Trojan (alors que j'ai rien télécharger)

Natchos204 -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Depuis moins de 6h j'ai dans la barre des menus avec l'horloge un nouvel icône: rond rouge croix blanche me disant en anglais que mon pc est infecter par un spyware infection qui disparait tt seul au bout de quelques secondes, quand je clique dessus je suis dirigée vers une alerte de "pare feu" or c'est un leurre car il m'envoie sur une page web pr télécharger.
Pour l'instant j'ai lancer C cleaner, Spyboot, Defensa, antivir et rien n'a été trouvée.
J'ai aussi un message me disant que j'ai un trojan mais son nom change régulièrement.
Je voudrais identifier le problème et l'éliminer.
Je fais quoi ???
Merci
Configuration: Windows XP
Firefox 3.0.3

15 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge HijackThis v2.0.2 sur ton Bureau :
    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    - Double-clique sur HJTInstall afin de lancer l'installation.

    - Clique sur Install ensuite sur I Accept.

    - Clique sur Do a system scan and save a logfile.

    - Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
    0
    1. Natchos204
       
      voilà le contenu du blog note !!

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:29:35, on 14/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\acs.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Documents and Settings\All Users\Application Data\shmrelgx\wrefsvev.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      C:\WINDOWS\system32\ZoomingHook.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\brastk.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\qxatibsv.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\system32\DVDRAMSV.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\TODDSrv.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Defenza\pcd-as.exe
      C:\WINDOWS\system32\drwtsn32.exe
      C:\WINDOWS\system32\drwtsn32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
      O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ChkApl] C:\WINDOWS\system32\qxatibsv.exe
      O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
      O4 - HKLM\..\Policies\Explorer\Run: [7DgHk29guo] C:\Documents and Settings\All Users\Application Data\shmrelgx\wrefsvev.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lslvluedlfqse.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O21 - SSODL: apiprocsh - {1F21957C-4D5A-3B5A-80A3-090AF0D9C993} - C:\Program Files\qsgjurf\apiprocsh.dll
      O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
      O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
      1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > Natchos204
         
        Ok.

        * Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
        http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

        * Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
        * Redémarre le PC en mode sans échec :
        https://blog.sosordi.net/
        * Choisis ton compte.

        Déroule la liste des instructions ci-dessous :
        * Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
        * Appuie sur Y pour commencer le nettoyage.
        * Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
        * Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
        * Après le chargement du bureau, l'outil aura terminé et affichera Finished.
        * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
        * Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
        * Enfin, copie/colle le rapport du fichier Report.txt.
        0
      2. Natchos204 > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
         
        ok jai noté je tente
        merci
        0
      3. natchos204 > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
         
        voilà le rapport de SDFIX :


        [b]SDFix: Version 1.235 [/b]
        Run by Anais on 14/10/2008 at 14:55

        Microsoft Windows XP [version 5.1.2600]
        Running From: C:\SDFix

        [b]Checking Services [/b]:

        [b]Name [/b]:
        Generic Host Process for Win-32 Service

        [b]Path [/b]:
        "C:\WINDOWS\svchost.exe"

        Generic Host Process for Win-32 Service - Deleted


        C:\WINDOWS\system32\Microsoft\backup.tftp Found

        [b]Checking files[/b]:

        [b]Genuine[/b]:
        C:\WINDOWS\system32\Microsoft\backup.tftp
        C:\WINDOWS\system32\ftp.exe
        C:\WINDOWS\system32\tftp.exe
        C:\WINDOWS\system32\dllcache\ftp.exe
        C:\WINDOWS\system32\dllcache\tftp.exe



        Restoring Default Security Values
        Restoring Default Hosts File

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\WINDOWS\system32\wini104552663.exe - Deleted
        C:\WINDOWS\system32\brastk.exe - Deleted
        C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted





        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-10-14 15:29:00
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
        "TracesProcessed"=dword:000000a8
        "TracesSuccessful"=dword:00000009

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:




        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Documents and Settings\\Anais\\Mes documents\\LOGICIELS\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Anais\\Mes documents\\LOGICIELS\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
        "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "C:\\DOCUME~1\\Anais\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Anais\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [b]Remaining Files [/b]:


