Bonjour à tous, Ce matin et pour la première fois, 2 ou 3 minutes après avoir allumer mon PC, Avast m'avertit qu'un fichier suspect à été trouvé (par la méthode heuristique): -Nom du fichier: C:\wbj.exe -Type: Rootkit : processus cachés L'action recommandée par avast est d'ignorer, mais je ne sais pas quoi faire. Après 3 redémarrage, l'avertissement revient. A noter que je n'ai pas encore essayé de supprimer le fichier, cependant j'ai déjà réalisé un scan complet avec Avast qui n'a rien trouvé, j'ai téléchargé 2 anti-rootkit (AVG et Sophos) qui n'ont également rien trouvé. Actuellement je suis entrain de réaliser un scan avec Malwarebytes... Si quelqu'un pouvait m'aider et me dire quoi faire... Merci d'avance

Salut a tous =) Douteux : C:\ktly.exe D:\ghost.exe D:\ktly.exe E:\ktly.exe H:\22yj2fy1.exe H:\ktly.exe ça sent Combo vu qu'MBAM passe au travers ... ++

Rootkit/Virus sur PC

Réponse 41 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 15:51

Voilou le rapport!!
Par contre le DD externe n'était pas branché et j'étais connecté à internet

ComboFix 09-08-10.06 - Utilisateur 13/08/2009 15:40.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1526.1014 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ktly.exe
c:\windows\Installer\51e6db.msp
c:\windows\Installer\53e736.msi
D:\ktly.exe
E:\ktly.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 12:40 . 2009-08-13 12:40 -------- d-----w- c:\windows\LastGood
2009-08-11 00:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\44019618.sys
2009-08-11 00:10 . 2009-08-11 10:05 -------- d-----w- c:\program files\Virus Removal Tool
2009-08-10 23:57 . 2009-08-13 13:44 28844064 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-10 14:33 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 14:33 . 2009-08-10 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 14:33 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 13:33 . 2009-08-10 13:33 -------- d-sh--w- c:\documents and settings\Utilisateur\UserData
2009-08-10 12:55 . 2009-08-10 13:16 -------- d-----w- C:\UsbFix
2009-08-10 10:49 . 2009-08-10 10:49 -------- d-----w- C:\rsit
2009-08-10 10:49 . 2009-08-10 10:49 -------- d-----w- c:\program files\trend micro
2009-08-10 09:48 . 2009-08-10 09:48 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-08-10 09:47 . 2009-08-10 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 08:46 . 2009-08-12 21:44 -------- d-----w- c:\program files\Sophos
2009-08-07 13:33 . 1997-11-08 12:44 233472 ----a-w- c:\windows\system32\ILDA32.DLL
2009-08-07 13:33 . 2009-08-12 14:04 -------- d-----w- c:\program files\RA2000
2009-08-07 13:32 . 1999-03-23 07:12 304128 ----a-w- c:\windows\unin040c.exe
2009-07-29 22:39 . 2009-07-29 22:39 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-20 08:10 . 2009-07-20 08:10 -------- d-----w- c:\program files\iPod
2009-07-20 08:09 . 2009-07-20 08:10 -------- d-----w- c:\program files\iTunes
2009-07-20 08:06 . 2009-07-20 08:06 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 23:47 . 2009-08-10 23:57 310028 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-12 09:25 . 2007-08-05 19:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2009-08-10 13:18 . 2007-07-24 07:24 78702 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 13:18 . 2007-07-24 07:24 478060 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 11:29 . 2008-07-29 07:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2009-08-04 00:31 . 2009-03-19 09:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 08:09 . 2007-12-27 16:57 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-13 11:30 . 2007-07-24 10:13 104712 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 11:16 . 2007-07-24 07:36 86999 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 16:57 . 2007-07-24 07:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2007-07-24 07:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2007-07-24 07:24 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 20:39 . 2009-06-11 20:13 121560 ----a-w- c:\windows\hpoins11.dat
2009-06-05 09:42 . 2009-06-09 22:09 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2007-12-27 16:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:10 . 2007-07-24 07:24 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-10-31 01:10 . 2008-10-31 01:10 3865 ----a-w- c:\program files\satsukidecodersettings.ini
2008-10-31 01:10 . 2008-10-31 01:10 680 ----a-w- c:\program files\mpc2.reg
2008-10-31 01:10 . 2008-10-31 01:10 596 ----a-w- c:\program files\mpc1.reg
2008-10-31 01:10 . 2008-10-31 01:10 3782 ----a-w- c:\program files\mpc4.reg
2008-10-31 01:10 . 2008-10-31 01:10 3436 ----a-w- c:\program files\mpc7.reg
2008-10-31 01:10 . 2008-10-31 01:10 32754 ----a-w- c:\program files\ffdsvsetts.reg
2008-10-31 01:10 . 2008-10-31 01:10 2910 ----a-w- c:\program files\mpc3.reg
2008-10-31 01:10 . 2008-10-31 01:10 2544 ----a-w- c:\program files\ffdsasetts.reg
2008-10-31 01:10 . 2008-10-31 01:10 16136 ----a-w- c:\program files\mpc5.reg
2008-10-31 01:10 . 2008-10-31 01:10 15378 ----a-w- c:\program files\mpc6.reg
2008-10-31 01:10 . 2008-10-31 01:10 7630 ----a-w- c:\program files\ffdssetts.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@="{ba930330-a721-11d3-a7b9-00500464ee16}"
[HKEY_CLASSES_ROOT\CLSID\{ba930330-a721-11d3-a7b9-00500464ee16}]
2005-06-08 16:30 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@="{2030D939-54A7-4fea-9B06-49EA77EFC87F}"
[HKEY_CLASSES_ROOT\CLSID\{2030D939-54A7-4fea-9B06-49EA77EFC87F}]
2005-06-08 16:30 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-05 185896]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 24576]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 245760]
"UERLKUP"="c:\program files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2007-06-30 28672]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-27 73728]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-12 266240]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
is-22O67.lnk - c:\program files\Virus Removal Tool\is-22O67\startup.exe [2009-8-11 65536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-11-10 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
2002-01-22 13:28 110592 ----a-w- c:\windows\system32\SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
2005-03-31 09:27 69632 ----a-w- c:\windows\system32\SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
2006-03-29 12:14 77824 ----a-w- c:\windows\system32\uercltn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AirPort\\APAgent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16434:TCP"= 16434:TCP:NortonAV
"5353:UDP"= 5353:UDP:Bonjour
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [08/06/2005 18:47 17952]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [08/06/2005 18:48 54880]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/04/2008 21:22 114768]
R1 is-22O67drv;is-22O67drv;c:\windows\system32\drivers\44019618.sys [11/08/2009 02:10 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/04/2008 21:22 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/03/2009 11:33 55152]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [09/04/2008 21:10 63555]
S3 CYNI;CYNI;c:\docume~1\UTILIS~1\LOCALS~1\Temp\CYNI.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\CYNI.exe [?]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [09/04/2008 21:10 114616]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GMHALX;GMHALX;c:\docume~1\UTILIS~1\LOCALS~1\Temp\GMHALX.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\GMHALX.exe [?]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [27/03/2008 21:42 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [27/03/2008 21:42 15488]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14.tmp --> c:\windows\system32\14.tmp [?]
S3 RYUNEAVTSW;RYUNEAVTSW;c:\docume~1\UTILIS~1\LOCALS~1\Temp\RYUNEAVTSW.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\RYUNEAVTSW.exe [?]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys --> c:\windows\system32\DRIVERS\TpChoice.sys [?]
S3 TWPVMJEX;TWPVMJEX;c:\docume~1\UTILIS~1\LOCALS~1\Temp\TWPVMJEX.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\TWPVMJEX.exe [?]
S3 utu4odg4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utu4odg4.sys --> c:\windows\system32\Drivers\utu4odg4.sys [?]
S3 VAGOKALHS;VAGOKALHS;c:\docume~1\UTILIS~1\LOCALS~1\Temp\VAGOKALHS.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\VAGOKALHS.exe [?]
S3 YD;YD;c:\docume~1\UTILIS~1\LOCALS~1\Temp\YD.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\YD.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2007-08-03 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]

