Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse rapport ComboFix

Mockzebu

Par Mockzebu
dans Analyses et éradication malwares

 Partager

Messages recommandés

Mockzebu Junior Member

Mockzebu

Posté(e)
Posté(e)

Bonjour,

 

J'ai été infecté par le virus Baggle et "désinfecté" par ComboFix qui a bien fait son travail puisque j'ai retrouvé mon ordi presque comme avant et il y a même Antivir qui est revenu sans dire un mot après s'être volatilisé lorsque le Blast est arrivé...

 

Je dis presque car je viens de remarquer que dans les option de l'explorateur Windows (W2k) l'option pour masquer les fichiers cachés est "abimé", les nouvelles options étant: NOHIDDEN et SHOWALL... et effectivement je n'arrive plus à masquer tous les fichiers cachées. Ayant pt-ê d'autres dégâts sur l'ordi je poste le rapport effectué par ComboFix pour le cas où quelqu'un aurait la bonté de l'analyser.

 

Merci d'avance,

Rodolphe.

 

 

RAPPORT :

 

ComboFix 09-11-26.02 - Administrator 27/11/2009 13:11.1.1 - x86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.380 [GMT -8:00]

Running from: c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Desktop\killbagle.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

/wow section - STAGE 32A

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\desktop.ini

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\174937.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175078.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175406.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175515.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\175781.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\176000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\176343.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\196328.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197812.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\197968.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\198687.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\199484.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\200218.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\201250.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\202109.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\202843.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203359.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\203703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\204312.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\204625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205109.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205312.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\205609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\206171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\206671.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207515.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207640.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\207921.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\208468.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209312.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\209843.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\210203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\210609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\211171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\212265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\213718.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\213859.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214187.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214312.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\214906.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215156.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215468.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\215921.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216109.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216421.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\216984.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217078.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217328.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\217937.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\218656.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\219250.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\219937.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220140.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220437.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220578.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\220921.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\221359.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\221968.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\222109.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\222546.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\223515.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\224609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\225140.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\226031.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\226703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\227390.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\227531.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\228203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\228625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229140.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229546.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229687.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\229984.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230125.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230421.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\230984.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\231718.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\231968.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\232453.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\232562.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\238156.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\238656.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\239187.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\239703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\240281.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\240703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\241203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\241625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242140.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242468.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\242953.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\243328.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\243796.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244156.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244656.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\244796.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\245093.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\245265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\246453.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\247218.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\248203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\249281.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\249906.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\250750.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\251750.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\252250.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\252781.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\253000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\253546.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\255500.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\257796.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\259187.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260468.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260843.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\260968.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261531.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\261968.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\262390.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\263000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\263390.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\264000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\265500.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\267171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\267484.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\288734.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\288984.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\289500.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\290234.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291093.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291562.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\291781.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292093.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292406.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\292875.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\293187.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\293578.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\294312.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\294890.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295328.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295656.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\295843.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\296281.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\296609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\297093.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\297718.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\298515.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\300187.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\300937.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301531.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\301687.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\302203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\302765.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\303484.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\303718.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304000.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304515.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\304875.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\305437.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\307265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\308906.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309062.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309375.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\309984.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310281.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310640.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\310781.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311031.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311171.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311500.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311625.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\311906.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\312734.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\313453.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\313750.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314234.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314375.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\314703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\315250.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316015.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316281.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316718.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\316859.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\317265.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\317343.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\320578.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\320703.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321015.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321343.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\321781.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\322203.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\322859.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323296.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323609.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\323796.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\324046.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\downld\324921.exe

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers\winupgro.exe

c:\documents and settings\Administrator\Application Data\drivers\11s11ro1s1a2.sys

c:\documents and settings\Administrator\Application Data\drivers\downld

c:\documents and settings\Administrator\Application Data\drivers\downld\7358031.exe

c:\documents and settings\Administrator\Application Data\drivers\downld\7360531.exe

c:\documents and settings\Administrator\Application Data\drivers\downld\7361125.exe

c:\documents and settings\Administrator\Application Data\drivers\downld\7370406.exe

c:\documents and settings\Administrator\Application Data\drivers\downld\7372828.exe

c:\documents and settings\Administrator\Application Data\drivers\downld\7374593.exe

c:\program files\pdfforge Toolbar\SeARchsettings.dll

c:\program files\POP Peeper\POPPeeper.exe

c:\program files\VideoAccessCodec

c:\program files\VideoAccessCodec\install.ico

c:\recycler\S-1-5-21-1708537768-1958367476-839522115-500

c:\winnt\mdelk.exe

c:\winnt\system32\srosa2.sys

c:\winnt\Web\default.htt

c:\winnt\wintems.exe

D:\win.txt

 

c:\winnt\system32\comres.dll . . . is infected!!

