA~1\AppData\Local\Temp\jytokpqr.dll
-> C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
-> C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
Completion time: 2008-07-09  6:37:28
ComboFix-quarantined-files.txt  2008-07-09 10:37:22

      The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 179,935,764,480 bytes free

338	--- E O F ---	2008-07-09 07:02:56

meli750 · Answer

Et vundofix ne detecte rien.Il faudrait que j'essaie de faire ces 2 scan en mode sans échec?

jrmlpz · Answer

oui!

jlpjlp · Answer

slt

si vundofix ne détecte rien , il ne dectera rien en mode sans echec de plus 

fais ceci:







Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"cmds"=- 
"BMffb81017"=-

Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________
scan avec malwarebyte's vire ce qui est trouvé et colle le rapport:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_______________


colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

meli750 · Answer

ferme tout les navigateur tu veut dire quoi par la?

meli750 · Answer

dsl je ne suis pas tres bonne en informatique..je vais faire ce que tu a écrit et je poste les rapport le plus vite possible..merci beaucoup!

jlpjlp · Answer

les navigateur sont internet explorer , firefox, safari et opera: tu quitte le net en gros!

meli750 · Answer

ComboFix 08-07-08.5 - mélissa 2008-07-09 14:26:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1015 [GMT -4:00]
Running from: C:\Users\mélissa\Desktop\ComboFix.exe
Command switches used :: C:\Users\mélissa\Desktop\CFscript.txt
 * Created a new restore point
 * Resident AV is active


FILE ::
C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\MLISSA~1\AppData\Local\Temp\awTLCuus.dll
C:\Users\MLISSA~1\AppData\Local\Temp\supbfhdm.dll