2007-08-17 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]

2007-08-03 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\GestMaj.exe

.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.regioncentre.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\73eieb4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.regioncentre.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 15:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\14.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\SGLogEx.dll
c:\windows\system32\SGLogNotification.dll
c:\windows\system32\uercltn.dll
c:\windows\system32\USWERRLN.dll
c:\windows\system32\uerlibws.dll
c:\windows\system32\GetUserSid.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Utimaco\SafeGuard Easy\SGEDRV.dll
c:\program files\Utimaco\SafeGuard Easy\FLTAPI.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\windows\system32\LogMsgApp.Dll
.
Completion time: 2009-08-13 15:45
ComboFix-quarantined-files.txt 2009-08-13 13:45

Pre-Run: 14 443 479 040 octets libres
Post-Run: 14 501 253 120 octets libres

247 --- E O F --- 2009-08-03 09:38

Réponse 42 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
13 août 2009 à 15:56

Salut ,

Petite verif :

Affiche les fichiers / dossiers cachés : Tutoriel

- Rends toi sur ce site : Virus Total

▶ Copie ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :

c:\windows\system32\drivers\44019618.sys

▶ Clique sur Send File ( = " Envoyer le fichier " ).

-> Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

▶ Sauvegarde le rapport avec le bloc-note.

▶ Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

Réponse 43 / 88

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
13 août 2009 à 15:56

Tu en pense quoi fix 200?

Réponse 44 / 88

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
13 août 2009 à 15:57

je te laisse finir si tu veux fix200?

Réponse 45 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
13 août 2009 à 16:01

Re,

Non ! juste avec Combo , je prépare un script . une fois fait je vous laisse :)

A+

Réponse 46 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 16:11

Voilou! (en admetant que ce soit ça que vous voulez!!)

Fichier 93189437.sys reçu le 2009.08.13 04:36:07 (UTC)
Situation actuelle: terminé

Résultat: 0/41 (0.00%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.13 -
AhnLab-V3 5.0.0.2 2009.08.12 -
AntiVir 7.9.1.1 2009.08.12 -
Antiy-AVL 2.0.3.7 2009.08.12 -
Authentium 5.1.2.4 2009.08.13 -
Avast 4.8.1335.0 2009.08.12 -
AVG 8.5.0.406 2009.08.12 -
BitDefender 7.2 2009.08.13 -
CAT-QuickHeal 10.00 2009.08.13 -
ClamAV 0.94.1 2009.08.13 -
Comodo 1961 2009.08.13 -
DrWeb 5.0.0.12182 2009.08.13 -
eSafe 7.0.17.0 2009.08.11 -
eTrust-Vet 31.6.6673 2009.08.12 -
F-Prot 4.4.4.56 2009.08.12 -
F-Secure 8.0.14470.0 2009.08.13 -
Fortinet 3.120.0.0 2009.08.13 -
GData 19 2009.08.13 -
Ikarus T3.1.1.64.0 2009.08.13 -
Jiangmin 11.0.800 2009.08.12 -
K7AntiVirus 7.10.817 2009.08.12 -
Kaspersky 7.0.0.125 2009.08.13 -
McAfee 5707 2009.08.12 -
McAfee+Artemis 5707 2009.08.12 -
McAfee-GW-Edition 6.8.5 2009.08.13 -
Microsoft 1.4903 2009.08.12 -
NOD32 4330 2009.08.12 -
Norman 6.01.09 2009.08.12 -
nProtect 2009.1.8.0 2009.08.13 -
Panda 10.0.0.14 2009.08.12 -
PCTools 4.4.2.0 2009.08.12 -
Prevx 3.0 2009.08.13 -
Rising 21.42.30.00 2009.08.13 -
Sophos 4.44.0 2009.08.13 -
Sunbelt 3.2.1858.2 2009.08.13 -
Symantec 1.4.4.12 2009.08.13 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.12 -
VBA32 3.12.10.9 2009.08.12 -
ViRobot 2009.8.12.1881 2009.08.12 -
VirusBuster 4.6.5.0 2009.08.12 -
Information additionnelle
File size: 148496 bytes
MD5 : 0aa3ad071827118fcc8f37f7a6ab7aa1
SHA1 : 59784c49ffe530931010070c8843366f9d7fa6f0
SHA256: 3e893bcf9e3ec8fa44c8ef0cf7c2d269212651d65c16b30bd953cc3a54f3b2aa
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x33010
timedatestamp.....: 0x4873470A (Tue Jul 8 12:52:58 2008)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1A848 0x1AA00 6.38 ca8bbffb8c1aac75560de3ffede16f38
NONPAGED 0x1C000 0x25 0x200 0.30 76fbfaa1c4997eccce3ca016c3b1345b
.rdata 0x1D000 0x850 0xA00 4.25 6ffc26ac817e2ae1a1cf5ce42adc9f0b
.data 0x1E000 0x1B00 0x600 6.42 2680643c152bf562cae4ab5d1ed2070c
PAGE 0x20000 0x2CDC 0x2E00 6.28 7516763c152ec5b6c5df87c555fadbb5
INIT 0x23000 0x1B88 0x1C00 5.96 4459dca4b85a564cb98f26cfbff36fbe
.rsrc 0x25000 0x400 0x400 3.36 09f200edb8e02e6fa4ab2f6bc27ad921
.reloc 0x26000 0x1B6E 0x1C00 6.47 5d73a4e2a3be56c2448dbd9511deefa3

( 0 imports )

( 0 exports )

TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:xoZsjyhxlNCet3MATPO1jUFLVFnRkPjcow9gT7wNwSk7Fa/4NJ:xnjyhx8Ad6jcpgTsW/KqJ
PEiD : -
RDS : NSRL Reference Data Set

Réponse 47 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
13 août 2009 à 16:12

Re,

Je te prépare la suite ... patiente un peu.

Réponse 48 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 16:14

ok ça marche merci

Réponse 49 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
13 août 2009 à 16:22

Branche tes lecteurs .

/!\ Attention /!\

|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|

▶ Copie le texte ci-dessous :

File::
H:\22yj2fy1.exe
H:\ktly.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\YD.exe

Driver::
MEMSWEEP2
YD

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

DirLook::
c:\program files\Virus Removal Tool

▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

▶ Sauvegarde ce fichier sous le nom de CFScript.txt

▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

=> Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

▶ Après redémarrage, poste le contenu du rapport Combofix.txt

A+

Réponse 50 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 16:28

Je désactive mes protections?

Réponse 51 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 16:29

laiise tomber j'ai pas bien lu désolé

Réponse 52 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
13 août 2009 à 16:30

Re,

Oui.

Je dois partir pr le moment , fais le script et continue avec Pimprenelle .

