9 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 23:18
26 juin 2008 à 23:18
moi je sais que si...
@+
@+
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
25 juin 2008 à 23:02
25 juin 2008 à 23:02
Salut
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Installe le programme sur c:\ et lance le
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport
A+
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Installe le programme sur c:\ et lance le
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport
A+
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
>
max
26 juin 2008 à 18:47
26 juin 2008 à 18:47
Re
Eh bien ... comme demandé tu le joins à ta prochaine réponse !
A+
Eh bien ... comme demandé tu le joins à ta prochaine réponse !
A+
max
>
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
26 juin 2008 à 18:51
26 juin 2008 à 18:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
voici le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
voici le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 18:55
26 juin 2008 à 18:55
si tu es sur deux topik en meme temps on va pas s´en sortir, tu as fais adfix comme je te l´avais demandé sur l´autre topik ?
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
26 juin 2008 à 19:07
26 juin 2008 à 19:07
Salut G!rly
Je te laisse continuer ou clôturer !
A+
Je te laisse continuer ou clôturer !
A+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 19:26
26 juin 2008 à 19:26
desactive ton antivirus pendant que tu le telecharge/passe...
@+
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 19:44
26 juin 2008 à 19:44
dure dure...
passe ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
passe ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
voici le log combofix
ComboFix 08-06-20.4 - sr 2008-06-26 13:14:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 12:48 . 2008-06-26 12:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 13:13 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 11:15 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2007-06-13 21:41 69632 C:\WINDOWS\ALCMTR.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0611-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15e84f57-3d48-11dd-8919-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdc-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - RECYCLER\autorun.exe -ExploreCurDir
\Shell\open\Command - RECYCLER\autorun.exe -OpenCurDir
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdd-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd50-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0610-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0613-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0614-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0615-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2e-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - CCEVTMGR
*Newly Created Service* - CCSETMGR
*Newly Created Service* - DEFWATCH
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - SAVRT
*Newly Created Service* - SAVRTPEL
*Newly Created Service* - SYMANTEC_ANTIVIRUS
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 13:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 13:16:36
ComboFix-quarantined-files.txt 2008-06-26 17:16:23
Pre-Run: 149,043,777,536 bytes free
Post-Run: 149,045,579,776 bytes free
445 --- E O F --- 2008-06-26 12:37:50
ComboFix 08-06-20.4 - sr 2008-06-26 13:14:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 12:48 . 2008-06-26 12:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 13:13 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 11:15 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2007-06-13 21:41 69632 C:\WINDOWS\ALCMTR.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0611-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15e84f57-3d48-11dd-8919-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdc-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - RECYCLER\autorun.exe -ExploreCurDir
\Shell\open\Command - RECYCLER\autorun.exe -OpenCurDir
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdd-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd50-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0610-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0613-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0614-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0615-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2e-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - CCEVTMGR
*Newly Created Service* - CCSETMGR
*Newly Created Service* - DEFWATCH
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - SAVRT
*Newly Created Service* - SAVRTPEL
*Newly Created Service* - SYMANTEC_ANTIVIRUS
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 13:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 13:16:36
ComboFix-quarantined-files.txt 2008-06-26 17:16:23
Pre-Run: 149,043,777,536 bytes free
Post-Run: 149,045,579,776 bytes free
445 --- E O F --- 2008-06-26 12:37:50
Bonjour,
j'ai suivi vos conseils pour vérifier mon ordinateur.
J'ai desactivé symantec avant de passer combofix.
Pendant le scan de combofix, une fenetre symantec s'est ouverte.
L
A la fin quand j'ai redémarré, il y a un pb avec symantec antivirus. Il me dit que tous les paquets sont désactivés.
Je n'ai plus aucune possibilité delive update ou autre...
Je n'ai pas le disque dinstallation car c'est une version norton corporate
Pourriez-vous SVP m'aider ??
Merci d'avance
Al1
j'ai suivi vos conseils pour vérifier mon ordinateur.
J'ai desactivé symantec avant de passer combofix.
Pendant le scan de combofix, une fenetre symantec s'est ouverte.
L
A la fin quand j'ai redémarré, il y a un pb avec symantec antivirus. Il me dit que tous les paquets sont désactivés.
Je n'ai plus aucune possibilité delive update ou autre...
Je n'ai pas le disque dinstallation car c'est une version norton corporate
Pourriez-vous SVP m'aider ??
Merci d'avance
Al1
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 20:32
26 juin 2008 à 20:32
ok
la suite :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
puis
Copie le texte ci-dessous :
Folder::
C:\Program Files\AskSBar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
la suite :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
puis
Copie le texte ci-dessous :
Folder::
C:\Program Files\AskSBar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
26 juin 2008 à 20:54
26 juin 2008 à 20:54
Re G!rly
Tu peux m'éclairer sur ça ?
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
Y'en a un max dans la BDR !
Un peu louche non ?
A+
Tu peux m'éclairer sur ça ?
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
Y'en a un max dans la BDR !
Un peu louche non ?
A+
voici le rapport
ComboFix 08-06-20.4 - sr 2008-06-26 15:28:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1506 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sr\Desktop\cfscript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 15:21 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 15:14 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-26_13.16.13.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 16:46:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 19:15:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"<NO NAME>"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d0c7a0e-43a4-11dd-892e-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 15:29:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 15:30:44
ComboFix-quarantined-files.txt 2008-06-26 19:30:32
ComboFix2.txt 2008-06-26 17:16:37
Pre-Run: 149,066,887,168 bytes free
Post-Run: 149,052,686,336 bytes free
412 --- E O F --- 2008-06-26 12:37:50
ComboFix 08-06-20.4 - sr 2008-06-26 15:28:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1506 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sr\Desktop\cfscript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 15:21 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 15:14 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-26_13.16.13.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 16:46:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 19:15:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"<NO NAME>"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d0c7a0e-43a4-11dd-892e-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 15:29:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 15:30:44
ComboFix-quarantined-files.txt 2008-06-26 19:30:32
ComboFix2.txt 2008-06-26 17:16:37
Pre-Run: 149,066,887,168 bytes free
Post-Run: 149,052,686,336 bytes free
412 --- E O F --- 2008-06-26 12:37:50
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 21:30
26 juin 2008 à 21:30
Max post les rapports que je t´ai demandés stp !
cgui33, ce sont des infections sur cle usb ou disque externe...
c´est pour cela que je lui ai fait passer rav antivirus...
mais j´aimerais bien voir les rapports que j´ai demandés car comme tu dit il y a/avait un pacquet !!!
@+
cgui33, ce sont des infections sur cle usb ou disque externe...
c´est pour cela que je lui ai fait passer rav antivirus...
mais j´aimerais bien voir les rapports que j´ai demandés car comme tu dit il y a/avait un pacquet !!!
@+
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
26 juin 2008 à 21:36
26 juin 2008 à 21:36
Merci
Je pense que max est parti (résolu pour lui !)
A+
Je pense que max est parti (résolu pour lui !)
A+
max
>
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
26 juin 2008 à 22:40
26 juin 2008 à 22:40
je suis la je viens juste de vous envoyer le rapport.
Maxime
Maxime
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 21:39
26 juin 2008 à 21:39
:~( pour max
de rien cgui33`
bonne soirée`
@+
de rien cgui33`
bonne soirée`
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
26 juin 2008 à 22:49
26 juin 2008 à 22:49
Max
Tu dois avoir un autre rapport...
C:/combofix2.txt
@+
Tu dois avoir un autre rapport...
C:/combofix2.txt
@+