Bonjour,Bonjour,
Probleme de detection mon
disque dur externe
j'ai utlisé le logiciel Combofix, et il est conseillé dans l'aide de présenté le rapport émis par Combofix sur un forum spécialisé. Ainsi, j'en viens a demander de l'aide pour la lecture et la compréhension de ce rapport.
Merci d'avance de votre aide
ComboFix 08-07-01.5 - Guillaume 2008-07-02 23:07:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.95 [GMT 0:00]
Endroit: D:\Download\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna_navps.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\inetget2
C:\Program Files\inetget2\Installeur.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\msacm32.drv
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\cbXQjige.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\egijQXbc.ini
C:\WINDOWS\system32\egijQXbc.ini2
C:\WINDOWS\system32\fegOnnmp.ini2
C:\WINDOWS\system32\narqwe.sys
C:\WINDOWS\system32\nnnlmJAQ.dll
C:\WINDOWS\system32\npVENXbc.ini
C:\WINDOWS\system32\npVENXbc.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdfmona.dll
C:\WINDOWS\system32\pmnnOgef.dll
C:\WINDOWS\system32\Rqruvyxx.ini
C:\WINDOWS\system32\Rqruvyxx.ini2
C:\WINDOWS\system32\tuvSigge.dll
C:\WINDOWS\system32\UCIjmUvw.ini
C:\WINDOWS\system32\UCIjmUvw.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUnkHaa.dll
C:\WINDOWS\wuasirvy.dll
C:\WINDOWS\system32\narqwe.sys . . . . Echec de suppression
----- BITS: Possible sites infect‚s -----
hxxp://premium.virginmega.fr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_tcpsr
-------\Service_narqwe
-------\Service_NPF
-------\Service_tcpsr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))
.
2008-07-02 22:24 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\ESET
2008-06-30 22:54 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus
2008-06-29 16:52 . 2008-06-29 16:52 60 --a------ C:\WINDOWS\wininit.ini
2008-06-22 07:35 . 2008-06-22 07:35 <REP> d-------- C:\Program Files\Opera
2008-06-21 11:15 . 2008-06-21 11:25 <REP> d-------- C:\Program Files\pdf995
2008-06-20 16:20 . 2008-06-20 16:20 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Propellerhead Software
2008-06-20 16:20 . 2008-06-20 16:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
2008-06-20 16:19 . 2008-06-21 10:53 <REP> d-------- C:\Program Files\Propellerhead
2008-06-19 16:26 . 2008-06-19 16:26 99 --a------ C:\WINDOWS\NEWSRDR.INI
2008-06-19 16:17 . 2008-06-21 18:31 153 --a------ C:\WINDOWS\bigpostetexte.ini
2008-06-19 16:17 . 2008-06-19 16:17 0 --a------ C:\WINDOWS\mailposttext.ini
2008-06-19 15:51 . 2008-07-02 21:38 <REP> d-------- C:\Program Files\MailingBuilderPro
2008-06-19 15:51 . 2008-02-13 10:50 438,784 --a------ C:\WINDOWS\mailingbuilder.dll
2008-06-19 15:51 . 2004-08-04 07:00 128,000 --a------ C:\WINDOWS\system32\DHTMLED.OCX
2008-06-19 12:21 . 2008-06-19 12:21 <REP> d-------- C:\Program Files\Boonty
2008-06-19 06:09 . 2008-06-19 06:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC SOFT
2008-06-17 16:13 . 2008-06-17 16:13 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\GOTO Software
2008-06-17 16:10 . 2008-06-19 06:14 <REP> d-------- C:\Program Files\Goto software
2008-06-17 12:00 . 2008-06-17 12:00 <REP> d-------- C:\Program Files\mjc
2008-06-17 12:00 . 65,456 C:\WINDOWS\system32\narqwe.sys
2008-06-17 11:43 . 2008-06-17 11:44 <REP> d-------- C:\Program Files\Atomic TLD Filter
2008-06-17 10:31 . 2008-06-17 22:06 <REP> d-------- C:\Program Files\Atomic Mail Verifier
2008-06-15 09:08 . 2008-06-15 09:17 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\eFax Messenger
2008-06-12 22:18 . 2008-06-12 22:18 <REP> d-------- C:\Program Files\BobarabaEraser
2008-06-12 22:18 . 1999-04-24 12:10 102,400 --a------ C:\WINDOWS\system32\nslock15vb6.ocx
2008-06-12 22:18 . 1999-03-23 22:49 91,648 --a------ C:\WINDOWS\system32\nslock15vb5.ocx
2008-06-12 15:50 . 2008-06-12 15:50 233,472 --a------ C:\WINDOWS\system32\ILDA32.dll
2008-06-12 05:54 . 2008-06-12 05:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
2008-06-12 05:53 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-12 05:53 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-12 05:53 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-12 05:52 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-12 05:52 . 2008-06-12 05:52 1,024 --a------ C:\.rnd
2008-06-11 21:35 . 2008-06-11 21:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-06-10 23:14 . 2008-06-17 10:27 <REP> d-------- C:\Program Files\AtomPark
2008-06-10 08:01 . 2008-06-10 08:01 <REP> d-------- C:\Program Files\MagicISO