A+

Réponse 53 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
13 août 2009 à 19:23

Voilou le rapport.
ça a mis un peu de temps désolé

ComboFix 09-08-10.06 - Utilisateur 13/08/2009 16:34.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1526.957 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Utilisateur\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\docume~1\UTILIS~1\LOCALS~1\Temp\YD.exe"
"H:\22yj2fy1.exe"
"H:\ktly.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\ktly.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Legacy_YD
-------\Service_YD

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-11 00:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\44019618.sys
2009-08-11 00:10 . 2009-08-11 10:05 -------- d-----w- c:\program files\Virus Removal Tool
2009-08-10 23:57 . 2009-08-13 17:16 31983648 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-10 14:33 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 14:33 . 2009-08-10 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 14:33 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 13:33 . 2009-08-10 13:33 -------- d-sh--w- c:\documents and settings\Utilisateur\UserData
2009-08-10 12:55 . 2009-08-10 13:16 -------- d-----w- C:\UsbFix
2009-08-10 10:49 . 2009-08-10 10:49 -------- d-----w- C:\rsit
2009-08-10 10:49 . 2009-08-10 10:49 -------- d-----w- c:\program files\trend micro
2009-08-10 09:48 . 2009-08-10 09:48 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-08-10 09:47 . 2009-08-10 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 08:46 . 2009-08-12 21:44 -------- d-----w- c:\program files\Sophos
2009-08-07 13:33 . 1997-11-08 12:44 233472 ----a-w- c:\windows\system32\ILDA32.DLL
2009-08-07 13:33 . 2009-08-12 14:04 -------- d-----w- c:\program files\RA2000
2009-08-07 13:32 . 1999-03-23 07:12 304128 ----a-w- c:\windows\unin040c.exe
2009-07-29 22:39 . 2009-07-29 22:39 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-20 08:10 . 2009-07-20 08:10 -------- d-----w- c:\program files\iPod
2009-07-20 08:09 . 2009-07-20 08:10 -------- d-----w- c:\program files\iTunes
2009-07-20 08:06 . 2009-07-20 08:06 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 14:37 . 2009-08-10 23:57 374732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-12 09:25 . 2007-08-05 19:30 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2009-08-10 13:18 . 2007-07-24 07:24 78702 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 13:18 . 2007-07-24 07:24 478060 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 11:29 . 2008-07-29 07:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2009-08-04 00:31 . 2009-03-19 09:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 08:09 . 2007-12-27 16:57 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-13 11:30 . 2007-07-24 10:13 104712 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 11:16 . 2007-07-24 07:36 86999 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 16:57 . 2007-07-24 07:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2007-07-24 07:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2007-07-24 07:24 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 20:39 . 2009-06-11 20:13 121560 ----a-w- c:\windows\hpoins11.dat
2009-06-05 09:42 . 2009-06-09 22:09 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2007-12-27 16:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:10 . 2007-07-24 07:24 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-10-31 01:10 . 2008-10-31 01:10 3865 ----a-w- c:\program files\satsukidecodersettings.ini
2008-10-31 01:10 . 2008-10-31 01:10 680 ----a-w- c:\program files\mpc2.reg
2008-10-31 01:10 . 2008-10-31 01:10 596 ----a-w- c:\program files\mpc1.reg
2008-10-31 01:10 . 2008-10-31 01:10 3782 ----a-w- c:\program files\mpc4.reg
2008-10-31 01:10 . 2008-10-31 01:10 3436 ----a-w- c:\program files\mpc7.reg
2008-10-31 01:10 . 2008-10-31 01:10 32754 ----a-w- c:\program files\ffdsvsetts.reg
2008-10-31 01:10 . 2008-10-31 01:10 2910 ----a-w- c:\program files\mpc3.reg
2008-10-31 01:10 . 2008-10-31 01:10 2544 ----a-w- c:\program files\ffdsasetts.reg
2008-10-31 01:10 . 2008-10-31 01:10 16136 ----a-w- c:\program files\mpc5.reg
2008-10-31 01:10 . 2008-10-31 01:10 15378 ----a-w- c:\program files\mpc6.reg
2008-10-31 01:10 . 2008-10-31 01:10 7630 ----a-w- c:\program files\ffdssetts.reg
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Virus Removal Tool ----