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SK9OU0S

-------\Legacy_SROSA

-------\Service_sK9Ou0s

-------\Service_srosa

 

 

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))

.

 

2009-11-27 21:22 . 2009-11-27 21:22 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_214.dat

2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- C:\FindyKill

2009-11-27 20:22 . 2009-11-27 21:19 -------- d--h--w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\drivers

2009-11-26 20:35 . 2009-11-26 22:02 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\gtk-2.0

2009-11-26 20:35 . 2009-11-26 20:35 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\.thumbnails

2009-11-26 20:34 . 2009-11-26 22:04 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\.gimp-2.6

2009-11-26 20:32 . 2009-11-26 20:32 -------- d-----w- c:\program files\GIMP-2.0

2009-11-23 07:53 . 2009-11-23 07:53 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Spybot - Search & Destroy

2009-11-23 07:53 . 2009-11-23 07:53 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Lavasoft

2009-11-22 22:07 . 2009-11-23 07:52 -------- d-----w- c:\program files\CCleaner

2009-11-20 17:03 . 2009-11-20 17:03 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\RoboForm

2009-11-20 17:03 . 2009-11-20 17:03 -------- d-----w- c:\program files\Siber Systems

2009-11-20 16:36 . 2009-11-20 16:36 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\ColorSchemer

2009-11-20 16:36 . 2007-07-28 19:54 303104 ----a-w- c:\winnt\system32\lcms.dll

2009-11-20 16:36 . 2001-08-24 01:25 1706800 ----a-w- c:\winnt\system32\gdiplus.dll

2009-11-07 01:02 . 2009-11-07 01:02 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Media Player Classic

2009-11-07 00:17 . 2009-11-07 00:17 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\UDC Profiles

2009-11-07 00:16 . 2009-09-04 23:09 34680 ----a-w- c:\winnt\system32\udcpm.dll

2009-11-07 00:13 . 2009-11-07 00:13 -------- d-----w- c:\documents and settings\Default User.WINNT\Application Data\Softland

2009-11-07 00:11 . 2009-09-24 21:01 21192 ----a-w- c:\winnt\system32\dopdfmn6.dll

2009-11-07 00:11 . 2009-09-24 21:01 18632 ----a-w- c:\winnt\system32\dopdfmi6.dll

2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\pdfforge

2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Search Settings

2009-11-06 23:35 . 2009-11-27 21:19 -------- d-----w- c:\program files\pdfforge Toolbar

2009-11-05 02:31 . 2009-11-05 02:31 -------- d-----w- c:\program files\Western Digital Corporation

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-27 21:21 . 2009-10-06 18:55 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat

2009-11-27 21:21 . 2009-10-06 18:55 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat

2009-11-27 21:19 . 2009-09-28 11:06 -------- d--h--w- c:\documents and settings\Administrator\Application Data\drivers

2009-11-27 21:19 . 2009-10-04 21:39 -------- d-----w- c:\program files\POP Peeper

2009-11-27 19:21 . 2004-10-13 08:09 -------- d---a-w- c:\program files\jv16 PowerTools

2009-11-27 18:51 . 2009-10-01 19:19 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\XnView

2009-11-26 02:08 . 2004-10-08 10:02 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-24 09:13 . 2009-10-09 05:01 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\FileZilla

2009-11-12 18:21 . 2009-10-01 17:34 13600 ----a-w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-09 01:04 . 2009-10-04 21:40 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\POP Peeper

2009-11-05 02:12 . 2005-04-02 08:31 -------- d---a-w- c:\program files\PowerQuest

2009-10-26 13:01 . 2005-01-20 10:28 -------- d---a-w- c:\program files\JGsoft

2009-10-25 11:03 . 2007-12-26 20:06 -------- d---a-w- c:\program files\Ad Muncher

2009-10-24 21:13 . 2006-04-14 15:53 -------- d---a-w- c:\program files\FeedStation

2009-10-23 07:43 . 2009-10-23 07:43 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Canneverbe_Limited

2009-10-23 07:43 . 2009-10-23 07:43 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Canneverbe Limited

2009-10-23 07:10 . 2009-10-23 07:10 -------- d-----w- c:\program files\directx

2009-10-21 19:39 . 2009-10-21 19:39 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Visicom Media

2009-10-21 19:35 . 2009-10-21 19:29 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\DAEMON Tools Lite

2009-10-21 19:33 . 2009-10-21 19:33 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\DAEMON Tools Lite

2009-10-21 19:29 . 2009-10-21 19:29 721904 ----a-w- c:\winnt\system32\drivers\sptd.sys

2009-10-21 18:39 . 2009-10-21 18:39 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\AdSigner

2009-10-07 20:39 . 2009-10-07 20:38 -------- d---a-w- c:\documents and settings\All Users.WINNT\Application Data\Ad Muncher

