184 utilisateurs connectés
 |
|
 |
[résolu] trojan-Downloader.win32.agent variant [résolu]
takezo117
le 07 juillet 2008 à 16h44
bonjour
en voulant lancer wow, un message po-up est arrivé m'annonçant que j'étais infecté par "trojan-Downloader.win32.agent variant". J'ai vu que d'autres personnes avaient également été confrontées à ce problème et l'avaient résolu avec hijackthis et OTMoveIt , mais les lignes à cocher obtenues diffèrent.
Pourriez vous m'aider s'il vous plait?
en voulant lancer wow, un message po-up est arrivé m'annonçant que j'étais infecté par "trojan-Downloader.win32.agent variant". J'ai vu que d'autres personnes avaient également été confrontées à ce problème et l'avaient résolu avec hijackthis et OTMoveIt , mais les lignes à cocher obtenues diffèrent.
Pourriez vous m'aider s'il vous plait?
-->Message édité par takezo117 le 11/07/2008 20:01:30<--
répondre
dédétraqué
le 07 juillet 2008 à 16h53
Salut takezo117
Poste le rapport HijackThis
@++
Poste le rapport HijackThis
@++
takezo117
le 07 juillet 2008 à 17h09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:27, on 7/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Users\Chr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVQ5LAN9\HiJackThis[1].exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15332 bytes
Scan saved at 17:07:27, on 7/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Users\Chr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVQ5LAN9\HiJackThis[1].exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15332 bytes
dédétraqué
le 07 juillet 2008 à 17h24
Salut takezo117
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
---
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://siri.geekstogo.com/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
@++
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
---
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://siri.geekstogo.com/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
@++
takezo117
le 07 juillet 2008 à 17h33
SmitFraudFix v2.329
Scan done at 17:29:13,43, lun. 07/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 17:29:13,43, lun. 07/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
dédétraqué
le 07 juillet 2008 à 17h40
Salut takezo117
Télécharge SDFix par AndyManchesta sur le Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clic sur SDFix.exe sur le bureau et clic sur Install , un dossier sera créer sur le bureau.
Redémarre ton PC en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.
Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.
Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.
Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse avec un nouveau log Hijackthis.
@++
Télécharge SDFix par AndyManchesta sur le Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clic sur SDFix.exe sur le bureau et clic sur Install , un dossier sera créer sur le bureau.
Redémarre ton PC en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.
Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.
Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.
Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse avec un nouveau log Hijackthis.
@++
takezo117
le 07 juillet 2008 à 18h58
en mode sans échec, pas moyen de lancer runthis.bat : cela ne fait qu'ouvrir une fenêtre pendant une fraction de seconde... et en mode normal, il réclame le mode sans échec...
dédétraqué
le 07 juillet 2008 à 19h07
Salut takezo117
Supprime le fichier télécharger et le dossier créer, télécharge-le de nouveau
@++
Supprime le fichier télécharger et le dossier créer, télécharge-le de nouveau
@++
takezo117
le 08 juillet 2008 à 10h25
salut dédétraqué
j'ai essayé, mais sdfix semble avoir une aversion pour vista...
sur les conseils d'un ami, j'ai téléchargé et exécuté avg anti-rootkit, qui a détecté deux rootkits. Je les ai supprimés, et miracle, le launcher de wow ne m'affiche plus de message d'alerte!
merci de m'avoir consacré du temps!
j'ai essayé, mais sdfix semble avoir une aversion pour vista...
sur les conseils d'un ami, j'ai téléchargé et exécuté avg anti-rootkit, qui a détecté deux rootkits. Je les ai supprimés, et miracle, le launcher de wow ne m'affiche plus de message d'alerte!
merci de m'avoir consacré du temps!