2009-08-12 08:17 . 2009-08-12 08:17 50441 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\0009_Scan_Objects_eventlog.rpt
2009-08-11 11:31 . 2009-08-11 11:31 569 ----a-w- c:\program files\Virus Removal Tool\is-22O67\data\BTImages.dat
2009-08-11 11:27 . 2009-08-11 14:32 154629625 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\0006_Scan_Objects_eventlog.rpt
2009-08-11 11:27 . 2009-08-12 08:17 84 ----a-w- c:\program files\Virus Removal Tool\is-22O67\data\sfdb.dat
2009-08-11 00:16 . 2009-08-11 00:16 65019 ----a-w- c:\program files\Virus Removal Tool\is-22O67\LOG\avptool_syscheck.zip
2009-08-11 00:14 . 2009-08-11 00:16 23111 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\0003_AVZ_CollectSysInfo_eventlog.rpt
2009-08-11 00:10 . 2009-08-11 00:10 80 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\detected.idx
2009-08-11 00:10 . 2009-08-11 00:10 80 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\detected.rpt
2009-08-11 00:10 . 2009-08-13 12:39 5124 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\eventlog.rpt
2009-08-11 00:10 . 2009-08-12 08:18 17023 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report\report.rpt
2009-08-11 00:10 . 2009-08-11 00:10 101 ----a-w- c:\program files\Virus Removal Tool\Log.bat
2009-08-11 00:10 . 2009-08-11 00:10 95 ----a-w- c:\program files\Virus Removal Tool\Scan.bat
2009-08-11 00:10 . 2009-08-11 00:10 495 ----a-w- c:\program files\Virus Removal Tool\Script.bat
2009-08-11 00:10 . 2009-08-11 00:10 1833 ----a-w- c:\program files\Virus Removal Tool\Start.lnk
2009-08-11 00:10 . 2008-10-14 12:41 4184 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\verdicts.ini
2009-08-11 00:10 . 2009-08-07 15:22 24179 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\syscheck.avz
2009-08-11 00:10 . 2009-08-07 15:22 1590 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\sysipu.avz
2009-08-11 00:10 . 2009-08-07 15:22 4570 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\tsw.avz
2009-08-11 00:10 . 2009-08-07 15:22 5805 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\sr.avz
2009-08-11 00:10 . 2009-08-07 15:22 7701 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\srdb.avz
2009-08-11 00:10 . 2008-03-25 12:42 7664 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\startup.ini
2009-08-11 00:10 . 2008-11-12 12:34 1707 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signfavp.avz
2009-08-11 00:10 . 2009-08-07 15:22 35668 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signfusr.avz
2009-08-11 00:10 . 2009-08-07 15:22 26384 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signf005.avz
2009-08-11 00:10 . 2009-08-07 15:22 39105 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signf003.avz
2009-08-11 00:10 . 2009-08-07 15:22 32523 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signf004.avz
2009-08-11 00:10 . 2009-08-07 15:22 50699 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signf002.avz
2009-08-11 00:10 . 2009-08-07 15:22 6907 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\repair.avz
2009-08-11 00:10 . 2009-08-07 15:22 2345 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\rootkit.avz
2009-08-11 00:10 . 2009-08-07 15:22 1005 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\scripts.avz
2009-08-11 00:10 . 2009-08-07 15:22 162533 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\signf001.avz
2009-08-11 00:10 . 2009-08-07 15:22 4060 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\ports.avz
2009-08-11 00:10 . 2009-08-07 15:22 2041 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\prt.avz
2009-08-11 00:10 . 2009-08-07 15:22 804 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\neurale.avz
2009-08-11 00:10 . 2009-08-07 15:22 3748 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\neuralm.avz
2009-08-11 00:10 . 2009-08-07 15:22 7499 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\neural.avz
2009-08-11 00:10 . 2009-08-07 15:22 335 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\neurald.avz
2009-08-11 00:10 . 2009-08-07 15:22 35579100 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\megabase.avc
2009-08-11 00:10 . 2009-08-07 15:22 14849 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\krnldrv.avz
2009-08-11 00:10 . 2008-08-12 13:03 61804 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\klavemu.kfb
2009-08-11 00:10 . 2008-03-21 14:57 635904 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\klavemu.kdl
2009-08-11 00:10 . 2009-08-07 15:22 836 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\backup.avz
2009-08-11 00:10 . 2009-08-07 15:22 2193 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\bt.avz
2009-08-11 00:10 . 2005-08-30 13:47 12023 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\engine.dt
2009-08-11 00:10 . 2009-08-07 15:22 506 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\keylogger.avz
2009-08-11 00:10 . 2007-06-13 13:33 78 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bases\avp_x.set
2009-08-11 00:10 . 2008-11-12 12:25 29946 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\service.loc
2009-08-11 00:10 . 2008-11-12 12:25 9696 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\settings.loc
2009-08-11 00:10 . 2008-11-12 12:25 17210 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\prot.loc
2009-08-11 00:10 . 2008-11-12 12:25 12032 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\report.loc
2009-08-11 00:10 . 2008-11-12 12:25 16784 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\scan.loc
2009-08-11 00:10 . 2008-11-12 12:25 36754 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\hints.loc
2009-08-11 00:10 . 2008-11-12 12:25 3874 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\iso3166-1.loc
2009-08-11 00:10 . 2008-11-12 12:25 23149 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\main.loc
2009-08-11 00:10 . 2008-11-12 12:25 4067 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\oas.loc
2009-08-11 00:10 . 2008-11-12 12:25 65455 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\avzkrnl.loc
2009-08-11 00:10 . 2008-11-12 12:25 9424 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\credits.loc
2009-08-11 00:10 . 2008-11-12 12:25 2969 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\en\avz.loc
2009-08-11 00:10 . 2008-11-12 12:25 9996 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\sounds\Infected.wav
2009-08-11 00:10 . 2008-11-12 12:25 54308 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\service.ini
2009-08-11 00:10 . 2008-11-12 12:25 22736 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\settings.ini
2009-08-11 00:10 . 2008-11-12 12:25 13961 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\report.ini
2009-08-11 00:10 . 2008-11-12 12:25 16316 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\scan.ini
2009-08-11 00:10 . 2008-11-12 12:25 23959 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\main.ini
2009-08-11 00:10 . 2008-11-12 12:25 7907 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\oas.ini
2009-08-11 00:10 . 2008-11-12 12:25 26243 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\prot.ini
2009-08-11 00:10 . 2008-11-12 12:25 3044 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\web32.png
2009-08-11 00:10 . 2008-11-12 12:25 7365 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\webX.png
2009-08-11 00:10 . 2008-11-12 12:25 2447 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\layout\avz.ini
2009-08-11 00:10 . 2008-11-12 12:25 1897 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\updater32.png
2009-08-11 00:10 . 2008-11-12 12:25 6383 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\updaterX.png
2009-08-11 00:10 . 2008-11-12 12:25 2990 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\support32.png
2009-08-11 00:10 . 2008-11-12 12:25 7370 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\support.png
2009-08-11 00:10 . 2008-11-12 12:25 5954 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\protection.png
2009-08-11 00:10 . 2008-11-12 12:25 2519 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\scan32.png
2009-08-11 00:10 . 2008-11-12 12:25 206447 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\scanX.png
2009-08-11 00:10 . 2008-11-12 12:25 2795 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\pdm32.png
2009-08-11 00:10 . 2008-11-12 12:25 6665 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\pdmX.png
2009-08-11 00:10 . 2008-11-12 12:25 2490 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\prot32.png
2009-08-11 00:10 . 2008-11-12 12:25 2209 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\file32.png
2009-08-11 00:10 . 2008-11-12 12:25 6983 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\fileX.png
2009-08-11 00:10 . 2008-11-12 12:25 2542 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\mail32.png
2009-08-11 00:10 . 2008-11-12 12:25 6982 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\mailX.png
2009-08-11 00:10 . 2008-11-12 12:25 7705 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antispyX.png
2009-08-11 00:10 . 2008-11-12 12:25 5155 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\datafiles.png
2009-08-11 00:10 . 2008-11-12 12:25 2044 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\datafiles32.png
2009-08-11 00:10 . 2008-11-12 12:25 2461 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antispam32.png
2009-08-11 00:10 . 2008-11-12 12:25 6314 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antispamX.png
2009-08-11 00:10 . 2008-11-12 12:25 1899 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antispy32.png
2009-08-11 00:10 . 2008-11-12 12:25 2944 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\wizard.png
2009-08-11 00:10 . 2008-11-12 12:25 3103 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antihacker32.png
2009-08-11 00:10 . 2008-11-12 12:25 9724 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\tasks\antihackerX.png
2009-08-11 00:10 . 2008-11-12 12:25 3392 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\warning.png
2009-08-11 00:10 . 2008-11-12 12:25 4177 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\warning24.png
2009-08-11 00:10 . 2008-11-12 12:25 5101 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\warning32.png
2009-08-11 00:10 . 2008-11-12 12:25 2864 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\unlocked.png
2009-08-11 00:10 . 2008-11-12 12:25 4577 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\visa.png
2009-08-11 00:10 . 2008-11-12 12:25 32990 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\t_hdr.bmp
2009-08-11 00:10 . 2008-11-12 12:25 32990 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\t_row.bmp
2009-08-11 00:10 . 2008-11-12 12:25 3083 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\unkobj.png
