Rapport combofix

Bonjour,Bonjour,

j'ai utlisé le logiciel Combofix, et il est conseillé dans l'aide de présenté le rapport émis par Combofix sur un forum spécialisé. Ainsi, j'en viens a demander de l'aide pour la lecture et la compréhension de ce rapport.

Merci d'avance de votre aide
ComboFix 08-07-01.5 - Guillaume 2008-07-02 23:07:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.95 [GMT 0:00]
Endroit: D:\Download\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sctsrppna_navps.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\inetget2
C:\Program Files\inetget2\Installeur.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\msacm32.drv
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\cbXQjige.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\egijQXbc.ini
C:\WINDOWS\system32\egijQXbc.ini2
C:\WINDOWS\system32\fegOnnmp.ini2
C:\WINDOWS\system32\narqwe.sys
C:\WINDOWS\system32\nnnlmJAQ.dll
C:\WINDOWS\system32\npVENXbc.ini
C:\WINDOWS\system32\npVENXbc.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdfmona.dll
C:\WINDOWS\system32\pmnnOgef.dll
C:\WINDOWS\system32\Rqruvyxx.ini
C:\WINDOWS\system32\Rqruvyxx.ini2
C:\WINDOWS\system32\tuvSigge.dll
C:\WINDOWS\system32\UCIjmUvw.ini
C:\WINDOWS\system32\UCIjmUvw.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUnkHaa.dll
C:\WINDOWS\wuasirvy.dll
C:\WINDOWS\system32\narqwe.sys . . . . Echec de suppression

----- BITS: Possible sites infect‚s -----

hxxp://premium.virginmega.fr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tcpsr
-------\Service_narqwe
-------\Service_NPF
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))
.