.
(((((((((((((((((((((((((   Files Created from 2008-06-09 to 2008-07-09  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:29	1,572,864	--sha-w	C:\Users\mélissa\NTUSER.DAT
2008-07-09 18:29	1,572,864	--sha-w	C:\Users\mélissa\NTUSER.DAT
2008-07-09 18:26	---------	d-----w	C:\Users\mélissa\AppData\Roaming\BitTorrent
2008-07-09 18:19	---------	d-----w	C:\Program Files\Gogglebox TV
2008-07-09 07:08	---------	d-----w	C:\Program Files\Windows Mail
2008-07-09 07:04	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-07-09 04:48	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-07-09 04:10	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-07-09 03:55	---------	d-----w	C:\Program Files\Enigma Software Group
2008-07-09 03:38	---------	d-----w	C:\Program Files\ESET
2008-07-09 03:15	---------	d-----w	C:\ProgramData\ESET
2008-07-09 01:26	---------	d-----w	C:\Program Files\Common Files\CyberLink
2008-07-09 01:25	---------	d-----w	C:\Program Files\Microsoft Works
2008-07-09 01:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-09 01:22	---------	d-----w	C:\Program Files\Windows Journal
2008-07-09 01:22	---------	d-----w	C:\Program Files\Google Video
2008-07-09 01:22	---------	d-----w	C:\Program Files\DivX
2008-07-09 01:21	---------	d-----w	C:\Program Files\Windows Sidebar
2008-07-09 01:21	---------	d-----w	C:\Program Files\StuffPlug3
2008-07-09 01:21	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-07-09 01:20	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-07-09 01:20	---------	d-----w	C:\Program Files\BitTorrent
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Defender
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Collaboration
2008-07-09 01:19	---------	d-----w	C:\Program Files\Windows Calendar
2008-07-09 01:19	---------	d-----w	C:\Program Files\QuickTime
2008-07-09 01:19	---------	d-----w	C:\Program Files\PowerISO
2008-07-09 01:19	---------	d-----w	C:\Program Files\Atomic Alarm Clock
2008-07-09 01:14	---------	d-----w	C:\ProgramData\Agnitum
2008-07-09 01:14	---------	d-----w	C:\Program Files\Agnitum
2008-07-08 17:14	---------	d-s---w	C:\Users\mélissa\AppData\Roaming\Microsoft
2008-07-08 16:33	---------	d-----w	C:\Users\mélissa\AppData\Roaming\ESET
2008-07-08 16:26	---------	d-----w	C:\Program Files\Common Files\BitDefender
2008-07-08 16:26	---------	d-----w	C:\Program Files\BitDefender
2008-07-08 04:44	---------	d-----w	C:\Program Files\Yamicsoft
2008-07-08 01:31	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Adobe
2008-07-08 01:28	---------	d-----w	C:\ProgramData\NOS
2008-07-08 01:28	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-08 01:00	---------	d-----w	C:\Program Files\Druide
2008-07-08 00:58	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Druide
2008-07-07 14:59	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-06 13:59	81,984	----a-w	C:\Windows\System32\bdod.bin
2008-07-06 13:57	86,792	----a-w	C:\Windows\system32\drivers\bdfndisf.sys
2008-07-06 13:57	77,824	----a-w	C:\Windows\System32\xcomm.dll
2008-07-06 13:43	---------	d-----w	C:\ProgramData\NVIDIA
2008-07-06 01:48	174	--sha-w	C:\Program Files\desktop.ini
2008-07-06 01:24	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-07-06 01:24	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-07-05 23:07	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Corel
2008-07-05 23:05	---------	d-----w	C:\ProgramData\Corel
2008-07-05 23:02	---------	d-----w	C:\Program Files\Common Files\Corel
2008-07-05 23:00	---------	d-----w	C:\Program Files\Corel
2008-07-05 22:53	---------	d-----w	C:\Users\mélissa\AppData\Roaming\InstallShield
2008-07-05 22:46	---------	d-----w	C:\Users\mélissa\AppData\Roaming\CyberLink
2008-07-05 22:46	---------	d-----w	C:\ProgramData\CyberLink
2008-07-05 22:45	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-05 22:44	---------	d-----w	C:\Program Files\CyberLink
2008-07-05 22:42	29,480	----a-w	C:\Windows\System32\msxml3a.dll
2008-07-05 17:04	---------	d---a-w	C:\ProgramData\TEMP
2008-07-05 05:47	---------	d-----w	C:\Program Files\adslTV
2008-07-05 05:46	---------	d-----w	C:\Users\mélissa\AppData\Roaming\vlc
2008-07-04 21:04	---------	d-----w	C:\Users\mélissa\AppData\Roaming\WinRAR
2008-07-04 21:00	---------	d-----w	C:\Program Files\EA GAMES
2008-07-04 19:58	---------	d-----w	C:\Users\mélissa\AppData\Roaming\DivX
2008-07-04 19:29	---------	d-----w	C:\ProgramData\Microsoft Help
2008-07-04 19:23	---------	d-----w	C:\Program Files\MSBuild
2008-07-04 19:20	---------	d-----w	C:\Program Files\Microsoft.NET
2008-07-04 19:16	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-07-04 19:11	---------	d-----w	C:\Program Files\DNA
2008-07-04 16:59	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Skinux
2008-07-04 16:45	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys
2008-07-04 16:42	---------	d-----w	C:\Users\mélissa\AppData\Roaming\DAEMON Tools
2008-07-04 16:37	---------	d-----w	C:\Users\mélissa\AppData\Roaming\Macromedia
2008-07-04 16:10	---------	d-----w	C:\Program Files\Kodak
2008-07-04 16:06	---------	d-----w	C:\Program Files\Common Files\Kodak
2008-07-04 07:14	988,216	----a-w	C:\Windows\System32\winload.exe
2008-07-04 07:14	927,288	----a-w	C:\Windows\System32\winresume.exe
2008-07-04 07:14	615,992	----a-w	C:\Windows\System32\ci.dll
2008-07-04 07:14	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-07-04 07:14	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll
2008-07-04 07:14	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-07-04 07:14	378,368	----a-w	C:\Windows\System32\srcore.dll
2008-07-04 07:14	318,464	----a-w	C:\Windows\System32\rstrui.exe
2008-07-04 07:14	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-07-04 07:14	14,848	----a-w	C:\Windows\System32\srdelayed.exe
2008-07-04 07:12	2,032,128	----a-w	C:\Windows\System32\win32k.sys
2008-07-04 07:11	295,936	----a-w	C:\Windows\System32\gdi32.dll
2008-07-04 07:08	14,848	----a-w	C:\Windows\System32\wshrm.dll
2008-07-04 07:08	113,664	----a-w	C:\Windows\system32\drivers\rmcast.sys
2008-07-04 07:07	540,672	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-07-04 07:07	458,752	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 07:07	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 07:07	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-07-04 07:07	2,153,984	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-04 07:07	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 07:07	1,695,744	----a-w	C:\Windows\System32\gameux.dll
2008-07-04 07:05	1,314,816	----a-w	C:\Windows\System32\quartz.dll
2008-07-04 07:04	428,544	----a-w	C:\Windows\System32\EncDec.dll
2008-07-04 07:04	293,376	----a-w	C:\Windows\System32\psisdecd.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-07-09_ 6.36.44,58   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 10:28:37	6,258,688	----a-w	C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-07-09 18:26:19	6,258,688	----a-w	C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-07-09 18:19:40	10,134	----a-r	C:\Windows\Installer\{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}\_1E3BE74B3D6C6CF62A6AEF.exe