2009-08-11 00:10 . 2008-11-12 12:25 7727 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\taskbar.png
2009-08-11 00:10 . 2008-11-12 12:25 13073 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\title.png
2009-08-11 00:10 . 2008-11-12 12:25 3217 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\trusted.png
2009-08-11 00:10 . 2008-11-12 12:25 3100 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\stealth.png
2009-08-11 00:10 . 2008-11-12 12:25 2626 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\stop.png
2009-08-11 00:10 . 2008-11-12 12:25 1880 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\settings.png
2009-08-11 00:10 . 2008-11-12 12:25 3605 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\startupobj.png
2009-08-11 00:10 . 2008-11-12 12:25 5796 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\rdisk.png
2009-08-11 00:10 . 2008-11-12 12:25 4462 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\regedit.png
2009-08-11 00:10 . 2008-11-12 12:25 958 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\regicons.ico
2009-08-11 00:10 . 2008-11-12 12:25 3428 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\run.png
2009-08-11 00:10 . 2008-11-12 12:25 2857 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\pause.png
2009-08-11 00:10 . 2008-11-12 12:25 2927 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\popup_allowed.png
2009-08-11 00:10 . 2008-11-12 12:25 2907 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\popup_blocked.png
2009-08-11 00:10 . 2008-11-12 12:25 2365 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\Privacy.png
2009-08-11 00:10 . 2008-11-12 12:25 3443 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\ok.png
2009-08-11 00:10 . 2008-11-12 12:25 4208 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\ok24.png
2009-08-11 00:10 . 2008-11-12 12:25 4861 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\ok32.png
2009-08-11 00:10 . 2008-11-12 12:25 2244 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\password.png
2009-08-11 00:10 . 2008-11-12 12:25 2336 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\office.png
2009-08-11 00:10 . 2008-11-12 12:25 3322 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\network.png
2009-08-11 00:10 . 2008-11-12 12:25 2859 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\nonrecursive.png
2009-08-11 00:10 . 2008-11-12 12:25 628 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\notepad.png
2009-08-11 00:10 . 2008-11-12 12:25 1936 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\Notify.png
2009-08-11 00:10 . 2008-11-12 12:25 2995 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\msg_new.png
2009-08-11 00:10 . 2008-11-12 12:25 3022 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\msg_question.png
2009-08-11 00:10 . 2008-11-12 12:25 3078 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\navstate.png
2009-08-11 00:10 . 2008-11-12 12:25 1287 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\navstate2.png
2009-08-11 00:10 . 2008-11-12 12:25 3076 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\msg_good.png
2009-08-11 00:10 . 2008-11-12 12:25 3117 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\memory.png
2009-08-11 00:10 . 2008-11-12 12:25 3113 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\msg_bad.png
2009-08-11 00:10 . 2008-11-12 12:25 2992 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\msg_deleted.png
2009-08-11 00:10 . 2008-11-12 12:25 2909 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\main_on16.png
2009-08-11 00:10 . 2008-11-12 12:25 2987 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\main_on32.png
2009-08-11 00:10 . 2008-11-12 12:25 3177 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\mail_bad.png
2009-08-11 00:10 . 2008-11-12 12:25 2927 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\main_off16.png
2009-08-11 00:10 . 2008-11-12 12:25 3010 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\main_off32.png
2009-08-11 00:10 . 2008-11-12 12:25 3206 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\local.png
2009-08-11 00:10 . 2008-11-12 12:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\lockbutton.png
2009-08-11 00:10 . 2008-11-12 12:25 2863 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\locked.png
2009-08-11 00:10 . 2008-11-12 12:25 4913 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\logo.png
2009-08-11 00:10 . 2008-11-12 12:25 3076 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\mail.png
2009-08-11 00:10 . 2008-11-12 12:25 2889 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_tab.png
2009-08-11 00:10 . 2008-11-12 12:25 3122 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\key.png
2009-08-11 00:10 . 2008-11-12 12:25 2530 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kl.png
2009-08-11 00:10 . 2008-11-12 12:25 2881 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_normal.png
2009-08-11 00:10 . 2008-11-12 12:25 2903 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_rshift.png
2009-08-11 00:10 . 2008-11-12 12:25 2891 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_slash.png
2009-08-11 00:10 . 2008-11-12 12:25 2926 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_space.png
2009-08-11 00:10 . 2008-11-12 12:25 2891 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_lshift.png
2009-08-11 00:10 . 2008-11-12 12:25 2885 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_ctrl.png
2009-08-11 00:10 . 2008-11-12 12:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_enter.png
2009-08-11 00:10 . 2008-11-12 12:25 4771 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kav_en.png
2009-08-11 00:10 . 2008-11-12 12:25 4749 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kav_ru.png
2009-08-11 00:10 . 2008-11-12 12:25 2963 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_bs.png
2009-08-11 00:10 . 2008-11-12 12:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kbdbtn_caps.png
2009-08-11 00:10 . 2008-11-12 12:25 1636 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\intranet.png
2009-08-11 00:10 . 2008-11-12 12:25 6962 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kav2006.png
2009-08-11 00:10 . 2008-11-12 12:25 10011 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\kav2006rus.png
2009-08-11 00:10 . 2008-11-12 12:25 3448 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\info.png
2009-08-11 00:10 . 2008-11-12 12:25 2617 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\integrity.png
2009-08-11 00:10 . 2008-11-12 12:25 3339 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\internet.png
2009-08-11 00:10 . 2008-11-12 12:25 3643 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\internet16.png
2009-08-11 00:10 . 2008-11-12 12:25 2919 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\ids.png
2009-08-11 00:10 . 2008-11-12 12:25 2834 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\ie.png
2009-08-11 00:10 . 2008-11-12 12:25 1205 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\help16.png
2009-08-11 00:10 . 2008-11-12 12:25 1165 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\i16.png
2009-08-11 00:10 . 2008-11-12 12:25 4357 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\i24.png
2009-08-11 00:10 . 2008-11-12 12:25 2272 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\i32.png
2009-08-11 00:10 . 2008-11-12 12:25 3307 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\floppy.png
2009-08-11 00:10 . 2008-11-12 12:25 3026 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\Goodmail.png
2009-08-11 00:10 . 2008-11-12 12:25 2876 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\gripper.png
2009-08-11 00:10 . 2008-11-12 12:25 1861 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\help.png
2009-08-11 00:10 . 2008-11-12 12:25 3389 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\error.png
2009-08-11 00:10 . 2008-11-12 12:25 966 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\expand.png
2009-08-11 00:10 . 2008-11-12 12:25 4660 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\danger32.png
2009-08-11 00:10 . 2008-11-12 12:25 2980 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\dialer.png
2009-08-11 00:10 . 2008-11-12 12:25 1024 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\disk.png
2009-08-11 00:10 . 2008-11-12 12:25 2646 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\display.png
2009-08-11 00:10 . 2008-11-12 12:25 1027 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\collapse.png
2009-08-11 00:10 . 2008-11-12 12:25 4068 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\danger24.png
2009-08-11 00:10 . 2008-11-12 12:25 2303 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\Banner.png
2009-08-11 00:10 . 2008-11-12 12:25 1646 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\battery.png
2009-08-11 00:10 . 2008-11-12 12:25 3442 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\bootsect.png
2009-08-11 00:10 . 2008-11-12 12:25 2976 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\badmail.png
2009-08-11 00:10 . 2008-11-12 12:25 1325 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\banner.gif
2009-08-11 00:10 . 2008-11-12 12:25 3771 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\application.png
2009-08-11 00:10 . 2008-11-12 12:25 4160 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\Arrow.png
2009-08-11 00:10 . 2008-11-12 12:25 130764 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\background.png
2009-08-11 00:10 . 2008-11-12 12:25 3482 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\prot.loc
2009-08-11 00:10 . 2008-11-12 12:25 2237 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\images\activity.png
2009-08-11 00:10 . 2007-05-19 20:32 5120 ----a-w- c:\program files\Virus Removal Tool\is-22O67\zcompare.ppl
2009-08-11 00:10 . 2008-11-12 12:25 76475 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\enums.loc
2009-08-11 00:10 . 2008-11-12 12:25 9180 ----a-w- c:\program files\Virus Removal Tool\is-22O67\skin\skin.ini
2009-08-11 00:10 . 2007-05-19 20:31 25088 ----a-w- c:\program files\Virus Removal Tool\is-22O67\winreg.ppl
2009-08-11 00:10 . 2008-11-12 12:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\xorio.ppl
2009-08-11 00:10 . 2007-05-19 20:32 35840 ----a-w- c:\program files\Virus Removal Tool\is-22O67\wdiskio.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6144 ----a-w- c:\program files\Virus Removal Tool\is-22O67\unshrink.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6144 ----a-w- c:\program files\Virus Removal Tool\is-22O67\unstored.ppl
2009-08-11 00:10 . 2007-05-19 20:32 11264 ----a-w- c:\program files\Virus Removal Tool\is-22O67\vmarea.ppl
