Sujet Précédent Sujet Suivant

W32.gammina.ag

Fermé
max - 25 juin 2008 à 22:54
 al1 - 30 août 2008 à 16:56
Bonjour,
j'ai un probleme avec mon pc à chaque fois j'ai fais un scan sur mon pc, j'ai tjrs comme resultat w32.gammina.ga clean,
comment me debarasser de ce message.

Votre aide me sera fort utile

Merci

Maxime

9 réponses

Réponse 1 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 23:18
moi je sais que si...
@+
1
Réponse 2 / 9
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 10
25 juin 2008 à 23:02
Salut

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Installe le programme sur c:\ et lance le
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport

A+
0
max
25 juin 2008 à 23:49
j'ai effectivement le rapport, mais je ne sai quoi faire avec pour enlever w32.gammiina.ag

Merci pour ton aide

Maxime
0
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 10 > max
26 juin 2008 à 18:47
Re
Eh bien ... comme demandé tu le joins à ta prochaine réponse !

A+
0
max > cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009
26 juin 2008 à 18:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
voici le log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:07 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sr\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NotePad] C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F6E2C5-4EE9-40CC-9865-54ED3EA5789A}: NameServer = 148.78.249.200,148.78.249.201
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 3 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 18:55
si tu es sur deux topik en meme temps on va pas s´en sortir, tu as fais adfix comme je te l´avais demandé sur l´autre topik ?
0
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 10
26 juin 2008 à 19:07
Salut G!rly

Je te laisse continuer ou clôturer !
A+
0
max
26 juin 2008 à 19:22
je fais adfix
ca me retourne adfix.exe comme un virus
0
Réponse 4 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 19:26
desactive ton antivirus pendant que tu le telecharge/passe...

@+
0
max
26 juin 2008 à 19:38
ca cree tout simplement un repertoire adfix dur mon bureau qui contient des fichiers
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 19:44
dure dure...

passe ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
0
max
26 juin 2008 à 20:24
voici le log combofix
ComboFix 08-06-20.4 - sr 2008-06-26 13:14:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 12:48 . 2008-06-26 12:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 13:13 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 11:15 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2007-06-13 21:41 69632 C:\WINDOWS\ALCMTR.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0611-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15e84f57-3d48-11dd-8919-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdc-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - RECYCLER\autorun.exe -ExploreCurDir
\Shell\open\Command - RECYCLER\autorun.exe -OpenCurDir

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdd-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd50-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0610-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0613-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0614-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0615-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2e-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
\Shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - CCEVTMGR
*Newly Created Service* - CCSETMGR
*Newly Created Service* - DEFWATCH
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - SAVRT
*Newly Created Service* - SAVRTPEL
*Newly Created Service* - SYMANTEC_ANTIVIRUS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 13:15:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 13:16:36
ComboFix-quarantined-files.txt 2008-06-26 17:16:23

Pre-Run: 149,043,777,536 bytes free
Post-Run: 149,045,579,776 bytes free

445 --- E O F --- 2008-06-26 12:37:50
0
al1
30 août 2008 à 16:56
Bonjour,

j'ai suivi vos conseils pour vérifier mon ordinateur.
J'ai desactivé symantec avant de passer combofix.
Pendant le scan de combofix, une fenetre symantec s'est ouverte.
L
A la fin quand j'ai redémarré, il y a un pb avec symantec antivirus. Il me dit que tous les paquets sont désactivés.
Je n'ai plus aucune possibilité delive update ou autre...
Je n'ai pas le disque dinstallation car c'est une version norton corporate

Pourriez-vous SVP m'aider ??

Merci d'avance

Al1
0
Réponse 6 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 20:32
ok

la suite :

Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!

puis

Copie le texte ci-dessous :

Folder::
C:\Program Files\AskSBar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
max
26 juin 2008 à 20:41
Merci pour ton aide je viens de scanner mon computer, je n'ai plus le message.

Max
0
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 10
26 juin 2008 à 20:54
Re G!rly

Tu peux m'éclairer sur ça ?
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\

Y'en a un max dans la BDR !
Un peu louche non ?
A+
0
max
26 juin 2008 à 22:35
voici le rapport