-->Message édité par takezo117 le 08/07/2008 15:45:43<--
dédétraqué
le 08 juillet 2008 à 15h32
Salut takezo117
Poste moi un nouveau rapport HijackThis
@++
Poste moi un nouveau rapport HijackThis
@++
takezo117
le 08 juillet 2008 à 15h44
yop dédétraqué, en voila un tout frais :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:43, on 8/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13164 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:43, on 8/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13164 bytes
dédétraqué
le 08 juillet 2008 à 16h08
Salut takezo117
Télécharge Lop S&D sur ton bureau ici :
http://eric.71.mespages.googlepages.com/LopSD.exe
- Double clique sur LopSD.exe qui est sur le bureau pour lancer l'installation
- Double clique sur le raccourci Lop S&D créé sur ton Bureau
- Sélectionne la langue souhaitée et choisis l'option 1 (Recherche)
- Poste le rapport (C:\lopR.txt) dans ton prochain poste
Note : Si le bureau ne réapparaît pas appuis sur Ctrl + Alt + Suppr , le gestionnaire des tâche apparaît. Dans le haut clique sur Fichier/Nouvelle tâche, tape explorer.exe et OK pour valider
Tutoriel : http://www.malekal.com/tutorial_Lop_SD.php
@++
Télécharge Lop S&D sur ton bureau ici :
http://eric.71.mespages.googlepages.com/LopSD.exe
- Double clique sur LopSD.exe qui est sur le bureau pour lancer l'installation
- Double clique sur le raccourci Lop S&D créé sur ton Bureau
- Sélectionne la langue souhaitée et choisis l'option 1 (Recherche)
- Poste le rapport (C:\lopR.txt) dans ton prochain poste
Note : Si le bureau ne réapparaît pas appuis sur Ctrl + Alt + Suppr , le gestionnaire des tâche apparaît. Dans le haut clique sur Fichier/Nouvelle tâche, tape explorer.exe et OK pour valider
Tutoriel : http://www.malekal.com/tutorial_Lop_SD.php
@++
takezo117
le 08 juillet 2008 à 16h57
salut dédétraqué, voila le rapport de lop s&d:
-----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Chr ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ mar. 08/07/2008 | 16:45:27,42 ] [ PC : PC-DE-CHR ]
[ MAJ : 06-07-2008 | 10:55 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Roaming ]------------
[28/08/2007|10:17] C:\Users\Chr\AppData\Roaming\.BitZip\torrent
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\bsddb
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\piececache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\torrentcache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\datacache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\icons
[20/06/2008|19:47] C:\Users\Chr\AppData\Roaming\Adobe\Flash Player
[20/08/2007|10:15] C:\Users\Chr\AppData\Roaming\Adobe\Linguistics
[18/08/2007|19:43] C:\Users\Chr\AppData\Roaming\Adobe\Acrobat
[08/11/2007|16:13] C:\Users\Chr\AppData\Roaming\BitTorrent\data
[05/11/2007|10:28] C:\Users\Chr\AppData\Roaming\BitTorrent\incomplete
[04/11/2007|18:17] C:\Users\Chr\AppData\Roaming\BitTorrent\locale
[19/08/2007|10:47] C:\Users\Chr\AppData\Roaming\DivX\DivX Player
[19/08/2007|10:46] C:\Users\Chr\AppData\Roaming\DivX\DivX Codec
[19/10/2007|10:08] C:\Users\Chr\AppData\Roaming\FastStone\FSC
[29/10/2007|16:49] C:\Users\Chr\AppData\Roaming\FlashGet\DataBase
[24/12/2007|18:57] C:\Users\Chr\AppData\Roaming\Gearbox Software\Brothers In Arms
[07/04/2008|19:08] C:\Users\Chr\AppData\Roaming\Google\Local Search History
[21/08/2007|09:56] C:\Users\Chr\AppData\Roaming\Google\GoogleEarth
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\GTek\GTUpdate
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Identities\{1A3BCDF0-0218-488B-88AC-C9B4CF8A542E}
[03/02/2008|21:48] C:\Users\Chr\AppData\Roaming\ijjigame\HUL
[09/12/2007|11:03] C:\Users\Chr\AppData\Roaming\InstallShield\UpdateService
[20/11/2007|11:01] C:\Users\Chr\AppData\Roaming\InstallShield\ISEngine12.0