2009-08-11 00:10 . 2007-05-19 20:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-22O67\uniarc.ppl
2009-08-11 00:10 . 2007-05-19 20:32 10240 ----a-w- c:\program files\Virus Removal Tool\is-22O67\unlzx.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\unreduce.ppl
2009-08-11 00:10 . 2007-05-19 20:32 9216 ----a-w- c:\program files\Virus Removal Tool\is-22O67\unarj.ppl
2009-08-11 00:10 . 2007-05-19 20:31 139264 ----a-w- c:\program files\Virus Removal Tool\is-22O67\tm.ppl
2009-08-11 00:10 . 2007-05-19 20:31 19968 ----a-w- c:\program files\Virus Removal Tool\is-22O67\thpimpl.ppl
2009-08-11 00:10 . 2007-05-19 20:31 12288 ----a-w- c:\program files\Virus Removal Tool\is-22O67\timer.ppl
2009-08-11 00:10 . 2007-05-19 20:32 5632 ----a-w- c:\program files\Virus Removal Tool\is-22O67\stored.ppl
2009-08-11 00:10 . 2007-05-19 20:31 6144 ----a-w- c:\program files\Virus Removal Tool\is-22O67\superio.ppl
2009-08-11 00:10 . 2007-05-19 20:31 9728 ----a-w- c:\program files\Virus Removal Tool\is-22O67\tempfile.ppl
2009-08-11 00:10 . 2007-05-19 20:31 5120 ----a-w- c:\program files\Virus Removal Tool\is-22O67\stdcomp.ppl
2009-08-11 00:10 . 2008-11-12 12:33 114688 ----a-w- c:\program files\Virus Removal Tool\is-22O67\stenum2.ppl
2009-08-11 00:10 . 2007-05-19 20:31 22016 ----a-w- c:\program files\Virus Removal Tool\is-22O67\resip.ppl
2009-08-11 00:10 . 2007-05-19 20:31 30720 ----a-w- c:\program files\Virus Removal Tool\is-22O67\sfdb.ppl
2009-08-11 00:10 . 2007-05-19 20:32 10752 ----a-w- c:\program files\Virus Removal Tool\is-22O67\regmap.ppl
2009-08-11 00:10 . 2007-05-19 20:31 18432 ----a-w- c:\program files\Virus Removal Tool\is-22O67\report.ppl
2009-08-11 00:10 . 2007-05-19 20:32 86016 ----a-w- c:\program files\Virus Removal Tool\is-22O67\reggrd.ppl
2009-08-11 00:10 . 2007-05-19 20:31 40960 ----a-w- c:\program files\Virus Removal Tool\is-22O67\qb.ppl
2009-08-11 00:10 . 2007-05-19 20:32 98304 ----a-w- c:\program files\Virus Removal Tool\is-22O67\rar.ppl
2009-08-11 00:10 . 2007-05-19 20:32 16896 ----a-w- c:\program files\Virus Removal Tool\is-22O67\prutil.ppl
2009-08-11 00:10 . 2007-05-19 20:31 23040 ----a-w- c:\program files\Virus Removal Tool\is-22O67\pxstub.ppl
2009-08-11 00:10 . 2007-05-19 20:31 10240 ----a-w- c:\program files\Virus Removal Tool\is-22O67\prseqio.ppl
2009-08-11 00:10 . 2008-11-12 12:32 65536 ----a-w- c:\program files\Virus Removal Tool\is-22O67\procmon.ppl
2009-08-11 00:10 . 2007-05-19 20:31 147456 ----a-w- c:\program files\Virus Removal Tool\is-22O67\prkernel.ppl
2009-08-11 00:10 . 2007-05-19 20:32 222208 ----a-w- c:\program files\Virus Removal Tool\is-22O67\pdm2rt.ppl
2009-08-11 00:10 . 2007-05-19 20:31 331776 ----a-w- c:\program files\Virus Removal Tool\is-22O67\pdm.ppl
2009-08-11 00:10 . 2007-05-19 20:31 9216 ----a-w- c:\program files\Virus Removal Tool\is-22O67\passdmap.ppl
2009-08-11 00:10 . 2008-11-12 12:29 450560 ----a-w- c:\program files\Virus Removal Tool\is-22O67\params.ppl
2009-08-11 00:10 . 2008-11-12 12:33 102400 ----a-w- c:\program files\Virus Removal Tool\is-22O67\ods.ppl
2009-08-11 00:10 . 2007-05-19 20:33 16384 ----a-w- c:\program files\Virus Removal Tool\is-22O67\ntfsstrm.ppl
2009-08-11 00:10 . 2007-05-19 20:31 86016 ----a-w- c:\program files\Virus Removal Tool\is-22O67\nfio.ppl
2009-08-11 00:10 . 2007-05-19 20:33 27648 ----a-w- c:\program files\Virus Removal Tool\is-22O67\mkavio.ppl
2009-08-11 00:10 . 2007-05-19 20:33 69632 ----a-w- c:\program files\Virus Removal Tool\is-22O67\msoe.ppl
2009-08-11 00:10 . 2008-11-12 12:33 17920 ----a-w- c:\program files\Virus Removal Tool\is-22O67\memscan.ppl
2009-08-11 00:10 . 2007-05-19 20:32 18944 ----a-w- c:\program files\Virus Removal Tool\is-22O67\minizip.ppl
2009-08-11 00:10 . 2007-05-19 20:33 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\mdmap.ppl
2009-08-11 00:10 . 2008-11-12 12:33 23552 ----a-w- c:\program files\Virus Removal Tool\is-22O67\memmodsc.ppl
2009-08-11 00:10 . 2007-05-19 20:34 8192 ----a-w- c:\program files\Virus Removal Tool\is-22O67\l_llio.ppl
2009-08-11 00:10 . 2007-05-19 20:33 26624 ----a-w- c:\program files\Virus Removal Tool\is-22O67\mailmsg.ppl
2009-08-11 00:10 . 2007-05-19 20:31 10240 ----a-w- c:\program files\Virus Removal Tool\is-22O67\iwgen.ppl
2009-08-11 00:10 . 2007-05-19 20:32 25088 ----a-w- c:\program files\Virus Removal Tool\is-22O67\lha.ppl
2009-08-11 00:10 . 2007-05-19 20:30 18432 ----a-w- c:\program files\Virus Removal Tool\is-22O67\inflate.ppl
2009-08-11 00:10 . 2007-05-19 20:34 15360 ----a-w- c:\program files\Virus Removal Tool\is-22O67\inifile.ppl
2009-08-11 00:10 . 2007-05-19 20:33 8192 ----a-w- c:\program files\Virus Removal Tool\is-22O67\hashmd5.ppl
2009-08-11 00:10 . 2007-05-19 20:33 5120 ----a-w- c:\program files\Virus Removal Tool\is-22O67\hccmp.ppl
2009-08-11 00:10 . 2007-05-19 20:33 12800 ----a-w- c:\program files\Virus Removal Tool\is-22O67\ichk2.ppl
2009-08-11 00:10 . 2007-05-19 20:34 18944 ----a-w- c:\program files\Virus Removal Tool\is-22O67\fsdrvplg.ppl
2009-08-11 00:10 . 2007-05-19 20:34 5632 ----a-w- c:\program files\Virus Removal Tool\is-22O67\hashcont.ppl
2009-08-11 00:10 . 2007-05-19 20:34 9728 ----a-w- c:\program files\Virus Removal Tool\is-22O67\explode.ppl
2009-08-11 00:10 . 2007-05-19 20:32 13312 ----a-w- c:\program files\Virus Removal Tool\is-22O67\filemap.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\dmap.ppl
2009-08-11 00:10 . 2007-05-19 20:32 49664 ----a-w- c:\program files\Virus Removal Tool\is-22O67\dtreg.ppl
2009-08-11 00:10 . 2007-05-19 20:30 31232 ----a-w- c:\program files\Virus Removal Tool\is-22O67\crpthlpr.ppl
2009-08-11 00:10 . 2007-05-19 20:32 17408 ----a-w- c:\program files\Virus Removal Tool\is-22O67\deflate.ppl
2009-08-11 00:10 . 2007-05-19 20:32 5632 ----a-w- c:\program files\Virus Removal Tool\is-22O67\buffer.ppl
2009-08-11 00:10 . 2007-05-19 20:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-22O67\cab.ppl
2009-08-11 00:10 . 2007-05-19 20:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-22O67\btdisk.ppl
2009-08-11 00:10 . 2007-05-19 20:32 14848 ----a-w- c:\program files\Virus Removal Tool\is-22O67\btimages.ppl
2009-08-11 00:10 . 2008-11-12 12:32 196608 ----a-w- c:\program files\Virus Removal Tool\is-22O67\bl.ppl
2009-08-11 00:10 . 2008-11-12 12:30 733184 ----a-w- c:\program files\Virus Removal Tool\is-22O67\basegui.ppl
2009-08-11 00:10 . 2007-05-19 20:31 19456 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avspm.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\base64.ppl
2009-08-11 00:10 . 2007-05-19 20:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-22O67\base64p.ppl
2009-08-11 00:10 . 2007-05-19 20:32 159808 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avs.ppl
2009-08-11 00:10 . 2007-05-19 20:32 40448 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avpmgr.ppl
2009-08-11 00:10 . 2008-11-12 12:32 802816 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avpgui.ppl
2009-08-11 00:10 . 2007-05-19 20:32 16896 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avp3info.ppl
2009-08-11 00:10 . 2007-05-19 20:32 98304 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avpgs.ppl
2009-08-11 00:10 . 2007-05-19 20:32 12288 ----a-w- c:\program files\Virus Removal Tool\is-22O67\arjpack.ppl
2009-08-11 00:10 . 2007-05-19 20:32 11776 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avlib.ppl
2009-08-11 00:10 . 2008-11-12 12:29 135168 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avp1.ppl
2009-08-11 00:10 . 2007-05-19 20:32 17408 ----a-w- c:\program files\Virus Removal Tool\is-22O67\arj.ppl
2009-08-11 00:10 . 2008-11-12 12:32 71168 ----a-w- c:\program files\Virus Removal Tool\is-22O67\advdis.ppl
2009-08-11 00:10 . 2008-11-12 12:32 13824 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avzproxy.ppl
2009-08-11 00:10 . 2008-11-12 12:29 65536 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avzscan.ppl
2009-08-11 00:10 . 2007-05-19 20:37 22544 ----a-w- c:\program files\Virus Removal Tool\is-22O67\scmhlpr.dll
2009-08-11 00:10 . 2008-11-12 12:32 94208 ----a-w- c:\program files\Virus Removal Tool\is-22O67\prremote.dll
2009-08-11 00:10 . 2007-05-19 20:37 284176 ----a-w- c:\program files\Virus Removal Tool\is-22O67\prloader.dll
2009-08-11 00:10 . 2008-11-12 12:27 9216 ----a-w- c:\program files\Virus Removal Tool\is-22O67\kldirobj.dll
2009-08-11 00:10 . 2008-11-12 12:27 28160 ----a-w- c:\program files\Virus Removal Tool\is-22O67\klipc.dll
2009-08-11 00:10 . 2007-05-19 20:37 108048 ----a-w- c:\program files\Virus Removal Tool\is-22O67\getsi.dll
2009-08-11 00:10 . 2007-05-19 20:37 15888 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avp_iont.dll
2009-08-11 00:10 . 2008-11-12 12:29 28672 ----a-w- c:\program files\Virus Removal Tool\is-22O67\fssync.dll
2009-08-11 00:10 . 2007-05-19 20:37 12304 ----a-w- c:\program files\Virus Removal Tool\is-22O67\Avp_io32.dll
2009-08-11 00:10 . 2008-11-12 12:33 2014720 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avzkrnl.dll
2009-08-11 00:10 . 2008-11-12 12:33 65536 ----a-w- c:\program files\Virus Removal Tool\is-22O67\startup.exe
2009-08-11 00:10 . 2008-11-12 12:32 217088 ----a-w- c:\program files\Virus Removal Tool\is-22O67\is-22O67.exe
2009-08-11 00:10 . 2007-05-19 20:34 12800 ----a-w- c:\program files\Virus Removal Tool\is-22O67\is-22O67.com
2009-08-11 00:10 . 2009-08-13 12:39 13538 ----a-w- c:\program files\Virus Removal Tool\is-22O67\avp.dt
2009-08-11 00:10 . 2008-11-12 12:24 18 ----a-w- c:\program files\Virus Removal Tool\is-22O67\is-22O67.cfg
2009-08-11 00:10 . 2007-02-20 17:46 6144 ----a-w- c:\program files\Virus Removal Tool\is-22O67\drivers\drvins32.exe
2009-08-11 00:10 . 2009-08-11 00:10 3580 ----a-w- c:\program files\Virus Removal Tool\is-22O67\drivers\44019618.inf
2009-08-11 00:10 . 2008-07-08 12:54 148496 ----a-w- c:\program files\Virus Removal Tool\is-22O67\drivers\44019618.sys
2009-08-11 00:10 . 2008-07-08 12:54 7575 ----a-w- c:\program files\Virus Removal Tool\is-22O67\drivers\44019618.cat
2009-08-11 00:10 . 2008-11-12 12:27 11264 ----a-w- c:\program files\Virus Removal Tool\is-22O67\minst.exe
2009-08-11 00:10 . 2007-05-19 20:25 626688 ----a-w- c:\program files\Virus Removal Tool\is-22O67\msvcr80.dll
2009-08-11 00:10 . 2007-05-19 20:25 548864 ----a-w- c:\program files\Virus Removal Tool\is-22O67\msvcp80.dll
2009-08-11 00:10 . 2007-05-19 20:25 522 ----a-w- c:\program files\Virus Removal Tool\is-22O67\Microsoft.VC80.CRT.manifest
2009-08-11 00:10 . 2007-05-19 20:25 479232 ----a-w- c:\program files\Virus Removal Tool\is-22O67\msvcm80.dll
2009-08-11 00:10 . 2009-08-11 00:10 41901 ----a-w- c:\program files\Virus Removal Tool\unins000.dat
2009-08-11 00:10 . 2009-08-11 00:08 682266 ----a-w- c:\program files\Virus Removal Tool\unins000.exe