2009-10-07 19:04 . 2004-12-01 11:31 -------- d---a-w- c:\program files\XnView

2009-10-06 18:18 . 2009-10-06 18:18 -------- d-----w- c:\program files\Quintessential Player

2009-10-06 17:34 . 2009-10-06 17:31 -------- d-----w- c:\program files\Quintessential Media Player

2009-10-06 17:16 . 2009-10-06 17:15 -------- d-----w- c:\program files\Creative

2009-10-06 16:41 . 2009-10-06 16:41 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\MetaProducts

2009-10-01 20:21 . 2009-10-01 20:21 411368 ----a-w- c:\winnt\system32\deploytk.dll

2009-10-01 20:21 . 2009-10-01 20:21 -------- d-----w- c:\program files\Java

2009-10-01 20:21 . 2009-10-01 20:21 152576 ----a-w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-01 18:32 . 2009-10-01 18:23 123119 ----a-w- c:\winnt\HPHins12.dat

2009-10-01 18:26 . 2009-10-01 17:35 -------- d-----w- c:\program files\HP

2009-10-01 17:51 . 2009-10-01 17:51 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Image Zone Express

2009-10-01 17:50 . 2009-10-01 17:50 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\HP

2009-10-01 17:50 . 2009-10-01 17:50 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\HP

2009-09-29 17:41 . 2009-09-29 17:41 -------- d-----w- c:\program files\Avira

2009-09-29 17:41 . 2009-09-29 17:41 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Avira

2009-09-29 16:34 . 2009-09-29 16:34 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\NesterSoft

2009-09-29 16:28 . 2009-09-29 16:28 0 ----a-w- c:\winnt\nsreg.dat

2009-09-29 16:22 . 2006-02-20 09:16 -------- d---a-w- c:\program files\CoreCodec

2009-09-29 16:22 . 2009-09-29 16:22 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\CoreCodec

2009-09-29 16:18 . 2009-09-29 16:18 -------- d-----w- c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Application Data\Axialis

2009-09-29 04:57 . 2009-10-23 07:43 7168 ----a-w- c:\winnt\system32\drivers\StarOpen.sys

2009-09-29 04:09 . 2009-09-29 04:09 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\nView_Profiles

2009-09-29 04:06 . 2004-10-06 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-28 21:40 . 2009-09-28 21:40 558142 ----a-w- c:\winnt\java\Packages\XZZDN3DR.ZIP

2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\VPNHBBPV.DAT

2009-09-28 21:40 . 2009-09-28 21:40 2474 ----a-w- c:\winnt\java\Packages\Data\BTZDR3VP.DAT

2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\CQ0PF7HN.DAT

2009-09-28 21:40 . 2009-09-28 21:40 2474 ----a-w- c:\winnt\java\Packages\Data\JDN1NH7B.DAT

2009-09-28 21:40 . 2009-09-28 21:40 156441 ----a-w- c:\winnt\java\Packages\6IEK5Z1V.ZIP

2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\Q0UPRTJZ.DAT

2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\GMIZXN17.DAT

2009-09-28 21:40 . 2009-09-28 21:40 2678 ----a-w- c:\winnt\java\Packages\Data\6O5BVZ7F.DAT

2009-09-28 21:40 . 2004-10-06 12:47 21952 ---h--w- c:\program files\folder.htt

2009-09-28 21:39 . 2009-09-28 21:39 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

2009-09-05 06:36 . 1999-12-07 17:00 55056 ----a-w- c:\winnt\system32\msasn1.dll

2009-09-05 00:36 . 2009-10-23 23:41 80896 ----a-w- c:\winnt\system32\dxdllreg.exe

2009-09-05 00:29 . 2009-10-23 23:42 453456 ----a-w- c:\winnt\system32\d3dx10_42.dll

2009-09-05 00:29 . 2009-10-23 23:42 235344 ----a-w- c:\winnt\system32\d3dx11_42.dll

2009-09-05 00:29 . 2009-10-23 23:42 1974616 ----a-w- c:\winnt\system32\D3DCompiler_42.dll

2009-09-05 00:29 . 2009-10-23 23:42 5501792 ----a-w- c:\winnt\system32\d3dcsx_42.dll

2009-09-05 00:29 . 2009-10-23 23:42 1892184 ----a-w- c:\winnt\system32\D3DX9_42.dll

2005-09-19 13:39 . 2005-07-05 08:35 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

2009-07-31 10:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

 

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS Hot Launch VVL"="c:\prog deskutil\PS Hot Launch VVL\PSHotLaunchVVL.exe" [2005-01-29 829440]

"PS Hot Folders"="c:\prog deskutil\PS Hot Folders\PSHotFolders.exe" [2007-05-07 459776]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-11-20 160592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2004-10-29 4620288]

