Voilà
ComboFix 09-08-27.A0 - jhautcoe 28/08/2009 12:01.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.990.669 [GMT 2:00]
Running from: d:\home\jhautcoe\Bureau\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\PhotoFiltre.msi
c:\windows\Readme.txt
c:\windows\system32\blat.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\kbiwkmxrmlakoe.sys
c:\windows\system32\kbiwkmgybobloy.dll
c:\windows\system32\kbiwkmhylkiese.dll
c:\windows\system32\kbiwkmosswexum.dat
c:\windows\system32\kbiwkmxrgvxvjl.dat
----- BITS: Possible infected sites -----
hxxp://wsus.univ-rennes1.frInfected copy of c:\windows\system32\ntkrnlpa.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ntkrpamp.exe
Infected copy of c:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ntkrnlmp.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmqbuyagdq
-------\Legacy_kbiwkmqbuyagdq
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 08:57 . 2009-08-28 08:57 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\Malwarebytes
2009-08-28 08:57 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-28 08:57 . 2009-08-28 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-28 08:57 . 2009-08-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-28 08:57 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 12:42 . 2009-08-25 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 12:42 . 2009-08-25 12:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 23:08 . 2009-08-23 23:08 -------- d-----w- c:\windows\ServicePackFiles
2009-08-02 08:55 . 2009-08-02 08:56 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-02 08:55 . 2009-08-02 15:27 -------- d-----w- c:\program files\NOS
2009-08-02 08:55 . 2009-08-02 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 09:59 . 2008-07-07 14:06 -------- d-----w- c:\program files\SuperCopier2
2009-08-28 09:46 . 2008-06-25 10:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-25 20:01 . 2009-03-14 13:28 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\uTorrent
2009-08-25 13:05 . 2008-07-16 13:07 -------- d-----w- c:\program files\CCleaner
2009-08-18 08:08 . 2008-07-17 15:03 -------- d-----w- c:\program files\Tiger System Preferences v2
2009-08-17 15:39 . 2008-06-25 11:59 60548 -c--a-w- c:\windows\system32\nvModes.dat
2009-08-15 18:50 . 2008-10-09 14:31 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\dvdcss
2009-08-14 17:20 . 2008-12-10 16:10 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\FileZilla
2009-08-05 09:06 . 1980-01-01 00:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 15:09 . 2008-08-23 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 18:56 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 12:07 . 2008-07-08 07:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 12:06 . 2008-07-08 07:48 -------- d-----w- c:\program files\Ansoft
2009-07-14 19:03 . 2009-07-14 19:03 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\GARMIN
2009-07-13 00:18 . 1980-01-01 00:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 14:51 . 2009-07-08 14:51 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\gtk-2.0
2009-07-08 14:51 . 2009-07-08 14:51 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\Inkscape
2009-07-07 11:33 . 2009-07-06 15:00 -------- d-----w- c:\program files\MediaCoder
2009-07-02 17:13 . 2008-07-10 16:39 39252 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-07-02 17:13 . 2008-07-07 13:04 52040 -c--a-w- c:\documents and settings\jhautcoe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 14:27 . 2009-07-02 14:27 -------- d-----w- c:\documents and settings\jhautcoe\Application Data\Design Science
2009-07-02 14:27 . 2009-07-02 14:27 -------- d-----w- c:\program files\MathType
2009-06-29 15:57 . 1980-01-01 00:00 804864 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 1980-01-01 00:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 1980-01-01 00:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 1980-01-01 00:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 1980-01-01 00:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 1980-01-01 00:00 653312 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 1980-01-01 00:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 1980-01-01 00:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 1980-01-01 00:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 1980-01-01 00:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 1980-01-01 00:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 1980-01-01 00:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 1980-01-01 00:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 1980-01-01 00:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 1980-01-01 00:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:44 . 1980-01-01 00:00 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 1980-01-01 00:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 1980-01-01 00:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 1980-01-01 00:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 1980-01-01 00:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 1980-01-01 00:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 1980-01-01 00:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 1980-01-01 00:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 1980-01-01 00:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 1980-01-01 00:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 1980-01-01 00:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 18:24 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 1980-01-01 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:27 . 1980-01-01 00:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-15 11:27 . 1980-01-01 00:00 95744 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:23 . 1980-01-01 00:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 1980-01-01 00:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2008-06-25 10:00 647680 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 1980-01-01 00:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2006-05-03 10:06 . 2009-03-19 13:19 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-03-19 13:19 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-03-19 13:19 216064 -csh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2007-03-08 15:37 578560 2ED0A71B1A374BAF75D2301637307278 c:\windows\system32\user32.dll