2008-07-02 22:24 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\ESET
2008-06-30 22:54 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus
2008-06-29 16:52 . 2008-06-29 16:52 60 --a------ C:\WINDOWS\wininit.ini
2008-06-22 07:35 . 2008-06-22 07:35 <REP> d-------- C:\Program Files\Opera
2008-06-21 11:15 . 2008-06-21 11:25 <REP> d-------- C:\Program Files\pdf995
2008-06-20 16:20 . 2008-06-20 16:20 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Propellerhead Software
2008-06-20 16:20 . 2008-06-20 16:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
2008-06-20 16:19 . 2008-06-21 10:53 <REP> d-------- C:\Program Files\Propellerhead
2008-06-19 16:26 . 2008-06-19 16:26 99 --a------ C:\WINDOWS\NEWSRDR.INI
2008-06-19 16:17 . 2008-06-21 18:31 153 --a------ C:\WINDOWS\bigpostetexte.ini
2008-06-19 16:17 . 2008-06-19 16:17 0 --a------ C:\WINDOWS\mailposttext.ini
2008-06-19 15:51 . 2008-07-02 21:38 <REP> d-------- C:\Program Files\MailingBuilderPro
2008-06-19 15:51 . 2008-02-13 10:50 438,784 --a------ C:\WINDOWS\mailingbuilder.dll
2008-06-19 15:51 . 2004-08-04 07:00 128,000 --a------ C:\WINDOWS\system32\DHTMLED.OCX
2008-06-19 12:21 . 2008-06-19 12:21 <REP> d-------- C:\Program Files\Boonty
2008-06-19 06:09 . 2008-06-19 06:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC SOFT
2008-06-17 16:13 . 2008-06-17 16:13 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\GOTO Software
2008-06-17 16:10 . 2008-06-19 06:14 <REP> d-------- C:\Program Files\Goto software
2008-06-17 12:00 . 2008-06-17 12:00 <REP> d-------- C:\Program Files\mjc
2008-06-17 12:00 . 65,456 C:\WINDOWS\system32\narqwe.sys
2008-06-17 11:43 . 2008-06-17 11:44 <REP> d-------- C:\Program Files\Atomic TLD Filter
2008-06-17 10:31 . 2008-06-17 22:06 <REP> d-------- C:\Program Files\Atomic Mail Verifier
2008-06-15 09:08 . 2008-06-15 09:17 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\eFax Messenger
2008-06-12 22:18 . 2008-06-12 22:18 <REP> d-------- C:\Program Files\BobarabaEraser
2008-06-12 22:18 . 1999-04-24 12:10 102,400 --a------ C:\WINDOWS\system32\nslock15vb6.ocx
2008-06-12 22:18 . 1999-03-23 22:49 91,648 --a------ C:\WINDOWS\system32\nslock15vb5.ocx
2008-06-12 15:50 . 2008-06-12 15:50 233,472 --a------ C:\WINDOWS\system32\ILDA32.dll
2008-06-12 05:54 . 2008-06-12 05:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
2008-06-12 05:53 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-12 05:53 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-12 05:53 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-12 05:52 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-12 05:52 . 2008-06-12 05:52 1,024 --a------ C:\.rnd
2008-06-11 21:35 . 2008-06-11 21:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-06-10 23:14 . 2008-06-17 10:27 <REP> d-------- C:\Program Files\AtomPark
2008-06-10 08:01 . 2008-06-10 08:01 <REP> d-------- C:\Program Files\MagicISO
2008-06-09 22:15 . 2008-06-09 22:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware
2008-06-09 22:01 . 2008-06-09 22:01 <REP> d-------- C:\SWISNIFE
2008-06-09 22:01 . 2008-06-09 22:01 543 --a------ C:\WINDOWS\SWISV3.INI
2008-06-09 22:01 . 2005-04-18 21:35 344 --a------ C:\WINDOWS\DYNASN.INF
2008-06-09 22:01 . 2008-06-09 22:01 287 --a------ C:\WINDOWS\SKNIFE.INI
2008-06-09 16:50 . 2008-06-09 16:50 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\ESET
2008-06-09 16:50 . 2008-06-17 15:34 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-09 16:40 . 2008-06-09 16:40 <REP> d-------- C:\Program Files\My Lockbox
2008-06-09 16:40 . 2007-12-13 20:13 17,264 --a------ C:\WINDOWS\system32\drivers\mprifl.sys
2008-06-09 16:36 . 2008-06-09 16:36 <REP> d-------- C:\WINDOWS\Instant Lock
2008-06-09 16:36 . 2008-07-02 22:24 <REP> d-------- C:\Program Files\Instant Lock
2008-06-09 13:58 . 2008-06-10 16:53 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\GlarySoft
2008-06-09 13:53 . 2008-06-09 13:53 <REP> d-------- C:\Program Files\Glary Utilities
2008-06-09 09:56 . 2008-01-26 06:27 479,825 -ra------ C:\txtsetup.sif
2008-06-09 09:56 . 2008-01-25 21:22 260,288 -ra------ C:\$LDR$
2008-06-06 08:09 . 2008-06-19 16:09 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\AtomPark
2008-06-06 07:39 . 2008-06-07 19:23 71 --a------ C:\WINDOWS\system\ATMAIL.AT
2008-06-06 07:39 . 2008-06-07 19:23 33 --a------ C:\WINDOWS\system\ATNAME.AT
2008-06-06 07:39 . 2008-06-07 19:23 30 --a------ C:\WINDOWS\system\ATINFO.AT
2008-06-02 01:01 . 2008-06-02 01:01 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Oxemis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 23:19 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-07-01 22:08 --------- d-----w C:\Program Files\PowerArchiver
2008-06-30 22:30 --------- d-----w C:\Program Files\FlashGet
2008-06-30 06:51 --------- d-----w C:\Program Files\Webshots
2008-06-26 23:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-06-21 11:15 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-06-10 17:15 --------- d-----w C:\Documents and Settings\Elbosso\Application Data\EoRezo
2008-06-10 17:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-06-10 16:40 --------- d-----w C:\Program Files\BibleOffLine 2.0
2008-06-09 14:08 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-09 14:08 --------- d-----w C:\Program Files\VIA Technologies, Inc
2008-06-09 14:08 --------- d-----w C:\Program Files\QuickTime
2008-06-09 14:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-09 14:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-06-09 14:08 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\LimeWire
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DivX
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-06-09 14:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-06-06 04:59 --------- d-----w C:\Program Files\UltraISO
2008-06-03 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 23:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-03 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
2008-05-29 23:12 --------- d-----w C:\Program Files\Cyberlink
2008-05-29 12:20 --------- d-----w C:\Program Files\Enigma Software Group
2008-05-28 12:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-28 07:54 --------- d-----w C:\Program Files\Trend Micro
2008-05-27 20:04 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-05-27 20:04 --------- d-----w C:\Program Files\Ahead
2008-05-26 22:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-05-26 19:28 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-26 19:27 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Apple Computer
2008-05-26 19:19 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-24 13:46 --------- d-----w C:\Documents and Settings\Administrateur.MALLAND\Application Data\SUPERAntiSpyware.com
2008-05-24 03:12 --------- d-----w C:\Program Files\Vilma
2008-05-23 22:45 --------- d-----w C:\Documents and Settings\Administrateur.MALLAND\Application Data\Apple Computer
2008-05-20 22:04 32,223,214 ------w C:\WINDOWS\wmp12.exe
2008-05-19 16:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm
2008-05-18 19:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-05-18 19:25 --------- d-----w C:\Program Files\SlySoft
2008-05-18 12:47 --------- d-----w C:\Program Files\Conjugaison
2008-05-17 09:55 --------- d-----w C:\Program Files\Java
2008-05-17 06:08 --------- d-----w C:\Program Files\Network LookOut
2008-05-16 20:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 20:49 253,952 ------w C:\WINDOWS\Setup1.exe
2008-05-13 18:42 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\NeroVision
2008-05-08 07:53 --------- d-----w C:\Program Files\uTorrent
2008-05-08 07:43 --------- d-----w C:\Program Files\Luxor 2
2008-05-07 10:11 --------- d-----w C:\Program Files\Luxor 3
2008-05-07 07:36 --------- d-----w C:\Program Files\BoontyGames
2008-05-06 20:14 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Ahead
2008-05-06 20:13 --------- d-----w C:\Program Files\Windows Live
2008-05-06 20:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-05-06 14:36 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\PlayFirst
2008-05-06 10:56 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 10:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
2008-05-05 22:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-05-05 13:58 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\pdf995
2008-05-05 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-05-05 11:09 --------- d-----w C:\Program Files\Safari
2008-05-05 11:04 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 11:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-05-04 22:50 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Samsung
2008-05-04 16:34 --------- d-----w C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-05-03 07:02 --------- d-----w C:\Program Files\S3Inc
2008-05-02 23:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-02 23:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-02 21:31 --------- d-----w C:\Program Files\Services en ligne
2004-10-01 15:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

