Mockzebu

Bonjour, J'ai été infecté par le virus Baggle et "désinfecté" par ComboFix qui a bien fait son travail puisque j'ai retrouvé mon ordi presque comme avant et il y a même Antivir qui est revenu sans dire un mot après s'être volatilisé lorsque le Blast est arrivé... Je dis presque car je viens de remarquer que dans les option de l'explorateur Windows (W2k) l'option pour masquer les fichiers cachés est "abimé", les nouvelles options étant: NOHIDDEN et SHOWALL... et effectivement je n'arrive plus à masquer tous les fichiers cachées. Ayant pt-ê d'autres dégâts sur l'ordi je poste le rapport effectué par ComboFix pour le cas où quelqu'un aurait la bonté de l'analyser. Merci d'avance, Rodolphe. RAPPORT : ComboFix 09-11-26.02 - Administrator 27/11/2009 13:11.1.1 - x86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.380 [GMT -8:00] Running from: c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Desktop\killbagle.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section - STAGE 32A ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\desktop.ini c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\174937.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175078.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175406.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175515.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175781.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\176000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\176343.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\196328.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197812.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197968.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\198687.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\199484.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\200218.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\201250.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\202109.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\202843.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203359.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\204312.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\204625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205109.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205312.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\206171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\206671.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207515.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207640.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207921.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\208468.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209312.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209843.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\210203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\210609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\211171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\212265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\213718.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\213859.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214187.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214312.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214906.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215156.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215468.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215921.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216109.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216421.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216984.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217078.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217328.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217937.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\218656.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\219250.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\219937.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220140.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220437.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220578.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220921.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\221359.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\221968.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\222109.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\222546.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\223515.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\224609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\225140.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\226031.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\226703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\227390.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\227531.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\228203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\228625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229140.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229546.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229687.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229984.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230125.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230421.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230984.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\231718.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\231968.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\232453.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\232562.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\238156.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\238656.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\239187.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\239703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\240281.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\240703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\241203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\241625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242140.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242468.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242953.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\243328.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\243796.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244156.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244656.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244796.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\245093.