        File Backups: - C:\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
        Sun 9 Dec 2007 60,928 ...H. --- "C:\Documents and Settings\Anais\Bureau\~WRL0002.tmp"
        Mon 3 Dec 2007 52,736 ...H. --- "C:\Documents and Settings\Anais\Bureau\~WRL2506.tmp"
        Wed 16 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP382\A0072453.sys"
        Thu 17 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP382\A0072466.sys"
        Fri 18 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP382\A0073466.sys"
        Fri 18 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP382\A0073480.sys"
        Sat 19 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP383\A0073497.sys"
        Sat 19 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP383\A0073582.sys"
        Sun 20 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP384\A0073612.sys"
        Mon 21 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP385\A0073641.sys"
        Tue 22 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP385\A0073667.sys"
        Wed 23 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP386\A0073697.sys"
        Thu 24 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP386\A0073726.sys"
        Fri 25 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP386\A0073753.sys"
        Sat 26 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP386\A0073766.sys"
        Sat 26 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP387\A0073783.sys"
        Sun 27 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP387\A0073797.sys"
        Mon 28 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073829.sys"
        Tue 29 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073843.sys"
        Wed 30 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073857.sys"
        Wed 30 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073871.sys"
        Wed 30 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073897.sys"
        Thu 31 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0073916.sys"
        Thu 31 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP389\A0073952.sys"
        Fri 1 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP389\A0073966.sys"
        Fri 1 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP389\A0073991.sys"
        Sat 2 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0074006.sys"
        Sat 2 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0074020.sys"
        Sun 3 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0074034.sys"
        Mon 4 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0074060.sys"
        Tue 5 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074091.sys"
        Wed 6 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074120.sys"
        Thu 7 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074146.sys"
        Fri 8 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074160.sys"
        Sat 9 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074186.sys"
        Sun 10 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074201.sys"
        Mon 11 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0074230.sys"
        Tue 12 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP392\A0074248.sys"
        Tue 12 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP392\A0074263.sys"
        Tue 12 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP392\A0074289.sys"
        Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP393\A0075289.sys"
        Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP393\A0075321.sys"
        Thu 14 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0075340.sys"
        Thu 14 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0075374.sys"
        Fri 15 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0075390.sys"
        Sat 16 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0075419.sys"
        Sat 16 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0075436.sys"
        Sat 16 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP395\A0075460.sys"
        Sun 17 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP395\A0075488.sys"
        Sun 17 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP395\A0075505.sys"
        Tue 19 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP395\A0075538.sys"
        Thu 21 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP396\A0075571.sys"
        Fri 22 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP396\A0075600.sys"
        Sun 24 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP397\A0075633.sys"
        Mon 25 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP397\A0075649.sys"
        Tue 26 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP397\A0075678.sys"
        Wed 27 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP397\A0075720.sys"
        Wed 27 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP398\A0075752.sys"
        Thu 28 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP398\A0075781.sys"
        Fri 29 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP398\A0075811.sys"
        Sat 30 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP399\A0075844.sys"
        Sun 31 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP399\A0076844.sys"
        Sun 31 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0076863.sys"
        Tue 2 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0076892.sys"
        Wed 3 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0076914.sys"
        Fri 5 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP401\A0076957.sys"
        Sat 6 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP401\A0076986.sys"
        Sun 7 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077020.sys"
        Mon 8 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077056.sys"
        Tue 9 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077075.sys"
        Tue 9 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077093.sys"
        Tue 9 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077119.sys"
        Wed 10 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077153.sys"
        Thu 11 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0077176.sys"
        Thu 11 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP403\A0077207.sys"
        Fri 12 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP403\A0077221.sys"
        Sat 13 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP404\A0077250.sys"
        Sun 14 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077271.sys"
        Sun 14 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077302.sys"
        Sun 14 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077325.sys"
        Mon 15 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077356.sys"
        Tue 16 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077392.sys"
        Tue 16 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077407.sys"
        Tue 16 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077423.sys"
        Tue 16 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077448.sys"
        Wed 17 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077464.sys"
        Wed 17 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0077502.sys"
        Thu 18 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP406\A0077530.sys"
        Thu 18 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP406\A0077644.sys"
        Fri 19 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP406\A0077672.sys"
        Sat 20 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP407\A0077707.sys"
        Sat 20 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP407\A0077735.sys"
        Sun 21 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP408\A0077767.sys"
        Sun 21 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP408\A0077782.sys"
        Mon 22 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0077797.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0077943.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0078943.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0078963.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0079963.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0079980.sys"
        Tue 23 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0080009.sys"
        Wed 24 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0080026.sys"
        Wed 24 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0081026.sys"
        Thu 25 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082026.sys"
        Thu 25 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082042.sys"
        Thu 25 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082065.sys"
        Thu 25 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082096.sys"
        Fri 26 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082125.sys"
        Sat 27 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082148.sys"
        Sat 27 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0082170.sys"
        Sun 28 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0083170.sys"
        Sun 28 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0084170.sys"
        Tue 30 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0085170.sys"
        Tue 30 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP415\A0086063.sys"
        Tue 30 Sep 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP415\A0086083.sys"
        Wed 1 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP416\A0086257.sys"
        Thu 2 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP416\A0086271.sys"
        Fri 3 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP417\A0086308.sys"
        Fri 3 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0086324.sys"
        Fri 3 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0086362.sys"
        Sat 4 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0086380.sys"
        Mon 6 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0087380.sys"
        Tue 7 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0087398.sys"
        Wed 8 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0088398.sys"
        Wed 8 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP419\A0088416.sys"
        Thu 9 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP419\A0089416.sys"
        Thu 9 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP420\A0089422.sys"
        Fri 10 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP420\A0090422.sys"
        Fri 10 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP420\A0090428.sys"
        Fri 10 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP420\A0090446.sys"
        Fri 10 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP421\A0090452.sys"
        Sat 11 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0090470.sys"
        Sun 12 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0090476.sys"
        Mon 13 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP423\A0090494.sys"
        Tue 14 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP423\A0090512.sys"
        Tue 14 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP423\A0090643.sys"
        Tue 14 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP423\A0090650.sys"
        Tue 14 Oct 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP424\A0090759.sys"
        Sun 21 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
        Tue 14 Oct 2008 72 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
        Thu 25 Sep 2008 24,064 A..H. --- "C:\Documents and Settings\Anais\Bureau\BTS 1\MANAGEMENT\~WRL1498.tmp"
        Mon 11 Jun 2007 1,982,976 ...H. --- "C:\Documents and Settings\Anais\Mes documents\FAC 2006-2007\asso\~WRL0004.tmp"
        Wed 13 Jun 2007 1,396,224 ...H. --- "C:\Documents and Settings\Anais\Mes documents\FAC 2006-2007\asso\~WRL1142.tmp"
        Wed 13 Jun 2007 1,392,640 ...H. --- "C:\Documents and Settings\Anais\Mes documents\FAC 2006-2007\asso\~WRL2535.tmp"