------- Sigcheck -------

2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 16:13 3810544]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 23:37 1057280]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 15:08 140328]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Yodm3D"="C:\WINDOWS\Resources\Themes\VistaXP\y3d\Yodm3D.exe" [2007-06-26 23:26 2058752]
"UberIcon Manager"="C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe" [2007-08-18 00:10 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 13:47 847872]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 16:59 1071472]
"OSD"="C:\WINDOWS\osd.exe" [2007-01-22 00:50 86016]
"VisualTooltip"="C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe" [2007-04-25 13:45 956928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rva50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Component Manager"=-"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"=-"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 17:56]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 10:56]
S3 rva50;rva50;C:\WINDOWS\System32\drivers\Rva50.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\HackersMagazine.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01685a7e-bef3-11dc-a04b-806d6172696f}]
\shell\autorun\command - okqa2g.com
\shell\explore\command - okqa2g.com
\shell\open\command - okqa2g.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9454c4fe-bef2-11dc-a04a-0040d0907a6c}]
\shell\autorun\command - okqa2g.com
\shell\explore\command - okqa2g.com
\shell\open\command - okqa2g.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5f5e55-3eb6-11dd-8b13-0040d0907a6c}]
\shell\autorun\command - uqhqx1.cmd
\shell\explore\command - uqhqx1.cmd
\shell\open\command - uqhqx1.cmd

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-26 11:39:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 23:19:06 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-07-02 07:00:07 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HPDJ Taskbar Utility - -C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
ShellExecuteHooks-{BD962BAB-F429-460F-805B-B137087AB623} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 23:19:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\odserv]
"ImagePath"="-\"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose]
"ImagePath"="-\"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usnjsvc]
"ImagePath"="-\"C:\Program Files\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WLSetupSvc]
"ImagePath"="-\"C:\Program Files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="-\"C:\Program Files\Windows Media Player\wmpnetwk.exe\""
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
-> C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\uTorrent\utorrent.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-02 23:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 23:25:18

Pre-Run: 4,317,310,976 octets libres
Post-Run: 6,068,953,088 octets libres

316 --- E O F --- 2008-06-02 23:39:34