[22/01/2008|12:42] C:\Users\Chr\AppData\Roaming\ma-config.com\Logs
[09/10/2007|16:31] C:\Users\Chr\AppData\Roaming\Macromedia\Flash Player
[01/05/2008|19:25] C:\Users\Chr\AppData\Roaming\Microsoft\Installer
[03/10/2007|10:13] C:\Users\Chr\AppData\Roaming\Microsoft\Internet Explorer
[10/09/2007|13:44] C:\Users\Chr\AppData\Roaming\Microsoft\IdentityCRL
[23/08/2007|13:31] C:\Users\Chr\AppData\Roaming\Microsoft\Speech
[21/08/2007|20:10] C:\Users\Chr\AppData\Roaming\Microsoft\HTML Help
[19/08/2007|21:18] C:\Users\Chr\AppData\Roaming\Microsoft\MSN Messenger
[19/08/2007|10:35] C:\Users\Chr\AppData\Roaming\Microsoft\MMC
[19/08/2007|09:54] C:\Users\Chr\AppData\Roaming\Microsoft\Windows
[18/08/2007|19:55] C:\Users\Chr\AppData\Roaming\Microsoft\Network
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\Crypto
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\CLR Security Config
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\SystemCertificates
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\Protect
[18/08/2007|19:31] C:\Users\Chr\AppData\Roaming\Microsoft\Credentials
[23/12/2007|17:09] C:\Users\Chr\AppData\Roaming\Mozilla\Firefox
[20/08/2007|10:25] C:\Users\Chr\AppData\Roaming\OpenOffice.org2\user
[08/07/2008|16:44] C:\Users\Chr\AppData\Roaming\Packard Bell\Setup my PC
[21/08/2007|09:55] C:\Users\Chr\AppData\Roaming\Packard Bell\Smart Restore
[18/08/2007|19:36] C:\Users\Chr\AppData\Roaming\Packard Bell\Identity Card
[07/01/2008|18:29] C:\Users\Chr\AppData\Roaming\Participatory Culture Foundation\Miro
[07/01/2008|18:30] C:\Users\Chr\AppData\Roaming\PCF-VLC\cache
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\core
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\bt
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\zed
[04/07/2008|16:56] C:\Users\Chr\AppData\Roaming\Roxio\MediaManager9
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral33
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\logs
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\cache
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\jizeusse_odriscoll
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\user_settings
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\browser_profile
[18/08/2007|20:27] C:\Users\Chr\AppData\Roaming\SecuROM\UserData
[06/07/2008|12:52] C:\Users\Chr\AppData\Roaming\Simply Super Software\Trojan Remover
[06/07/2008|12:49] C:\Users\Chr\AppData\Roaming\SpywareStop\Log
[19/08/2007|21:47] C:\Users\Chr\AppData\Roaming\Talkback\MozillaOrg
[19/03/2008|11:09] C:\Users\Chr\AppData\Roaming\THQ\Juiced2
[20/08/2007|20:15] C:\Users\Chr\AppData\Roaming\vlc\cache
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[08/07/2008 10:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF90C9A2-09ED-4F81-94F4-CE7C40F86DB4}.job
[04/07/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - Chr.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Extension de garantie.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[08/07/2008 16:44][--ah-----] C:\Windows\tasks\SA.DAT
[08/07/2008 16:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[14/12/2007|17:48] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[18/08/2007|19:28] C:\ProgramData\Bureau
[17/06/2008|10:47] C:\ProgramData\Codemasters
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[20/08/2007|20:01] C:\ProgramData\eMule
[18/08/2007|19:28] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/06/2007|17:50] C:\ProgramData\Google
[18/08/2007|19:35] C:\ProgramData\GTek
[02/06/2007|17:49] C:\ProgramData\InstallShield
[02/06/2007|17:44] C:\ProgramData\Intel
[06/07/2008|11:21] C:\ProgramData\Kaspersky Lab Setup Files
[05/11/2007|18:45] C:\ProgramData\Logitech
[18/08/2007|19:28] C:\ProgramData\Menu D‚marrer
[14/09/2007|19:14] C:\ProgramData\Messenger Plus!