ComboFix 08-06-20.4 - sr 2008-06-26 15:28:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1506 [GMT -4:00]
Running from: C:\Documents and Settings\sr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sr\Desktop\cfscript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 12:50 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-26 12:50 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-26 08:35 . 2008-06-26 08:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-26 08:35 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-26 08:35 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-26 08:35 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-26 08:35 . 2008-06-26 08:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 13:50 . 2008-06-25 13:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:36 . 2008-06-25 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-25 10:40 . 2008-06-23 08:35 126,013 -r-hs---- C:\uwlmj.com
2008-06-24 12:33 . 2008-06-24 08:29 125,264 -r-hs---- C:\br1e.com
2008-06-24 10:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-24 10:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-24 10:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-24 10:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-24 10:25 . 2008-06-24 10:25 <DIR> d---s---- C:\Documents and Settings\sr\UserData
2008-06-23 15:25 . 2008-06-23 15:57 <DIR> d-------- C:\WINDOWS\system32\FPAP-EXL540
2008-06-23 15:25 . 2008-06-21 20:49 124,534 -r-hs---- C:\ilpg9ejd.com
2008-06-23 15:25 . 2006-05-10 01:26 45,568 -ra------ C:\WINDOWS\system32\UTSCSI.EXE
2008-06-20 12:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 12:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 12:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-20 09:38 . 2008-06-25 10:56 2,584 --a------ C:\autorun.PNF
2008-06-20 09:28 . 2008-06-15 05:49 112,672 -r-hs---- C:\6x8be16.cmd
2008-06-19 15:15 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 15:15 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-19 12:41 . 2008-06-19 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 11:09 . 2008-06-19 11:09 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Xerox
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 22,528 --a------ C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-06-19 10:47 . 2004-08-04 06:00 18,944 --a------ C:\WINDOWS\system32\dllcache\lprmon.dll
2008-06-19 09:15 . 2008-06-19 09:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-18 17:35 . 2008-06-18 17:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-18 16:06 . 2008-06-20 08:12 924,730 --a------ C:\WINDOWS\FontData.fdb
2008-06-18 15:14 . 2008-06-23 08:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\U3
2008-06-18 15:14 . 2008-06-18 15:14 0 --a------ C:\LOG3EA.tmp
2008-06-18 13:33 . 2008-06-18 13:33 391 --a------ C:\WINDOWS\SWWATER.INI
2008-06-18 13:18 . 2008-06-18 13:31 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-06-18 13:15 . 2008-06-18 13:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\AskSBar
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Webroot
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-18 12:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-06-18 12:12 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-06-18 12:12 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-06-18 12:12 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-06-18 12:12 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-18 11:30 . 2008-06-26 15:21 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-18 11:30 . 2008-06-26 12:50 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 11:30 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 11:30 . 2008-06-26 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 11:28 . 2008-06-18 11:28 4,128 --a------ C:\INFCACHE.1
2008-06-18 11:26 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-18 11:26 . 2008-06-18 11:26 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 11:25 . 2008-06-19 16:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:25 . 2008-06-18 11:25 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-18 11:24 . 2008-06-18 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 11:24 . 2008-06-18 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 11:23 . 2008-06-18 11:23 <DIR> dr-h----- C:\MSOCache
2008-06-18 11:10 . 2008-06-18 11:10 <DIR> d-------- C:\Documents and Settings\sr\Application Data\Corel
2008-06-18 11:10 . 2008-06-18 11:10 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Corel
2008-06-18 11:05 . 2008-06-18 11:05 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-18 11:02 . 2008-06-18 11:02 <DIR> d-------- C:\Documents and Settings\sr\Application Data\CyberLink
2008-06-18 10:41 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\sr\Application Data\InstallShield
2008-06-18 10:41 . 2008-06-26 15:14 <DIR> d-------- C:\Documents and Settings\sr
2008-06-18 10:33 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-18 10:33 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 10:33 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 10:33 . 2008-06-18 10:33 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 19:55 --------- d-----w C:\Program Files\Google
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-22 15:42 --------- d-----w C:\Program Files\Dell Support Center
2008-05-22 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-22 15:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-05-22 15:41 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-22 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-05-22 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:39 --------- d-----w C:\Program Files\Sonic
2008-05-22 15:39 --------- d-----w C:\Program Files\Roxio
2008-05-22 15:39 --------- d-----w C:\Program Files\Dell
2008-05-22 15:39 --------- d-----w C:\Program Files\CyberLink
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-22 15:39 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-22 15:38 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-22 15:37 --------- d-----w C:\Program Files\Intel
2008-05-22 15:35 --------- d-----w C:\Program Files\Java
2008-05-22 15:35 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 15:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 15:19 6,860 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_200.mrk
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_13.16.13.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 16:46:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 19:15:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 12:12 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 20:21 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 20:21 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 20:21 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 21:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 12:56 124200]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 13:59 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 13:44 202544]
"NotePad"="C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\NTT0509.EXE" [2007-11-07 18:09 36864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"<NO NAME>"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-22 11:40 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 13:44]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-22 11:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043c0610-42fb-11dd-8928-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a42-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a49-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4c-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\olb1iimw.bat
\Shell\explore\Command - E:\olb1iimw.bat
\Shell\open\Command - E:\olb1iimw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a4d-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13ea0a50-3e07-11dd-891d-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838dd-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838de-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e0-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e2-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d838e6-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17d83907-3e1f-11dd-891e-001d099bdf89}]
\Shell\AutoRun\command - E:\yp.bat
\Shell\explore\Command - E:\yp.bat
\Shell\open\Command - E:\yp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fce-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd2-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fd7-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\qa8sywva.cmd
\Shell\explore\Command - E:\qa8sywva.cmd
\Shell\open\Command - E:\qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdc-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdd-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fde-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\f.bat
\Shell\explore\Command - E:\f.bat
\Shell\open\Command - E:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fdf-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe3-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - a3g3.bat
\Shell\explore\Command - a3g3.bat
\Shell\open\Command - a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe4-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\PdtGuide.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe5-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - F:\ilpg9ejd.com
\Shell\explore\Command - F:\ilpg9ejd.com
\Shell\open\Command - F:\ilpg9ejd.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe6-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\scvshosts.exe
\Shell\Open\command - E:\scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3fe8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308e3ff8-411d-11dd-8922-001d099bdf89}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c4c451-3d81-11dd-891c-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d0c7a0e-43a4-11dd-892e-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfa9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\xlu8a8sy.exe
\Shell\explore\Command - F:\xlu8a8sy.exe
\Shell\open\Command - F:\xlu8a8sy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaa-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfab-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfac-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfad-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - H:\6x8be16.cmd
\Shell\explore\Command - H:\6x8be16.cmd
\Shell\open\Command - H:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfae-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfaf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb3-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\scvhosts.exe
\Shell\Open\command - E:\scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb8-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - scvhosts.exe
\Shell\Open\command - scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfb9-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfba-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - tigi.cmd
\Shell\explore\Command - tigi.cmd
\Shell\open\Command - tigi.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbb-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbc-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbd-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - .\autorun.exe explore