2008-06-09 22:15 . 2008-06-09 22:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware
2008-06-09 22:01 . 2008-06-09 22:01 <REP> d-------- C:\SWISNIFE
2008-06-09 22:01 . 2008-06-09 22:01 543 --a------ C:\WINDOWS\SWISV3.INI
2008-06-09 22:01 . 2005-04-18 21:35 344 --a------ C:\WINDOWS\DYNASN.INF
2008-06-09 22:01 . 2008-06-09 22:01 287 --a------ C:\WINDOWS\SKNIFE.INI
2008-06-09 16:50 . 2008-06-09 16:50 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\ESET
2008-06-09 16:50 . 2008-06-17 15:34 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-09 16:40 . 2008-06-09 16:40 <REP> d-------- C:\Program Files\My Lockbox
2008-06-09 16:40 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-06-09 16:36 . 2008-06-09 16:36 <REP> d-------- C:\WINDOWS\Instant Lock
2008-06-09 16:36 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\Instant Lock
2008-06-09 13:58 . 2008-06-10 16:53 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\GlarySoft
2008-06-09 13:53 . 2008-06-09 13:53 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-09 09:56 . 2008-01-26 06:27 479,825 -ra------ C:\txtsetup.sif
2008-06-09 09:56 . 2008-01-25 21:22 260,288 -ra------ C:\$LDR$
2008-06-06 08:09 . 2008-06-19 16:09 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\AtomPark
2008-06-06 07:39 . 2008-06-07 19:23 71 --a------ C:\WINDOWS\system\ATMAIL.AT
2008-06-06 07:39 . 2008-06-07 19:23 33 --a------ C:\WINDOWS\system\ATNAME.AT
2008-06-06 07:39 . 2008-06-07 19:23 30 --a------ C:\WINDOWS\system\ATINFO.AT
2008-06-02 01:01 . 2008-06-02 01:01 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Oxemis
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 23:19 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-07-01 22:08 --------- d-----w C:\Program Files\PowerArchiver
2008-06-30 22:30 --------- d-----w C:\Program Files\FlashGet
2008-06-30 06:51 --------- d-----w C:\Program Files\Webshots
2008-06-26 23:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-06-21 11:15 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-06-10 17:15 --------- d-----w C:\Documents and Settings\Elbosso\Application Data\EoRezo
2008-06-10 17:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-06-10 16:40 --------- d-----w C:\Program Files\BibleOffLine 2.0
2008-06-09 14:08 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-09 14:08 --------- d-----w C:\Program Files\VIA Technologies, Inc
2008-06-09 14:08 --------- d-----w C:\Program Files\QuickTime
2008-06-09 14:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-09 14:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-06-09 14:08 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\LimeWire
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DivX
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-06-06 04:59 --------- d-----w C:\Program Files\UltraISO
2008-06-03 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 23:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-03 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
2008-05-29 23:12 --------- d-----w C:\Program Files\Cyberlink
2008-05-29 12:20 --------- d-----w C:\Program Files\Enigma Software Group
2008-05-28 12:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-28 07:54 --------- d-----w C:\Program Files\Trend Micro
2008-05-27 20:04 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-05-27 20:04 --------- d-----w C:\Program Files\Ahead
2008-05-26 22:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-05-26 19:28 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-26 19:27 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Apple Computer
2008-05-26 19:19 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-24 13:46 --------- d-----w C:\Documents and Settings\Administrateur.MALLAND\Application Data\SUPERAntiSpyware.com
2008-05-24 03:12 --------- d-----w C:\Program Files\Vilma
2008-05-23 22:45 --------- d-----w C:\Documents and Settings\Administrateur.MALLAND\Application Data\Apple Computer
2008-05-20 22:04 32,223,214 ------w C:\WINDOWS\wmp12.exe
2008-05-19 16:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm
2008-05-18 19:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-05-18 19:25 --------- d-----w C:\Program Files\SlySoft
2008-05-18 12:47 --------- d-----w C:\Program Files\Conjugaison
2008-05-17 09:55 --------- d-----w C:\Program Files\Java
2008-05-17 06:08 --------- d-----w C:\Program Files\Network LookOut
2008-05-16 20:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 20:49 253,952 ------w C:\WINDOWS\Setup1.exe
2008-05-13 18:42 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\NeroVision