[21/08/2007|20:10] C:\ProgramData\Microsoft
[18/08/2007|19:28] C:\ProgramData\ModŠles
[24/06/2008|19:38] C:\ProgramData\NFS Underground
[26/06/2008|10:39] C:\ProgramData\NVIDIA
[07/01/2008|18:27] C:\ProgramData\Participatory Culture Foundation
[16/05/2008|11:38] C:\ProgramData\Playrix Entertainment
[28/06/2008|19:08] C:\ProgramData\Roxio
[02/06/2007|17:49] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[14/11/2007|14:02] C:\ProgramData\Symantec
[07/07/2008|09:31] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2007|18:04] C:\ProgramData\Test Drive Unlimited
[06/03/2008|14:41] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/01/2008|10:55] C:\Program Files\AC3Filter
[20/08/2007|10:24] C:\Program Files\Adobe
[07/07/2008|09:57] C:\Program Files\Alwil Software
[24/06/2008|19:33] C:\Program Files\Around the World in 80 Days
[08/11/2007|16:13] C:\Program Files\BitTorrent
[28/08/2007|10:17] C:\Program Files\BitZip
[17/06/2008|10:48] C:\Program Files\Codemasters
[06/03/2008|14:41] C:\Program Files\Common Files
[02/06/2007|17:37] C:\Program Files\CyberLink
[26/03/2008|20:35] C:\Program Files\DAEMON Tools
[26/06/2008|10:37] C:\Program Files\desktop.ini
[01/09/2007|17:41] C:\Program Files\Dictionnaire
[19/08/2007|19:19] C:\Program Files\DivX
[18/08/2007|19:54] C:\Program Files\Eicon
[30/03/2008|11:35] C:\Program Files\Empire Interactive
[19/08/2007|20:51] C:\Program Files\eMule
[18/08/2007|19:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/10/2007|16:49] C:\Program Files\FlashGet
[21/08/2007|10:07] C:\Program Files\Google
[08/07/2008|09:41] C:\Program Files\GRISOFT
[02/06/2007|17:43] C:\Program Files\HDReg
[01/07/2008|09:35] C:\Program Files\InstallShield Installation Information
[22/01/2008|13:29] C:\Program Files\Intel
[26/06/2008|10:28] C:\Program Files\Internet Explorer
[05/11/2007|18:45] C:\Program Files\Logitech
[22/01/2008|12:42] C:\Program Files\ma-config.com
[20/01/2008|12:17] C:\Program Files\MediaRoverCodec
[03/04/2008|12:28] C:\Program Files\Messenger Plus! Live
[07/03/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[27/11/2007|18:20] C:\Program Files\MIKSOFT
[26/06/2008|10:28] C:\Program Files\Movie Maker
[23/12/2007|17:24] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[18/08/2007|20:06] C:\Program Files\MSXML 4.0
[22/11/2007|10:28] C:\Program Files\Norton Internet Security
[23/05/2008|10:24] C:\Program Files\OpenAL
[20/08/2007|10:18] C:\Program Files\OpenOffice.org 2.2
[02/06/2007|17:53] C:\Program Files\Packard Bell
[12/06/2008|20:27] C:\Program Files\Picasa2
[09/06/2008|15:30] C:\Program Files\Podmailing
[02/06/2007|17:37] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[23/08/2007|10:23] C:\Program Files\RivaTuner v2.0 Final Release
[02/06/2007|17:49] C:\Program Files\Roxio
[02/06/2007|17:53] C:\Program Files\Skype
[20/08/2007|19:48] C:\Program Files\Symantec
[24/04/2008|19:29] C:\Program Files\The Witcher
[01/05/2008|17:50] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/04/2008|08:17] C:\Program Files\UniUploader
[10/04/2008|17:13] C:\Program Files\Unlocker
[20/08/2007|20:12] C:\Program Files\VideoLAN
[26/06/2008|10:28] C:\Program Files\Windows Calendar
[26/06/2008|10:28] C:\Program Files\Windows Collaboration
[26/06/2008|10:28] C:\Program Files\Windows Defender
[26/06/2008|10:28] C:\Program Files\Windows Journal
[06/03/2008|14:41] C:\Program Files\Windows Live
[26/06/2008|10:28] C:\Program Files\Windows Mail
[26/06/2008|10:28] C:\Program Files\Windows Media Player
[18/08/2007|19:28] C:\Program Files\Windows NT
[26/06/2008|10:28] C:\Program Files\Windows Photo Gallery
[26/06/2008|10:28] C:\Program Files\Windows Sidebar
[21/08/2007|09:54] C:\Program Files\WinRAR
[29/05/2008|10:36] C:\Program Files\World of Warcraft
[11/12/2007|18:33] C:\Program Files\WowCartographe
[02/06/2007|17:39] C:\Program Files\X10 Hardware
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[20/08/2007|10:24] C:\Program Files\Common Files\Adobe
[10/01/2008|10:29] C:\Program Files\Common Files\Blizzard Entertainment
[02/06/2007|17:48] C:\Program Files\Common Files\InstallShield
[02/06/2007|17:44] C:\Program Files\Common Files\Intel
[05/11/2007|18:45] C:\Program Files\Common Files\Logishrd
[05/11/2007|18:46] C:\Program Files\Common Files\Logitech
[06/03/2008|14:42] C:\Program Files\Common Files\microsoft shared
[19/08/2007|10:45] C:\Program Files\Common Files\PX Storage Engine
[02/06/2007|17:49] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/06/2007|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/06/2007|17:49] C:\Program Files\Common Files\SureThing Shared
[18/08/2007|19:54] C:\Program Files\Common Files\SWF Studio
[20/08/2007|19:49] C:\Program Files\Common Files\Symantec Shared
[26/06/2008|10:28] C:\Program Files\Common Files\System
[06/03/2008|14:42] C:\Program Files\Common Files\WindowsLiveInstaller
[02/06/2007|17:38] C:\Program Files\Common Files\X10
---------------------------[ Process ]--------------------------
... 83
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 16:46:44
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\Windows\System32\kdxlz.exe 51712 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------[ Recherche d'autres infections ]---------------------
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.163 85.255.112.15
! WAREOUT Possible !