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbe-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfbf-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc0-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc1-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - E:\lkxcqdb.bat
\Shell\explore\Command - E:\lkxcqdb.bat
\Shell\open\Command - E:\lkxcqdb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faadfc2-3ec1-11dd-8921-001d099bdf89}]
\Shell\AutoRun\command - F:\8ot8y86.exe
\Shell\explore\Command - F:\8ot8y86.exe
\Shell\open\Command - F:\8ot8y86.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd8-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\h8i.com
\Shell\explore\Command - E:\h8i.com
\Shell\open\Command - E:\h8i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fd9-3d5a-11dd-891b-001d099bdf89}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fda-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\jfvkcsy.bat
\Shell\explore\Command - E:\jfvkcsy.bat
\Shell\open\Command - E:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fdb-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe1-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe3-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca61fe6-3d5a-11dd-891b-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd3b-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\invwft2h.com
\Shell\explore\Command - E:\invwft2h.com
\Shell\open\Command - E:\invwft2h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd47-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd49-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd4a-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - F:\uwlmj.com
\Shell\explore\Command - F:\uwlmj.com
\Shell\open\Command - F:\uwlmj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a188dd51-41e1-11dd-8923-001d099bdf89}]
\Shell\AutoRun\command - E:\xyw9tmdj.com
\Shell\explore\Command - E:\xyw9tmdj.com
\Shell\open\Command - E:\xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0611-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\uwlmj.com
\Shell\explore\Command - E:\uwlmj.com
\Shell\open\Command - E:\uwlmj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0612-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\v3pif.bat
\Shell\explore\Command - E:\v3pif.bat
\Shell\open\Command - E:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36c0616-42a8-11dd-8925-001d099bdf89}]
\Shell\AutoRun\command - E:\h.cmd
\Shell\explore\Command - E:\h.cmd
\Shell\open\Command - E:\h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69ada2d-439f-11dd-892d-001d099bdf89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 15:29:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 15:30:44
ComboFix-quarantined-files.txt 2008-06-26 19:30:32
ComboFix2.txt 2008-06-26 17:16:37

Pre-Run: 149,066,887,168 bytes free
Post-Run: 149,052,686,336 bytes free

412 --- E O F --- 2008-06-26 12:37:50
0
Réponse 7 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 21:30
Max post les rapports que je t´ai demandés stp !

cgui33, ce sont des infections sur cle usb ou disque externe...

c´est pour cela que je lui ai fait passer rav antivirus...

mais j´aimerais bien voir les rapports que j´ai demandés car comme tu dit il y a/avait un pacquet !!!

@+
0
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 10
26 juin 2008 à 21:36
Merci
Je pense que max est parti (résolu pour lui !)
A+
0
max > cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009
26 juin 2008 à 22:40
je suis la je viens juste de vous envoyer le rapport.

Maxime
0
Réponse 8 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 21:39
:~( pour max
de rien cgui33`
bonne soirée`
@+
0
Réponse 9 / 9
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 juin 2008 à 22:49
Max

Tu dois avoir un autre rapport...

C:/combofix2.txt

@+
0
max
26 juin 2008 à 23:11
non, je n'ai pas d'autre rapport

Maxime
0

Discussions similaires

W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
À quoi correspond 32x32 US en taille française pour un jean ?
Alison1958 -
Thordendall -

1 réponse
Commande internet correspondance taille US pour jean homme.
Larkos -
Zabou -

5 réponses
Taille française/taille US (jeans). HELP plz!
STL75 -
superthevip -

3 réponses