((((((((((((((((((((((((((((( SnapShot@2009-08-13_13.44.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 17:15 . 2009-08-13 17:15 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat
+ 2009-08-13 14:36 . 2009-08-13 14:36 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-13 14:36 . 2009-08-13 14:36 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-13 14:36 . 2009-08-13 14:36 270336 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-13 14:36 . 2009-08-13 14:36 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-13 14:36 . 2009-08-13 14:36 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-13 14:36 . 2009-08-13 14:36 8990720 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@="{ba930330-a721-11d3-a7b9-00500464ee16}"
[HKEY_CLASSES_ROOT\CLSID\{ba930330-a721-11d3-a7b9-00500464ee16}]
2005-06-08 16:30 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@="{2030D939-54A7-4fea-9B06-49EA77EFC87F}"
[HKEY_CLASSES_ROOT\CLSID\{2030D939-54A7-4fea-9B06-49EA77EFC87F}]
2005-06-08 16:30 77824 ----a-w- c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-05 185896]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 24576]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 245760]
"UERLKUP"="c:\program files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2007-06-30 28672]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-27 73728]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-12 266240]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
is-22O67.lnk - c:\program files\Virus Removal Tool\is-22O67\startup.exe [2009-8-11 65536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-11-10 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
2002-01-22 13:28 110592 ----a-w- c:\windows\system32\SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
2005-03-31 09:27 69632 ----a-w- c:\windows\system32\SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
2006-03-29 12:14 77824 ----a-w- c:\windows\system32\uercltn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AirPort\\APAgent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16434:TCP"= 16434:TCP:NortonAV
"5353:UDP"= 5353:UDP:Bonjour
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [08/06/2005 18:47 17952]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [08/06/2005 18:48 54880]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/04/2008 21:22 114768]
R1 is-22O67drv;is-22O67drv;c:\windows\system32\drivers\44019618.sys [11/08/2009 02:10 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/04/2008 21:22 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/03/2009 11:33 55152]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [09/04/2008 21:10 63555]
S3 CYNI;CYNI;c:\docume~1\UTILIS~1\LOCALS~1\Temp\CYNI.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\CYNI.exe [?]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [09/04/2008 21:10 114616]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GMHALX;GMHALX;c:\docume~1\UTILIS~1\LOCALS~1\Temp\GMHALX.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\GMHALX.exe [?]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [27/03/2008 21:42 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [27/03/2008 21:42 15488]
S3 RYUNEAVTSW;RYUNEAVTSW;c:\docume~1\UTILIS~1\LOCALS~1\Temp\RYUNEAVTSW.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\RYUNEAVTSW.exe [?]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys --> c:\windows\system32\DRIVERS\TpChoice.sys [?]
S3 TWPVMJEX;TWPVMJEX;c:\docume~1\UTILIS~1\LOCALS~1\Temp\TWPVMJEX.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\TWPVMJEX.exe [?]
S3 utu4odg4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utu4odg4.sys --> c:\windows\system32\Drivers\utu4odg4.sys [?]
S3 VAGOKALHS;VAGOKALHS;c:\docume~1\UTILIS~1\LOCALS~1\Temp\VAGOKALHS.exe --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\VAGOKALHS.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2007-08-03 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]