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Da
-----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Chr ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ mar. 08/07/2008 | 16:45:27,42 ] [ PC : PC-DE-CHR ]
[ MAJ : 06-07-2008 | 10:55 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Roaming ]------------
[28/08/2007|10:17] C:\Users\Chr\AppData\Roaming\.BitZip\torrent
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\bsddb
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\piececache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\torrentcache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\datacache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\icons
[20/06/2008|19:47] C:\Users\Chr\AppData\Roaming\Adobe\Flash Player
[20/08/2007|10:15] C:\Users\Chr\AppData\Roaming\Adobe\Linguistics
[18/08/2007|19:43] C:\Users\Chr\AppData\Roaming\Adobe\Acrobat
[08/11/2007|16:13] C:\Users\Chr\AppData\Roaming\BitTorrent\data
[05/11/2007|10:28] C:\Users\Chr\AppData\Roaming\BitTorrent\incomplete
[04/11/2007|18:17] C:\Users\Chr\AppData\Roaming\BitTorrent\locale
[19/08/2007|10:47] C:\Users\Chr\AppData\Roaming\DivX\DivX Player
[19/08/2007|10:46] C:\Users\Chr\AppData\Roaming\DivX\DivX Codec
[19/10/2007|10:08] C:\Users\Chr\AppData\Roaming\FastStone\FSC
[29/10/2007|16:49] C:\Users\Chr\AppData\Roaming\FlashGet\DataBase
[24/12/2007|18:57] C:\Users\Chr\AppData\Roaming\Gearbox Software\Brothers In Arms
[07/04/2008|19:08] C:\Users\Chr\AppData\Roaming\Google\Local Search History
[21/08/2007|09:56] C:\Users\Chr\AppData\Roaming\Google\GoogleEarth
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\GTek\GTUpdate
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Identities\{1A3BCDF0-0218-488B-88AC-C9B4CF8A542E}
[03/02/2008|21:48] C:\Users\Chr\AppData\Roaming\ijjigame\HUL
[09/12/2007|11:03] C:\Users\Chr\AppData\Roaming\InstallShield\UpdateService
[20/11/2007|11:01] C:\Users\Chr\AppData\Roaming\InstallShield\ISEngine12.0
[22/01/2008|12:42] C:\Users\Chr\AppData\Roaming\ma-config.com\Logs
[09/10/2007|16:31] C:\Users\Chr\AppData\Roaming\Macromedia\Flash Player
[01/05/2008|19:25] C:\Users\Chr\AppData\Roaming\Microsoft\Installer
[03/10/2007|10:13] C:\Users\Chr\AppData\Roaming\Microsoft\Internet Explorer
[10/09/2007|13:44] C:\Users\Chr\AppData\Roaming\Microsoft\IdentityCRL
[23/08/2007|13:31] C:\Users\Chr\AppData\Roaming\Microsoft\Speech
[21/08/2007|20:10] C:\Users\Chr\AppData\Roaming\Microsoft\HTML Help
[19/08/2007|21:18] C:\Users\Chr\AppData\Roaming\Microsoft\MSN Messenger
[19/08/2007|10:35] C:\Users\Chr\AppData\Roaming\Microsoft\MMC
[19/08/2007|09:54] C:\Users\Chr\AppData\Roaming\Microsoft\Windows
[18/08/2007|19:55] C:\Users\Chr\AppData\Roaming\Microsoft\Network
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\Crypto
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\CLR Security Config
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\SystemCertificates
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\Protect
[18/08/2007|19:31] C:\Users\Chr\AppData\Roaming\Microsoft\Credentials
[23/12/2007|17:09] C:\Users\Chr\AppData\Roaming\Mozilla\Firefox
[20/08/2007|10:25] C:\Users\Chr\AppData\Roaming\OpenOffice.org2\user
[08/07/2008|16:44] C:\Users\Chr\AppData\Roaming\Packard Bell\Setup my PC
[21/08/2007|09:55] C:\Users\Chr\AppData\Roaming\Packard Bell\Smart Restore
[18/08/2007|19:36] C:\Users\Chr\AppData\Roaming\Packard Bell\Identity Card
[07/01/2008|18:29] C:\Users\Chr\AppData\Roaming\Participatory Culture Foundation\Miro
[07/01/2008|18:30] C:\Users\Chr\AppData\Roaming\PCF-VLC\cache
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\core
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\bt