[-] 2007-03-08 15:37 578560 2ED0A71B1A374BAF75D2301637307278 c:\windows\system32\dllcache\user32.dll
[7] 2005-01-27 17:12 662016 66A10B98F18FD804236AB2D90301DE04 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2007-01-04 14:02 669184 114342601AC7EA73B0D2A0ED8505B8B9 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2008-04-21 06:57 670720 F2F343D7ED0223645BA773B840EB4993 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:43 670208 7AF7D7D178F2863E7E7C880B55C88B76 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:30 670720 82B3264706B9921C67B196319FDA51DE c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-04-23 07:19 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:37 828928 754097815B575A721AB58B1C55476805 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-06-29 16:13 828928 71333B8101B10CDEC4D58D949C97D3BA c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[7] 2007-01-04 13:55 663040 25D38FFA2B441E326850AE4CB67D1A91 c:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2009-06-29 15:57 827392 9620CC3780D7279A48D3556860813587 c:\windows\FlyakiteOSX\Backup\wininet.dll
[7] 2008-04-21 07:02 663552 355A69CC05045428CE6B9E6BFBD4B74B c:\windows\ie7\wininet.dll
[-] 2007-08-13 16:54 796160 A5D8EDCB248F693C98CBD8B8E751B53D c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 803840 8B4159AC94CF3CE4CB84050E99E31ABA c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:18 803840 90F5566D91F5C03F68FC7D52285CDB24 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 22:47 803840 2361337ECA88195727A9F4BBE35F3871 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:13 803840 1D724723AD8369A93595EA33F74EBA8D c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:45 804864 742CD66E7457A3902077516AF3D730D2 c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-06-29 15:57 827392 9620CC3780D7279A48D3556860813587 c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\wininet.dll
[7] 2009-06-29 16:13 828928 71333B8101B10CDEC4D58D949C97D3BA c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\wininet.dll
[-] 2009-06-29 15:57 804864 3DD3E16E9A612AB61DB85358B629259F c:\windows\system32\wininet.dll
[-] 2009-06-29 15:57 804864 3DD3E16E9A612AB61DB85358B629259F c:\windows\system32\dllcache\wininet.dll
[-] 2007-06-13 13:22 1370112 156EF4C52B6F6BDA067945215EEA7A5C c:\windows\explorer.exe
[7] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-19 16:09 1036288 2A7BD330924252A2FD80344FC949BB72 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2007-06-13 13:22 1037312 D0288319660EDCFED07C7E74C4EA38A5 c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2007-06-13 13:22 1370112 156EF4C52B6F6BDA067945215EEA7A5C c:\windows\system32\dllcache\explorer.exe
[7] 2005-01-27 07:12 3008000 2003C448DA234D22A9A5F676D9BC6D13 c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[7] 2007-01-04 04:02 3083264 1703F708C9D604CDD3D8C199861DC2E4 c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[7] 2008-04-21 06:57 3087872 57BC3BE475F34AE089878A016C2CA46E c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[7] 2008-04-21 06:43 3087872 840E79E91BCCD80B2FC3CCAD2C60B35A c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[7] 2008-04-21 06:30 3088384 B3CD09A5DBD2A569ADFA8654E3C8879D c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[7] 2008-04-23 07:19 3593728 EBF0440323874DDF97EF0CEC2D6DC9F4 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-10-16 19:33 3595264 EB75C0C66C633D0EFD0176450F8857F8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 06:27 3594752 CB7922B3AD4BC5BBEDA130F6C9E0656A c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2009-01-16 16:20 3596288 F386435C5E0A5D86E9F90B659D4F6075 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2009-02-21 06:48 3596800 D79AEC545A98057155099FB69BB3C4D3 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 08:07 3598336 246F148CD2E4F5AE164C1890D0A06420 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 13:21 3600384 73FFE289F14EDFBB22429E88ACF17016 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2007-01-04 13:55 3077632 3B65C31DD93571252D99E33D042A97C7 c:\windows\$NtUninstallKB950759$\mshtml.dll
[7] 2009-07-19 16:59 3597824 0E396FC8AED9D3D550DB38152F6A4FC7 c:\windows\FlyakiteOSX\Backup\mshtml.dll
[7] 2008-04-21 07:02 3080704 FEACD6E84244125550219C6795348FDE c:\windows\ie7\mshtml.dll
[-] 2007-08-13 16:54 3488768 010D490112C3995B3350AA74C18F2083 c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-23 20:16 3502080 85773D342513FAE821020573EEB7B54B c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:37 3503616 B26944EA444903F09C28A30B660ADD6A c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-16 20:15 3505152 5BE348EDB73A0FB7FAF71943999ADA6F c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 17:10 3505664 4ADF9CE33223EFB0581B07FE7BE891FB c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:45 3506688 AB50DED205DA6D459043014165A77F4F c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-07-19 16:59 3597824 0E396FC8AED9D3D550DB38152F6A4FC7 c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\mshtml.dll
[7] 2009-07-19 13:21 3600384 73FFE289F14EDFBB22429E88ACF17016 c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\mshtml.dll