2007-08-17 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]

2007-08-03 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-24 02:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.regioncentre.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\73eieb4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.regioncentre.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\SGLogEx.dll
c:\windows\system32\SGLogNotification.dll
c:\windows\system32\uercltn.dll
c:\windows\system32\USWERRLN.dll
c:\windows\system32\uerlibws.dll
c:\windows\system32\GetUserSid.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(780)
c:\program files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\windows\system32\TDispVol.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Utimaco\SafeGuard Easy\SGEDRV.dll
c:\program files\Utimaco\SafeGuard Easy\FLTAPI.DLL
c:\program files\Utimaco\SafeGuard Easy\SGEAPI.dll
c:\program files\Utimaco\SafeGuard Easy\CfgApi.dll
c:\program files\Utimaco\SafeGuard Easy\SgeRmd.dll
c:\program files\Utimaco\SafeGuard Easy\RandSeed.dll
c:\program files\Utimaco\SafeGuard Easy\CmfcApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\windows\system32\SgLogPlayer.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Virus Removal Tool\is-22O67\is-22O67.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 17:20
ComboFix2.txt 2009-08-13 13:45

Pre-Run: 14 517 374 976 octets libres
Post-Run: 14 373 339 136 octets libres

611 --- E O F --- 2009-08-03 09:38

Réponse 54 / 88

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
13 août 2009 à 23:19

Peux tu nous refaire un RSIT?

Réponse 55 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
14 août 2009 à 02:50

Logfile of random's system information tool 1.06 (written by random/random)
Run by Utilisateur at 2009-08-14 02:48:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 14 GB (42%) free of 33 GB
Total RAM: 1526 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:49:08, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.centre-valdeloire.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-22O67.lnk = C:\Program Files\Virus Removal Tool\is-22O67\startup.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzrcv01.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CYNI - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\CYNI.exe (file missing)
O23 - Service: GMHALX - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\GMHALX.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RYUNEAVTSW - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\RYUNEAVTSW.exe (file missing)
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TWPVMJEX - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\TWPVMJEX.exe (file missing)
O23 - Service: VAGOKALHS - Unknown owner - C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\VAGOKALHS.exe (file missing)
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

Réponse 56 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
14 août 2009 à 11:07

Bonjour,

Fais ceci , ensuite je te donne une autre manip, puis continue avec Pimprenelle :

(T'es mal barré car je pense que tu as conficker ...)

===================

Télécharge ce fichier .

Exécute le a fin de supprimer les traces de Norton

===================

Si vous êtes sous Vista Désactivez l'UAC

Télécharge OTM (Old Timer) sur ton bureau:

▶ Sous XP: Double-clique sur OTM.exe afin de le lancer.
* Sous Vista: fais un clic droit sur OTM et choisis "exécuter en tant qu'administrateur"
▶ Copie (Ctrl+C) le texte suivant ci-dessous :

:Processes
explorer.exe
:services
TWPVMJEX
VAGOKALHS
RYUNEAVTSW
GMHALX
CYNI
Planificateur LiveUpdate automatique
Symantec Core LC
Service Bonjour
catchme
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-
"Zooming"=-
"SmoothView"=-
"NDSTray.exe"=-
"Apoint"=-
"Camera Assistant Software"=-
"TkBellExe"=-
"CFSServ.exe"=-
"AppleSyncNotifier"=-
"Adobe Reader Speed Launcher"=-
"AirPort Base Station Agent"=-
"QuickTime Task"=-
"iTunesHelper"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"=-
"msnmsgr"=-
:Files

:Commands
[start explorer]
[emptytemp]
[purity]
[reboot]

▶ Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

▶ Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. => Accepte en cliquant sur YES.

▶ Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

* Note: Le nom du rapport correspond au moment de sa création : date_heure.log

=================

Tu es volontairement derrière un serveur proxy ?

=================

Télécharge CCleaner sur ton bureau

▶ Installe le , mais décoche la barre yahoo.

▶ Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".

▶ Dans le menu nettoyeur , clique sur "Analyse.

▶ Ensuite clique sur le bouton "Lancer le nettoyage" et laisse le faire.

▶ Maintenant dans l'onglet "Registre" , clique sur "Chercher des erreurs"

▶ Réponds a OUI a la question qui te sera posée.

▶ Enfin , répare les erreurs en cliquant sur " Réparer les erreurs sélectionnés "

N.B : Refais trois fois , une réparation du registre pour que cela soit efficace !

Regarde bien le Tutoriel CCleaner , il est bien expliqué ...

=================

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 4 ( Listing )
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

=================

@+

=)

Réponse 57 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
14 août 2009 à 13:11

Salut, salut
=================

fix200: Tu es volontairement derrière un serveur proxy ?

=================
C'est une question qui m'est destinée? Si oui heu...peut être, peut être pas. En fait j'en sais rien, j'sais pas trop ce que c'est ni ce que ça fait, mais ça m'interresse de savoir!!

Je tiens à signaler que cet ordinateur m'est prêté/donné par la région centre pour mes études et qu'il dispose d'un logiciel appeler "Safeguard" qui, à chaque fois que je me connecte à Internet, met à jour un crédit temps. Si je dépasse le crédit temps (temps entre 2 connections, 90 jours), l'ordinateur se bloque de même si j'essaie de supprimer le logiciel.
Voilou comme je pige pas tout à ce que vous me faites faire, je voulais que vous le sachiez!

J'ai regardé ce que c'était conficker, ça à pas l'air cool, pourtant l'ordinateur marche plutôt bien!!

Réponse 58 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
14 août 2009 à 13:33

J'attends que vous me disiez ce que vous en pensez avant que de commencer la manip
Merci
A toute

Réponse 59 / 88

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
14 août 2009 à 18:35

Re ,

ça va etre un peu difficile ... mais tu peux faire la manip :) .

A+

Réponse 60 / 88

teuteuduf Messages postés 60 Date d'inscription lundi 10 août 2009 Statut Membre Dernière intervention 17 novembre 2009
14 août 2009 à 21:34

Voici le rapport OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver TWPVMJEX deleted successfully.

Service\Driver VAGOKALHS deleted successfully.

Service\Driver RYUNEAVTSW deleted successfully.

Service\Driver GMHALX deleted successfully.

Service\Driver CYNI deleted successfully.

Service\Driver Planificateur LiveUpdate automatique deleted successfully.
Service\Driver Symantec Core LC not found.
Service\Driver Symantec Core LC not found.
Service\Driver Service Bonjour not found.
Service\Driver Service Bonjour not found.
Service\Driver Service Bonjour not found.
Service\Driver catchme deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Zooming deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmoothView deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Apoint deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Camera Assistant Software deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AppleSyncNotifier deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AirPort Base Station Agent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LtMoh deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Utilisateur
->Temp folder emptied: 22514348 bytes
File delete failed. C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 19385025 bytes
->Java cache emptied: 5095416 bytes
->FireFox cache emptied: 65276042 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 76745 bytes
%systemroot%\System32 .tmp files removed: 1163264 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_64c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108,39 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08142009_212725