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\zed
[04/07/2008|16:56] C:\Users\Chr\AppData\Roaming\Roxio\MediaManager9
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral33
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\logs
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\cache
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\jizeusse_odriscoll
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\user_settings
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\browser_profile
[18/08/2007|20:27] C:\Users\Chr\AppData\Roaming\SecuROM\UserData
[06/07/2008|12:52] C:\Users\Chr\AppData\Roaming\Simply Super Software\Trojan Remover
[06/07/2008|12:49] C:\Users\Chr\AppData\Roaming\SpywareStop\Log
[19/08/2007|21:47] C:\Users\Chr\AppData\Roaming\Talkback\MozillaOrg
[19/03/2008|11:09] C:\Users\Chr\AppData\Roaming\THQ\Juiced2
[20/08/2007|20:15] C:\Users\Chr\AppData\Roaming\vlc\cache
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[08/07/2008 10:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF90C9A2-09ED-4F81-94F4-CE7C40F86DB4}.job
[04/07/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - Chr.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Extension de garantie.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[08/07/2008 16:44][--ah-----] C:\Windows\tasks\SA.DAT
[08/07/2008 16:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[14/12/2007|17:48] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[18/08/2007|19:28] C:\ProgramData\Bureau
[17/06/2008|10:47] C:\ProgramData\Codemasters
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[20/08/2007|20:01] C:\ProgramData\eMule
[18/08/2007|19:28] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/06/2007|17:50] C:\ProgramData\Google
[18/08/2007|19:35] C:\ProgramData\GTek
[02/06/2007|17:49] C:\ProgramData\InstallShield
[02/06/2007|17:44] C:\ProgramData\Intel
[06/07/2008|11:21] C:\ProgramData\Kaspersky Lab Setup Files
[05/11/2007|18:45] C:\ProgramData\Logitech
[18/08/2007|19:28] C:\ProgramData\Menu D‚marrer
[14/09/2007|19:14] C:\ProgramData\Messenger Plus!
[21/08/2007|20:10] C:\ProgramData\Microsoft
[18/08/2007|19:28] C:\ProgramData\ModŠles
[24/06/2008|19:38] C:\ProgramData\NFS Underground
[26/06/2008|10:39] C:\ProgramData\NVIDIA
[07/01/2008|18:27] C:\ProgramData\Participatory Culture Foundation
[16/05/2008|11:38] C:\ProgramData\Playrix Entertainment
[28/06/2008|19:08] C:\ProgramData\Roxio
[02/06/2007|17:49] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[14/11/2007|14:02] C:\ProgramData\Symantec
[07/07/2008|09:31] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2007|18:04] C:\ProgramData\Test Drive Unlimited
[06/03/2008|14:41] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/01/2008|10:55] C:\Program Files\AC3Filter
[20/08/2007|10:24] C:\Program Files\Adobe
[07/07/2008|09:57] C:\Program Files\Alwil Software
[24/06/2008|19:33] C:\Program Files\Around the World in 80 Days
[08/11/2007|16:13] C:\Program Files\BitTorrent
[28/08/2007|10:17] C:\Program Files\BitZip
[17/06/2008|10:48] C:\Program Files\Codemasters
[06/03/2008|14:41] C:\Program Files\Common Files
[02/06/2007|17:37] C:\Program Files\CyberLink
[26/03/2008|20:35] C:\Program Files\DAEMON Tools
[26/06/2008|10:37] C:\Program Files\desktop.ini
[01/09/2007|17:41] C:\Program Files\Dictionnaire
[19/08/2007|19:19] C:\Program Files\DivX
[18/08/2007|19:54] C:\Program Files\Eicon
[30/03/2008|11:35] C:\Program Files\Empire Interactive
[19/08/2007|20:51] C:\Program Files\eMule
[18/08/2007|19:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/10/2007|16:49] C:\Program Files\FlashGet
[21/08/2007|10:07] C:\Program Files\Google
[08/07/2008|09:41] C:\Program Files\GRISOFT