        [b]Finished![/b]
        0
  2. André Bouharmont Messages postés 5 Statut Membre
     
    avez-vous essayé avec "avast" ,
    ce n'est pas la solution idéale car par ex. j'ai téléchargé l'autre jour sur un site officiel et avast m'indiquait un trojan alors qu'il n'y avait rien mais par contre j'en ai déjà eu que j'ai su éliminer avec cet antivirus
    0
  3. Natchos204
     
    nananan AVAST m'a déjà déçu une fois depuis exit de mon pc !! il faut s'en méfier et surtt utiliser seul il n'est pas fiable en tout cas à mon avis!
    Mais merci
    0
    1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
       
      - Télécharge et installe MalwareByte's Anti-Malware :
      http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

      - Mets-le à jour

      - Redémarre en mode sans échec (Recommandé) :
      https://blog.sosordi.net/

      - Choisis ta session habituelle

      - Fais un scan complet avec MalwareByte's Anti-Malware

      - Supprime tout ce que le logiciel trouve, enregistre le rapport

      - Redémarre en mode normal et poste le rapport ici

      Tutorial :
      https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
      0
      1. Natchos204 > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
         
        enfin voila le dernier scan :
        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1268
        Windows 5.1.2600 Service Pack 2

        14/10/2008 19:02:57
        mbam-log-2008-10-14 (19-02-57).txt

        Type de recherche: Examen complet (C:\|)
        Eléments examinés: 96816
        Temps écoulé: 3 hour(s), 1 minute(s), 5 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 3
        Valeur(s) du Registre infectée(s): 2
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 0
        Fichier(s) infecté(s): 4

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_CLASSES_ROOT\CLSID\{1F21957C-4D5A-3B5A-80A3-090AF0D9C993} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\apiprocsh (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chkapl (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        (Aucun élément nuisible détecté)

        Fichier(s) infecté(s):
        C:\Program Files\qsgjurf\apiprocsh.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\qxatibsv.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Anais\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Anais\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
        0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance MBAM, va dans Quarantaine et supprime tout.

    ---> Poste un nouveau rapport HijackThis.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. natchos204
     
    dernier scan hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:58:24, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Defenza\pcd-as.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lslvluedlfqse.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  7. natchos204
     
    dernier scan hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:58:24, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Defenza\pcd-as.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lslvluedlfqse.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Désinstalle Defenza.
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Poste un nouveau rapport HijackThis.
    0
  10. natchos204
     
    voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:42:51, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Il n'est pas complet.
    0
  12. natchos204
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:49:13, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Idem.
    0
  14. natchos204
     
    bha c'est étrange
    je re test :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:18:45, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur le Bureau :
    http://images.malwareremoval.com/random/RSIT.exe
    ---> Double-clique sur RSIT.exe afin de lancer le programme.
    ---> Clique sur Continue à l'écran Disclaimer.
    ---> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    ---> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit
    0