[-] 2009-07-19 16:59 3508224 511FB9E84FEDBFB051557940A5503CC7 c:\windows\system32\mshtml.dll
[-] 2009-07-19 16:59 3508224 511FB9E84FEDBFB051557940A5503CC7 c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-19 16:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2004-08-19 16:09 889344 4CCEAAB2D9462D0DD4CDCB6725B472C0 c:\windows\system32\comres.dll
[-] 2004-08-19 16:09 889344 4CCEAAB2D9462D0DD4CDCB6725B472C0 c:\windows\system32\dllcache\comres.dll
[7] 2006-08-25 15:51 617472 5BBCD65CFD7610F36BCA96B72BBAED4B c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2006-08-25 15:51 629760 F8F8E4D36532B9124673DA014C196089 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:51 629760 F8F8E4D36532B9124673DA014C196089 c:\windows\system32\dllcache\comctl32.dll
[-] 2001-09-28 14:00 919552 3DB20630FBA2A7B03CA25105B0149129 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-19 16:07 1048576 0D49E245BF1D4D65DBD8322FC384A745 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2006-08-25 06:51 1054208 47ABF878B9AEC81B23BA5F89DE597B3A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"RK Launcher"="c:\program files\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-01 15872]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 94208]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Netlogon"="c:\program files\pGina\Netlogon.cmd" [2006-05-31 140]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-05-27 413696]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\Raccourci vers CCleaner.exe.lnk]
path=Raccourci vers CCleaner.exe.lnk
backup=c:\windows\pss\Raccourci vers CCleaner.exe.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:LocalSubNet,129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet,129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet,129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet,129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"23:TCP"= 23:TCP:129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:telnet
"3389:TCP"= 3389:TCP:129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0:Enabled:@xpsp2res.dll,-22009
"5800:TCP"= 5800:TCP:vnc
"5900:TCP"= 5900:TCP:vnc
"5901:TCP"= 5901:TCP:vnc
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 129.20.10.0/255.255.255.0,129.20.129.0/255.255.255.0,129.20.166.0/255.255.255.0,129.20.184.0/255.255.255.0
"Enabled"= 1 (0x1)
R2 gbxsvc;gbxsvc;c:\program files\GerbMagic\gbxsvc.exe [22/07/2008 11:23 28672]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [25/06/2008 12:15 6016]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [27/12/2006 16:47 9006]
S3 adm851x;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS --> c:\windows\system32\DRIVERS\ADM851X.SYS [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-08-28 c:\windows\Tasks\AclDhome.job
- c:\windows\system32\acldhome.cmd [2008-06-25 08:27]
2009-08-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.fr/IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In -
hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CABDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-28 12:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\ntoskrnl.exe.FlyakiteOSX 2096128 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\jhautcoe\LOCALS~1\Temp\mc25.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,6c,f0,89,c3,25,
07,7f,58,c8,28,51,af,b0,29,a3,98,cc,97,e4,22,dd,15,db,8e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,8a,68,e4,23,6f,
78,db,fd,71,3b,04,66,8b,46,0d,96,68,5d,ce,25,72,72,5c,a5,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1a,f2,f1,c7,05,
b8,4e,c3,25,da,ec,7e,55,20,c9,26,ea,82,54,12,2d,f8,8f,7d,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,cd,fd,50,90,f6,
62,61,5b,3e,1e,9e,e0,57,5a,93,61,14,5c,dc,84,23,8d,5e,90,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1c,da,83,7b,78,
38,27,b1,cd,44,cd,b9,a6,33,6c,cd,50,3f,44,dd,ee,a3,25,ec,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8f,13,2b,0e,32,
c2,6c,f8,b0,18,ed,a7,3f,8d,37,a4,5b,56,ef,76,d4,12,87,ae,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,ff,2f,f1,0e,df,
bf,44,ee,31,77,e1,ba,b1,f8,68,02,e8,0e,95,e2,75,af,07,9f,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,f7,ed,b1,ee,6e,
78,02,52,83,6c,56,8b,a0,85,96,ab,74,bf,da,0d,d0,ca,ec,b3,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,11,62,ed,44,e3,
4d,7f,0b,51,fa,6e,91,28,9e,14,cc,1b,6b,2c,68,7a,3e,b8,12,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b9,df,33,05,ea,
45,44,5c,b1,cd,45,5a,a8,c4,f8,b9,2e,92,80,0f,e5,be,72,0e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,72,59,46,59,11,
b8,15,fd,e3,0e,66,d5,eb,bc,2f,6b,91,75,61,69,be,9a,3a,32,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,54,38,14,a7,c3,
1c,f9,ba,fa,ea,66,7f,d4,3b,6b,70,92,82,ec,cb,e5,d5,ed,0a,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\program files\pGina\pGina.dll
c:\windows\system32\LIBCURL.dll
c:\program files\pGina\plugins\ldapauth\ldapauth_plus.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2644)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\RK Launcher\RKLauncher.dll
c:\program files\YzShadow\YzShadow.dll
c:\program files\UberIcon\UberIcon.dll
c:\windows\System32\cscui.dll
c:\program files\WinRoll\winroll.dll
c:\windows\system32\credui.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXEV.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\STACSV.EXE
c:\windows\system32\tlntsvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\system32\SetACL.exe
.
**************************************************************************
.
Completion time: 2009-08-28 12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 10:14
Pre-Run: 5 696 040 960 octets libres
Post-Run: 5 654 609 920 octets libres
395 --- E O F --- 2009-08-23 23:10