[02/06/2007|17:43] C:\Program Files\HDReg
[01/07/2008|09:35] C:\Program Files\InstallShield Installation Information
[22/01/2008|13:29] C:\Program Files\Intel
[26/06/2008|10:28] C:\Program Files\Internet Explorer
[05/11/2007|18:45] C:\Program Files\Logitech
[22/01/2008|12:42] C:\Program Files\ma-config.com
[20/01/2008|12:17] C:\Program Files\MediaRoverCodec
[03/04/2008|12:28] C:\Program Files\Messenger Plus! Live
[07/03/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[27/11/2007|18:20] C:\Program Files\MIKSOFT
[26/06/2008|10:28] C:\Program Files\Movie Maker
[23/12/2007|17:24] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[18/08/2007|20:06] C:\Program Files\MSXML 4.0
[22/11/2007|10:28] C:\Program Files\Norton Internet Security
[23/05/2008|10:24] C:\Program Files\OpenAL
[20/08/2007|10:18] C:\Program Files\OpenOffice.org 2.2
[02/06/2007|17:53] C:\Program Files\Packard Bell
[12/06/2008|20:27] C:\Program Files\Picasa2
[09/06/2008|15:30] C:\Program Files\Podmailing
[02/06/2007|17:37] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[23/08/2007|10:23] C:\Program Files\RivaTuner v2.0 Final Release
[02/06/2007|17:49] C:\Program Files\Roxio
[02/06/2007|17:53] C:\Program Files\Skype
[20/08/2007|19:48] C:\Program Files\Symantec
[24/04/2008|19:29] C:\Program Files\The Witcher
[01/05/2008|17:50] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/04/2008|08:17] C:\Program Files\UniUploader
[10/04/2008|17:13] C:\Program Files\Unlocker
[20/08/2007|20:12] C:\Program Files\VideoLAN
[26/06/2008|10:28] C:\Program Files\Windows Calendar
[26/06/2008|10:28] C:\Program Files\Windows Collaboration
[26/06/2008|10:28] C:\Program Files\Windows Defender
[26/06/2008|10:28] C:\Program Files\Windows Journal
[06/03/2008|14:41] C:\Program Files\Windows Live
[26/06/2008|10:28] C:\Program Files\Windows Mail
[26/06/2008|10:28] C:\Program Files\Windows Media Player
[18/08/2007|19:28] C:\Program Files\Windows NT
[26/06/2008|10:28] C:\Program Files\Windows Photo Gallery
[26/06/2008|10:28] C:\Program Files\Windows Sidebar
[21/08/2007|09:54] C:\Program Files\WinRAR
[29/05/2008|10:36] C:\Program Files\World of Warcraft
[11/12/2007|18:33] C:\Program Files\WowCartographe
[02/06/2007|17:39] C:\Program Files\X10 Hardware
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[20/08/2007|10:24] C:\Program Files\Common Files\Adobe
[10/01/2008|10:29] C:\Program Files\Common Files\Blizzard Entertainment
[02/06/2007|17:48] C:\Program Files\Common Files\InstallShield
[02/06/2007|17:44] C:\Program Files\Common Files\Intel
[05/11/2007|18:45] C:\Program Files\Common Files\Logishrd
[05/11/2007|18:46] C:\Program Files\Common Files\Logitech
[06/03/2008|14:42] C:\Program Files\Common Files\microsoft shared
[19/08/2007|10:45] C:\Program Files\Common Files\PX Storage Engine
[02/06/2007|17:49] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/06/2007|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/06/2007|17:49] C:\Program Files\Common Files\SureThing Shared
[18/08/2007|19:54] C:\Program Files\Common Files\SWF Studio
[20/08/2007|19:49] C:\Program Files\Common Files\Symantec Shared
[26/06/2008|10:28] C:\Program Files\Common Files\System
[06/03/2008|14:42] C:\Program Files\Common Files\WindowsLiveInstaller
[02/06/2007|17:38] C:\Program Files\Common Files\X10
---------------------------[ Process ]--------------------------
... 83
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 16:46:44
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\Windows\System32\kdxlz.exe 51712 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------[ Recherche d'autres infections ]---------------------
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.163 85.255.112.15
! WAREOUT Possible !