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\245265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\246453.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\247218.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\248203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\249281.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\249906.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\250750.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\251750.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\252250.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\252781.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\253000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\253546.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\255500.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\257796.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\259187.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260468.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260843.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260968.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261531.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261968.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\262390.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\263000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\263390.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\264000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\265500.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\267171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\267484.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\288734.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\288984.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\289500.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\290234.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291093.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291562.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291781.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292093.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292406.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292875.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\293187.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\293578.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\294312.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\294890.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295328.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295656.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295843.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\296281.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\296609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\297093.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\297718.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\298515.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\300187.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\300937.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301531.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301687.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\302203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\302765.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\303484.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\303718.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304000.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304515.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304875.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\305437.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\307265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\308906.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309062.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309375.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309984.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310281.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310640.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310781.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311031.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311171.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311500.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311625.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311906.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\312734.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\313453.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\313750.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314234.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314375.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\315250.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316015.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316281.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316718.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316859.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\317265.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\317343.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\320578.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\320703.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321015.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321343.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321781.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\322203.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\322859.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323296.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323609.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323796.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\324046.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\324921.exe c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\winupgro.exe c:\documents and settings\Administrator\Application Data\drivers\11s11ro1s1a2.sys c:\documents and settings\Administrator\Application Data\drivers\downld c:\documents and settings\Administrator\Application Data\drivers\downld\7358031.exe c:\documents and settings\Administrator\Application Data\drivers\downld\7360531.exe c:\documents and settings\Administrator\Application Data\drivers\downld\7361125.exe c:\documents and settings\Administrator\Application Data\drivers\downld\7370406.exe c:\documents and settings\Administrator\Application Data\drivers\downld\7372828.exe c:\documents and settings\Administrator\Application Data\drivers\downld\7374593.exe c:\program files\pdfforge Toolbar\SeARchsettings.dll c:\program files\POP Peeper\POPPeeper.exe c:\program files\VideoAccessCodec c:\program files\VideoAccessCodec\install.ico c:\recycler\S-1-5-21-1708537768-1958367476-839522115-500 c:\winnt\mdelk.exe c:\winnt\system32\srosa2.sys c:\winnt\Web\default.htt c:\winnt\wintems.exe D:\win.txt c:\winnt\system32\comres.dll . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SK9OU0S -------\Legacy_SROSA -------\Service_sK9Ou0s -------\Service_srosa ((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 ))))))))))))))))))))))))))))))) . 2009-11-27 21:22 . 2009-11-27 21:22 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_214.dat 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- C:\FindyKill 2009-11-27 20:22 . 2009-11-27 21:19 -------- d--h--w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers 2009-11-26 20:35 . 2009-11-26 22:02 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\gtk-2.0 2009-11-26 20:35 . 2009-11-26 20:35 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\.thumbnails 2009-11-26 20:34 . 2009-11-26 22:04 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\.gimp-2.6 2009-11-26 20:32 . 2009-11-26 20:32 -------- d-----w- c:\program files\GIMP-2.0 2009-11-23 07:53 . 2009-11-23 07:53 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Spybot - Search & Destroy 2009-11-23 07:53 . 2009-11-23 07:53 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Lavasoft 2009-11-22 22:07 . 2009-11-23 07:52 -------- d-----w- c:\program files\CCleaner 2009-11-20 17:03 . 2009-11-20 17:03 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\RoboForm 2009-11-20 17:03 . 2009-11-20 17:03 -------- d-----w- c:\program files\Siber Systems 2009-11-20 16:36 . 2009-11-20 16:36 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\ColorSchemer 2009-11-20 16:36 . 2007-07-28 19:54 303104 ----a-w- c:\winnt\system32\lcms.dll 2009-11-20 16:36 . 2001-08-24 01:25 1706800 ----a-w- c:\winnt\system32\gdiplus.dll 2009-11-07 01:02 . 2009-11-07 01:02 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Media Player Classic 2009-11-07 00:17 . 2009-11-07 00:17 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\UDC Profiles 2009-11-07 00:16 . 2009-09-04 23:09 34680 ----a-w- c:\winnt\system32\udcpm.dll 2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\documents and settings\Default User.WINNT\Application Data\Softland 2009-11-07 00:11 . 2009-09-24 21:01 21192 ----a-w- c:\winnt\system32\dopdfmn6.dll 2009-11-07 00:11 . 2009-09-24 21:01 18632 ----a-w- c:\winnt\system32\dopdfmi6.dll 2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\pdfforge 2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Search Settings 2009-11-06 23:35 . 2009-11-27 21:19 -------- d-----w- c:\program files\pdfforge Toolbar 2009-11-05 02:31 . 2009-11-05 02:31 -------- d-----w- c:\program files\Western Digital Corporation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-27 21:21 . 2009-10-06 18:55 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat 2009-11-27 21:21 . 2009-10-06 18:55 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat 2009-11-27 21:19 . 2009-09-28 11:06 -------- d--h--w- c:\documents and settings\Administrator\Application Data\drivers 2009-11-27 21:19 . 2009-10-04 21:39 -------- d-----w- c:\program files\POP Peeper 2009-11-27 19:21 . 2004-10-13 08:09 -------- d---a-w- c:\program files\jv16 PowerTools 2009-11-27 18:51 . 2009-10-01 19:19 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\XnView 2009-11-26 02:08 . 2004-10-08 10:02 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-24 09:13 . 2009-10-09 05:01 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\FileZilla 2009-11-12 18:21 . 2009-10-01 17:34 13600 ----a-w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-09 01:04 . 2009-10-04 21:40 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\POP Peeper 2009-11-05 02:12 . 2005-04-02 08:31 -------- d---a-w- c:\program files\PowerQuest 2009-10-26 13:01 . 2005-01-20 10:28 -------- d---a-w- c:\program files\JGsoft 2009-10-25 11:03 . 2007-12-26 20:06 -------- d---a-w- c:\program files\Ad Muncher 2009-10-24 21:13 . 2006-04-14 15:53 -------- d---a-w- c:\program files\FeedStation 2009-10-23 07:43 . 2009-10-23 07:43 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Canneverbe_Limited 2009-10-23 07:43 . 2009-10-23 07:43 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Canneverbe Limited 2009-10-23 07:10 . 2009-10-23 07:10 -------- d-----w- c:\program files\directx 2009-10-21 19:39 . 2009-10-21 19:39 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Visicom Media 2009-10-21 19:35 . 2009-10-21 19:29 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\DAEMON Tools Lite 2009-10-21 19:33 . 2009-10-21 19:33 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\DAEMON Tools Lite 2009-10-21 19:29 . 2009-10-21 19:29 721904 ----a-w- c:\winnt\system32\drivers\sptd.sys 2009-10-21 18:39 . 2009-10-21 18:39 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\AdSigner 2009-10-07 20:39 . 2009-10-07 20:38 -------- d---a-w- c:\documents and settings\All Users.WINNT\Application Data\Ad Muncher 2009-10-07 19:04 . 2004-12-01 11:31 -------- d---a-w- c:\program files\XnView 2009-10-06 18:18 . 2009-10-06 18:18 -------- d-----w- c:\program files\Quintessential Player 2009-10-06 17:34 . 2009-10-06 17:31 -------- d-----w- c:\program files\Quintessential Media Player 2009-10-06 17:16 . 2009-10-06 17:15 -------- d-----w- c:\program files\Creative 2009-10-06 16:41 . 2009-10-06 16:41 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\MetaProducts 2009-10-01 20:21 . 2009-10-01 20:21 411368 ----a-w- c:\winnt\system32\deploytk.dll 2009-10-01 20:21 . 2009-10-01 20:21 -------- d-----w- c:\program files\Java 2009-10-01 20:21 . 2009-10-01 20:21 152576 ----a-w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-01 18:32 . 2009-10-01 18:23 123119 ----a-w- c:\winnt\HPHins12.dat 2009-10-01 18:26 . 2009-10-01 17:35 -------- d-----w- c:\program files\HP 2009-10-01 17:51 . 2009-10-01 17:51 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Image Zone Express 2009-10-01 17:50 . 2009-10-01 17:50 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\HP 2009-10-01 17:50 . 2009-10-01 17:50 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\HP 2009-09-29 17:41 . 2009-09-29 17:41 -------- d-----w- c:\program files\Avira 2009-09-29 17:41 . 2009-09-29 17:41 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Avira 2009-09-29 16:34 . 2009-09-29 16:34 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\NesterSoft 2009-09-29 16:28 . 2009-09-29 16:28 0 ----a-w- c:\winnt\nsreg.dat 2009-09-29 16:22 . 2006-02-20 09:16 -------- d---a-w- c:\program files\CoreCodec 2009-09-29 16:22 . 2009-09-29 16:22 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\CoreCodec 2009-09-29 16:18 . 2009-09-29 16:18 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Axialis 2009-09-29 04:57 . 