+ 2008-07-09 18:19:40	10,134	----a-r	C:\Windows\Installer\{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}\_91E5AEF66E662E9D3A48FA.exe
- 2008-07-06 01:49:22	2,637,068	-c--a-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-09 10:44:59	2,682,570	-c--a-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2008-05-30 14:54 4501912]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-04-08 00:55 1737216]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"OEM03Mon.exe"="C:\Windows\OEM03Mon.exe" [2007-05-18 13:00 36864]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-04-23 10:43 1098568]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-04-22 12:31 419144]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 22:55 533944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 07:15:28 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56E2ED6C-077A-4D1F-8535-D6F4191EB53B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5F280B6-0395-4C9D-8BDE-EC3913FD09EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{48977CE1-0318-497A-A451-4BEF567ECF66}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{3A9C73EC-AE77-43C8-9B0B-E231C5C1384B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5BBE4B3E-ADAF-4A3E-95BE-F9818A80E0FD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5A148FEF-3C7B-4D99-8B12-DA6ADE0AA674}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{25F3CC89-D5E8-4A3F-A716-86339FC99257}C:\program files\adsltv\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{FD23E670-44EC-494B-832A-B3AA58EE5515}C:\program files\adsltv\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{0CC9180B-4583-41F1-A6F8-1FE301A87D10}C:\program files\adsltv\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{92483556-5709-4524-BFF4-3483CCE4DB32}C:\program files\adsltv\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{C7499B54-BBB4-4C5C-8A0C-D9BED0CDFA0B}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{87883B5F-CBCD-4378-8DBA-63382871E0DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4320C60E-50BB-45B6-92A1-B6F980E45572}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-02-27 18:26]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-03-12 12:31]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-03-12 12:32]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 06:45]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-04-24 13:00]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-22 12:31]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-07 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8734-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - G:\Sims2Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05df8743-49ea-11dd-9f3d-001aa089cf78}]
\shell\AutoRun\command - H:\Sims2Menu.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 14:29:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.ATR 24 bytes
C:\Users\MLISSA~1\AppData\Local\Temp\OP_CACHE.IDX 12 bytes
C:\Windows\OP_CACHE.ATR 1248 bytes
C:\Windows\OP_CACHE.IDX 624 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.ATR 24 bytes
C:\Windows\system32\drivers\UMDF\OP_CACHE.IDX 12 bytes
C:\Windows\system32\drivers\OP_CACHE.ATR 5856 bytes
C:\Windows\system32\drivers\OP_CACHE.IDX 2928 bytes
C:\Windows\system32\OP_CACHE.ATR 51336 bytes
C:\Windows\system32\OP_CACHE.IDX 25668 bytes
C:\OP_CACHE.ATR 456 bytes
C:\OP_CACHE.IDX 228 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.ATR 24 bytes
C:\Windows\Downloaded Program Files\OP_CACHE.IDX 12 bytes
C:\Windows\system32\wbem\OP_CACHE.ATR 1296 bytes
C:\Windows\system32\wbem\OP_CACHE.IDX 648 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.ATR 24 bytes
C:\Windows\system32\wbem\xml\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\Corel\DirectShowComponents2\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Corel\PSPThumbShellExt\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\CyberLink\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\DESIGNER\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\[u]0/u9\[u]0/u1\Intel32\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\CameraDrivers\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\Kodak\WIC_Support\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.ATR 384 bytes
C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.IDX 192 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSClientDataMgr\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.ATR 96 bytes
C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\1036\OP_CACHE.IDX 24 bytes
C:\Program Files\catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Adobe\Acrobat\9.0\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.ATR 672 bytes
C:\Users\mélissa\AppData\Roaming\Microsoft\Installer\{4E79AC14-1F0A-4044-B069-126EDCD2308F}\OP_CACHE.IDX 336 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.ATR 96 bytes
C:\Users\mélissa\AppData\Roaming\Mozilla\Firefox\Profiles\zpjza3p0.default\OP_CACHE.IDX 48 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.ATR 480 bytes
C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.IDX 240 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\1036\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.ATR 168 bytes
C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.IDX 84 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.ATR 48 bytes
C:\Program Files\Common Files\microsoft shared\TextConv\OP_CACHE.IDX 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\ESEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\FREN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\microsoft shared\VBA\VBA6\1036\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\VSTA\8.0\x86\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\MSSoap\Binaries\OP_CACHE.IDX 36 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.ATR 312 bytes
C:\Program Files\Common Files\PX Storage Engine\OP_CACHE.IDX 156 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.ATR 24 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.IDX 12 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.ATR 72 bytes
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Messenger\belllia20@hotmail.com\SharingMetadata\Working\database_A8FC_8B5B_FC8B_2324\$db_clean$ 0 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.ATR 24 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\1033\OP_CACHE.IDX 12 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.ATR 72 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9GZGMPEY\OP_CACHE.IDX 36 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.ATR 48 bytes
C:\Users\mélissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OTUMHQYG\OP_CACHE.IDX 24 bytes