2008-05-08 07:53 --------- d-----w C:\Program Files\uTorrent
2008-05-08 07:43 --------- d-----w C:\Program Files\Luxor 2
2008-05-07 10:11 --------- d-----w C:\Program Files\Luxor 3
2008-05-07 07:36 --------- d-----w C:\Program Files\BoontyGames
2008-05-06 20:14 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Ahead
2008-05-06 20:13 --------- d-----w C:\Program Files\Windows Live
2008-05-06 20:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-05-06 14:36 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\PlayFirst
2008-05-06 10:56 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 10:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
2008-05-05 22:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-05-05 13:58 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\pdf995
2008-05-05 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-05-05 11:09 --------- d-----w C:\Program Files\Safari
2008-05-05 11:04 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 11:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-05-04 22:50 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Samsung
2008-05-04 16:34 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-05-03 07:02 --------- d-----w C:\Program Files\S3Inc
2008-05-02 23:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-02 23:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-02 21:31 --------- d-----w C:\Program Files\Services en ligne
2004-10-01 15:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 16:13 3810544]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 23:37 1057280]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 15:08 140328]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Yodm3D"="C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe" [2007-06-26 23:26 2058752]
"UberIcon Manager"="C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe" [2007-08-18 00:10 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 13:47 847872]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 16:59 1071472]
"OSD"="C:\WINDOWS\osd.exe" [2007-01-22 00:50 86016]
"VisualTooltip"="C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe" [2007-04-25 13:45 956928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rva50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Component Manager"=-"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"=-"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 17:56]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 10:56]
S3 rva50;rva50;C:\WINDOWS\System32\drivers\Rva50.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\HackersMagazine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01685a7e-bef3-11dc-a04b-806d6172696f}]
\shell\autorun\command - okqa2g.com
\shell\explore\command - okqa2g.com
\shell\open\command - okqa2g.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9454c4fe-bef2-11dc-a04a-0040d0907a6c}]
\shell\autorun\command - okqa2g.com
\shell\explore\command - okqa2g.com
\shell\open\command - okqa2g.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5f5e55-3eb6-11dd-8b13-0040d0907a6c}]
\shell\autorun\command - uqhqx1.cmd
\shell\explore\command - uqhqx1.cmd
\shell\open\command - uqhqx1.cmd
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-26 11:39:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 23:19:06 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-07-02 07:00:07 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HPDJ Taskbar Utility - -C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
ShellExecuteHooks-{BD962BAB-F429-460F-805B-B137087AB623} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-02 23:19:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\odserv]
"ImagePath"="-\"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose]
"ImagePath"="-\"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usnjsvc]
"ImagePath"="-\"C:\Program Files\Windows Live\Messenger\usnsvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WLSetupSvc]
"ImagePath"="-\"C:\Program Files\Windows Live\installer\WLSetupSvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="-\"C:\Program Files\Windows Media Player\wmpnetwk.exe\""
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
-> C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\uTorrent\utorrent.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-02 23:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 23:25:18
Pre-Run: 4,317,310,976 octets libres
Post-Run: 6,068,953,088 octets libres
316 --- E O F --- 2008-06-02 23:39:34