2009-10-23 07:43 7168 ----a-w- c:\winnt\system32\drivers\StarOpen.sys 2009-09-29 04:09 . 2009-09-29 04:09 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\nView_Profiles 2009-09-29 04:06 . 2004-10-06 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-28 21:40 . 2009-09-28 21:40 558142 ----a-w- c:\winnt\java\Packages\XZZDN3DR.ZIP 2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\VPNHBBPV.DAT 2009-09-28 21:40 . 2009-09-28 21:40 2474 ----a-w- c:\winnt\java\Packages\Data\BTZDR3VP.DAT 2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\CQ0PF7HN.DAT 2009-09-28 21:40 . 2009-09-28 21:40 2474 ----a-w- c:\winnt\java\Packages\Data\JDN1NH7B.DAT 2009-09-28 21:40 . 2009-09-28 21:40 156441 ----a-w- c:\winnt\java\Packages\6IEK5Z1V.ZIP 2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\Q0UPRTJZ.DAT 2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\GMIZXN17.DAT 2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\6O5BVZ7F.DAT 2009-09-28 21:40 . 2004-10-06 12:47 21952 ---h--w- c:\program files\folder.htt 2009-09-28 21:39 . 2009-09-28 21:39 15012 ----a-w- c:\winnt\system32\emptyregdb.dat 2009-09-05 06:36 . 1999-12-07 17:00 55056 ----a-w- c:\winnt\system32\msasn1.dll 2009-09-05 00:36 . 2009-10-23 23:41 80896 ----a-w- c:\winnt\system32\dxdllreg.exe 2009-09-05 00:29 . 2009-10-23 23:42 453456 ----a-w- c:\winnt\system32\d3dx10_42.dll 2009-09-05 00:29 . 2009-10-23 23:42 235344 ----a-w- c:\winnt\system32\d3dx11_42.dll 2009-09-05 00:29 . 2009-10-23 23:42 1974616 ----a-w- c:\winnt\system32\D3DCompiler_42.dll 2009-09-05 00:29 . 2009-10-23 23:42 5501792 ----a-w- c:\winnt\system32\d3dcsx_42.dll 2009-09-05 00:29 . 2009-10-23 23:42 1892184 ----a-w- c:\winnt\system32\D3DX9_42.dll 2005-09-19 13:39 . 2005-07-05 08:35 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-07-31 10:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS Hot Launch VVL"="c:\prog deskutil\PS Hot Launch VVL\PSHotLaunchVVL.exe" [2005-01-29 829440] "PS Hot Folders"="c:\prog deskutil\PS Hot Folders\PSHotFolders.exe" [2007-05-07 459776] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-11-20 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2004-10-29 4620288] "NvMediaCenter"="c:\winnt\System32\NvMcTray.dll" [2004-10-29 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-10-25 862208] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "TrayFactory"="c:\prog deskutil\PS Tray Factory\PSTrayFactory.exe" [2007-04-04 360960] "AT Notes"="c:\prog deskutil\ATnotes\ATnotes.exe" [2002-11-14 1007616] "Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376] "nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2004-10-29 921600] "WINDVDPatch"="CTHELPER.EXE" - c:\winnt\system32\CTHELPER.EXE [2002-07-03 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "TrayFactory"="c:\prog deskutil\PS Tray Factory\PSTrayFactory.exe" [2007-04-04 360960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" - c:\winnt\system32\internat.exe [1999-12-07 20752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592] PopupMenu Bar.lnk - c:\program files\PopupMenu Editeur\Barre de lancement\PopupMenu Bar.exe [2008-7-14 118784] PopupMenu TrayIcon.lnk - c:\program files\PopupMenu Editeur\PopupMenu TrayIcon.exe [2008-7-14 69120] PowerReg Scheduler V3.exe [2007-7-29 241664] SyncBackSE.lnk - c:\prog net\SyncBackSE\SyncBackSE.exe [2007-9-17 5387768] TimeLeft.lnk - c:\prog worker\TimeLeft3\TimeLeft.exe [2008-3-19 2057392] TrayIt!.lnk - c:\prog deskutil\trayit\trayit!.exe [2007-7-4 114688] c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Start Menu\Programs\Startup\ 4t Tray Minimizer.lnk - c:\prog deskutil\4t Tray Minimizer\4t-min.exe [2009-10-7 1091584] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592] PopupMenu Bar.lnk - c:\program files\PopupMenu Editeur\Barre de lancement\PopupMenu Bar.exe [2008-7-14 118784] PopupMenu TrayIcon.lnk - c:\program files\PopupMenu Editeur\PopupMenu TrayIcon.exe [2008-7-14 69120] SyncBackSE.lnk - c:\prog net\SyncBackSE\SyncBackSE.exe [2007-9-17 5387768] c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\drivers\SonyPVM1.sys [21/10/2009 10:08 28224] R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [21/10/2009 11:29 721904] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/09/2009 09:41 108289] R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [28/09/2009 20:48 49776] S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\drivers\fbxusb32.sys [27/08/2007 14:12 31128] --- Other Services/Drivers In Memory --- *NewlyCreated* - IPNAT *NewlyCreated* - RASAUTO *NewlyCreated* - SHAREDACCESS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ IE: >Search in Linkman - file://c:\program files\Linkman\iescript_search.htm IE: Add to Linkman - file://c:\program files\Linkman\iescript_add.htm IE: Add to Linkman (all tabs) - file://c:\program files\Linkman\iescript_addall.htm IE: Add to Linkman and Edit - file://c:\program files\Linkman\iescript_edit.htm IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Show Linkman - file://c:\program files\Linkman\iescript_show.htm IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm LSP: %SystemRoot%\system32\msafd.dll DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) HKCU-Run-POP Peeper - c:\program files\POP Peeper\POPPeeper.exe SafeBoot-SRService AddRemove-bxNewFolder - c:\program files\bxNewFolder\uninstall.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-27 13:23 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8206A1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xeb422ac3 \Driver\ACPI -> ACPI.sys @ 0xbfeca554 \Driver\atapi -> 0x8206a1f8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x804c075e ParseProcedure -> ntoskrnl.exe @ 0x804bf070 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x804c075e ParseProcedure -> ntoskrnl.exe @ 0x804bf070 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*] "l_encryption_d"="5B53425A455F" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(208) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL - - - - - - - > 'explorer.exe'(1072) c:\winnt\AppPatch\AcLayers.DLL c:\prog deskutil\4t Tray Minimizer\ShellEh440.dll c:\prog deskutil\PS Hot Folders\PSHFHlp.dll c:\program files\Ad Muncher\AM31318.dll c:\prog deskutil\PS Tray Factory\HKDll.dll c:\winnt\system32\SHDOCVW.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\prog media\CDBurnerXP\NMSAccessU.exe c:\winnt\System32\nvsvc32.exe c:\winnt\system32\HPZipm12.exe c:\winnt\system32\regsvc.exe c:\winnt\system32\MSTask.exe c:\winnt\System32\WBEM\WinMgmt.exe . ************************************************************************** . Completion time: 2009-11-27 13:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-27 21:28 Pre-Run: 2 015 924 224 bytes free Post-Run: 2 881 130 496 bytes free - - End Of File - - 155909D2EC1F592157A2A5392BDDCDAB