scan completed successfully
hidden files: 128

**************************************************************************
.
Completion time: 2008-07-09 14:30:59
ComboFix-quarantined-files.txt  2008-07-09 18:30:55
ComboFix2.txt  2008-07-09 10:37:31

      The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 171,101,208,576 bytes free

342	--- E O F ---	2008-07-09 07:02:56

meli750 · Answer

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 935
Windows 6.0.6001 Service Pack 1

15:43:12 2008-07-09
mbam-log-7-9-2008 (15-43-09).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 215648
Temps écoulé: 1 hour(s), 0 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\windows.bat (Trojan.Agent) -> No action taken.

meli750 · Answer

pour Hijackthis je choisit quel option quand je louvre?

jlpjlp · Answer

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

meli750 · Answer

oui jai fait tout sa mais dans note pad ya rien decrit

jlpjlp · Answer

lance hijakchtis et colle un rapport

http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

meli750 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 12:34:23, on 2008-07-11
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Windows\System32undll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32undll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\mélissa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
laapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
apinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

meli750 · Answer

quand je fais le rapport il me sort 2 messages d'erreur!

jlpjlp · Answer

ok rien encore des soucis?

meli750 · Answer

Rien que veut tu dire?

meli750 · Answer

Je ne suis pas capable de mettre une image en arriere plan:Scest bizard!

jlpjlp · Answer

le rapport hijackhtis est ok je veux dire


encore des soucis?

meli750 · Answer

oui je ne peut mettre aucune image en arriere plan?

jlpjlp · Answer

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_______________

Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
_____________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

_______________

meli750 · Answer

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-13 11:15:16
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Windows Defender                             1.1.3704.0                    No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Users\mélissa\AppData\Roaming\Microsoft\Windows\Cookies\mélissa@atdmt[2].txt
00249874  application/alfacleaner            HackTools           No        0         Yes            No           c:\users\mélissa\appdata\roaming\skinux
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\Windows\PSEXESVC.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              &#1872;&#65533;R8&#65533;
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                &#1872;&#65533;R8&#65533;
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 


c:\users\mélissa\appdata\roaming\skinux
C:\Windows\PSEXESVC.EXE 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

___________________

encore des soucis?

meli750 · Answer

c:\users\mélissa\appdata\roaming\skinux moved successfully.
File move failed. C:\Windows\PSEXESVC.EXE scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_163949

jlpjlp · Answer

encore des soucis?

meli750 · Answer

tout est correct sur mon pc..sauf que je neut mettre aucune image en arriere-plan...!!

jlpjlp · Answer

essaye apres desactivation du compte utilisateur pour voir:




- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide.

meli750 · Answer

mon vista est en anglais jai fait turn user account control on or off! et j'ai essayer de mttre une image en arriere plan et rien de fonctionne!

jlpjlp · Answer

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

&#61623;  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
&#61623;  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
&#61623;  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

meli750 · Answer

j'ai tout faite comme c'étais dit mais sa me dit apres d'envoyer un fichier sur internet..sa ne me dit aps si jai des virus ou pas .

jlpjlp · Answer

tu as le rapport clean?

meli750 · Answer

Il ne me sort aucun rapport et quand jessaie denvoyer le dossier kil me dise denvoyer il dise qui a un erreur!

jlpjlp · Answer

bon

alors repare vista:

http://www.vista-xp.fr/forum/topic39.html

meli750 · Answer

je prend quel option pour le reparer?réparation du demarrage window?

meli750 · Answer

voici le rapport de clean, je ne l'avais pas fait en mode sans échec cest pour ça que sa n'avais pas fonctionner! 2008-07-15 a  0:02:02,66 
 
*** Recherche  C: 
 
*** Recherche  C:\Windows\ 
 
*** Recherche  C:\Windows\system32 
C:\Windows\system32\wininit.exe FOUND 
C:\Windows\system32\wininit.exe FOUND 
 
*** Recherche  C:\Program Files 
*** End of the report !

meli750 · Answer

Je peut changer la couleur du bureau mais pas mettre une image dans personnalize je voit de gros cadres gris au lieu des images de windows.

Virus virtumonde

39 réponses

Votre réponse

Discussions similaires

Newsletters