"NvMediaCenter"="c:\winnt\System32\NvMcTray.dll" [2004-10-29 86016]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-10-25 862208]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"TrayFactory"="c:\prog deskutil\PS Tray Factory\PSTrayFactory.exe" [2007-04-04 360960]

"AT Notes"="c:\prog deskutil\ATnotes\ATnotes.exe" [2002-11-14 1007616]

"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]

"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2004-10-29 921600]

"WINDVDPatch"="CTHELPER.EXE" - c:\winnt\system32\CTHELPER.EXE [2002-07-03 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TrayFactory"="c:\prog deskutil\PS Tray Factory\PSTrayFactory.exe" [2007-04-04 360960]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" - c:\winnt\system32\internat.exe [1999-12-07 20752]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592]

PopupMenu Bar.lnk - c:\program files\PopupMenu Editeur\Barre de lancement\PopupMenu Bar.exe [2008-7-14 118784]

PopupMenu TrayIcon.lnk - c:\program files\PopupMenu Editeur\PopupMenu TrayIcon.exe [2008-7-14 69120]

PowerReg Scheduler V3.exe [2007-7-29 241664]

SyncBackSE.lnk - c:\prog net\SyncBackSE\SyncBackSE.exe [2007-9-17 5387768]

TimeLeft.lnk - c:\prog worker\TimeLeft3\TimeLeft.exe [2008-3-19 2057392]

TrayIt!.lnk - c:\prog deskutil\trayit\trayit!.exe [2007-7-4 114688]

 

c:\documents and settings\Administrator.MOCORD-V5TF2SWU\Start Menu\Programs\Startup\

4t Tray Minimizer.lnk - c:\prog deskutil\4t Tray Minimizer\4t-min.exe [2009-10-7 1091584]

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592]

PopupMenu Bar.lnk - c:\program files\PopupMenu Editeur\Barre de lancement\PopupMenu Bar.exe [2008-7-14 118784]

PopupMenu TrayIcon.lnk - c:\program files\PopupMenu Editeur\PopupMenu TrayIcon.exe [2008-7-14 69120]

SyncBackSE.lnk - c:\prog net\SyncBackSE\SyncBackSE.exe [2007-9-17 5387768]

 

c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-30 110592]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

 

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\drivers\SonyPVM1.sys [21/10/2009 10:08 28224]

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [21/10/2009 11:29 721904]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/09/2009 09:41 108289]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [28/09/2009 20:48 49776]

S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\drivers\fbxusb32.sys [27/08/2007 14:12 31128]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - IPNAT

*NewlyCreated* - RASAUTO

*NewlyCreated* - SHAREDACCESS

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.fr/

IE: >Search in Linkman - file://c:\program files\Linkman\iescript_search.htm

IE: Add to Linkman - file://c:\program files\Linkman\iescript_add.htm

IE: Add to Linkman (all tabs) - file://c:\program files\Linkman\iescript_addall.htm

IE: Add to Linkman and Edit - file://c:\program files\Linkman\iescript_edit.htm

IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Show Linkman - file://c:\program files\Linkman\iescript_show.htm

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: %SystemRoot%\system32\msafd.dll

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

 

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

HKCU-Run-POP Peeper - c:\program files\POP Peeper\POPPeeper.exe

SafeBoot-SRService

AddRemove-bxNewFolder - c:\program files\bxNewFolder\uninstall.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-27 13:23

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8206A1F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xeb422ac3

\Driver\ACPI -> ACPI.sys @ 0xbfeca554

\Driver\atapi -> 0x8206a1f8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x804c075e

ParseProcedure -> ntoskrnl.exe @ 0x804bf070

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x804c075e

ParseProcedure -> ntoskrnl.exe @ 0x804bf070

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]

"l_encryption_d"="5B53425A455F"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(208)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

 

- - - - - - - > 'explorer.exe'(1072)

c:\winnt\AppPatch\AcLayers.DLL

c:\prog deskutil\4t Tray Minimizer\ShellEh440.dll

c:\prog deskutil\PS Hot Folders\PSHFHlp.dll

c:\program files\Ad Muncher\AM31318.dll

c:\prog deskutil\PS Tray Factory\HKDll.dll

c:\winnt\system32\SHDOCVW.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\prog media\CDBurnerXP\NMSAccessU.exe

c:\winnt\System32\nvsvc32.exe

c:\winnt\system32\HPZipm12.exe

c:\winnt\system32\regsvc.exe

c:\winnt\system32\MSTask.exe

c:\winnt\System32\WBEM\WinMgmt.exe

.

**************************************************************************

.

Completion time: 2009-11-27 13:28 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-27 21:28

 

Pre-Run: 2 015 924 224 bytes free

Post-Run: 2 881 130 496 bytes free

 

- - End Of File - - 155909D2EC1F592157A2A5392BDDCDAB

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...