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\Local Settings\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\Local Settings\Application Da
dédétraqué
le 08 juillet 2008 à 17h12
Salut takezo117
- Double clique sur le raccourci Lop S&D créé sur ton Bureau
- Choisis l'Option 2 (Suppression)
- Poste le rapport (C:\lopR.txt) dans ton prochain poste
Note : Si le bureau ne réapparaît pas appuis sur Ctrl + Alt + Suppr , le gestionnaire des tâche apparaît. Dans le haut clique sur Fichier/Nouvelle tâche, tape explorer.exe et OK pour valider
Avec ce rapport, poste un nouveau rapport HijackThis
@++
- Double clique sur le raccourci Lop S&D créé sur ton Bureau
- Choisis l'Option 2 (Suppression)
- Poste le rapport (C:\lopR.txt) dans ton prochain poste
Note : Si le bureau ne réapparaît pas appuis sur Ctrl + Alt + Suppr , le gestionnaire des tâche apparaît. Dans le haut clique sur Fichier/Nouvelle tâche, tape explorer.exe et OK pour valider
Avec ce rapport, poste un nouveau rapport HijackThis
@++
takezo117
le 08 juillet 2008 à 17h32
salut dédétraqué
voila le nouveau rapport de lop s&d :
-----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Chr ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ mar. 08/07/2008 | 17:21:43,95 ] [ PC : PC-DE-CHR ]
[ MAJ : 06-07-2008 | 10:55 ]
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
RestaurÚ! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Roaming ]------------
[28/08/2007|10:17] C:\Users\Chr\AppData\Roaming\.BitZip\torrent
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\bsddb
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\piececache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\torrentcache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\datacache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\icons
[20/06/2008|19:47] C:\Users\Chr\AppData\Roaming\Adobe\Flash Player
[20/08/2007|10:15] C:\Users\Chr\AppData\Roaming\Adobe\Linguistics
[18/08/2007|19:43] C:\Users\Chr\AppData\Roaming\Adobe\Acrobat
[08/11/2007|16:13] C:\Users\Chr\AppData\Roaming\BitTorrent\data
[05/11/2007|10:28] C:\Users\Chr\AppData\Roaming\BitTorrent\incomplete
[04/11/2007|18:17] C:\Users\Chr\AppData\Roaming\BitTorrent\locale
[19/08/2007|10:47] C:\Users\Chr\AppData\Roaming\DivX\DivX Player
[19/08/2007|10:46] C:\Users\Chr\AppData\Roaming\DivX\DivX Codec
[19/10/2007|10:08] C:\Users\Chr\AppData\Roaming\FastStone\FSC
[29/10/2007|16:49] C:\Users\Chr\AppData\Roaming\FlashGet\DataBase
[24/12/2007|18:57] C:\Users\Chr\AppData\Roaming\Gearbox Software\Brothers In Arms
[07/04/2008|19:08] C:\Users\Chr\AppData\Roaming\Google\Local Search History
[21/08/2007|09:56] C:\Users\Chr\AppData\Roaming\Google\GoogleEarth
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\GTek\GTUpdate
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Identities\{1A3BCDF0-0218-488B-88AC-C9B4CF8A542E}
[03/02/2008|21:48] C:\Users\Chr\AppData\Roaming\ijjigame\HUL
[09/12/2007|11:03] C:\Users\Chr\AppData\Roaming\InstallShield\UpdateService
[20/11/2007|11:01] C:\Users\Chr\AppData\Roaming\InstallShield\ISEngine12.0
[22/01/2008|12:42] C:\Users\Chr\AppData\Roaming\ma-config.com\Logs
[09/10/2007|16:31] C:\Users\Chr\AppData\Roaming\Macromedia\Flash Player
[01/05/2008|19:25] C:\Users\Chr\AppData\Roaming\Microsoft\Installer
[03/10/2007|10:13] C:\Users\Chr\AppData\Roaming\Microsoft\Internet Explorer
[10/09/2007|13:44] C:\Users\Chr\AppData\Roaming\Microsoft\IdentityCRL
[23/08/2007|13:31] C:\Users\Chr\AppData\Roaming\Microsoft\Speech
[21/08/2007|20:10] C:\Users\Chr\AppData\Roaming\Microsoft\HTML Help
[19/08/2007|21:18] C:\Users\Chr\AppData\Roaming\Microsoft\MSN Messenger
[19/08/2007|10:35] C:\Users\Chr\AppData\Roaming\Microsoft\MMC
[19/08/2007|09:54] C:\Users\Chr\AppData\Roaming\Microsoft\Windows
[18/08/2007|19:55] C:\Users\Chr\AppData\Roaming\Microsoft\Network
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\Crypto
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\CLR Security Config
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\SystemCertificates
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\Protect
[18/08/2007|19:31] C:\Users\Chr\AppData\Roaming\Microsoft\Credentials
[23/12/2007|17:09] C:\Users\Chr\AppData\Roaming\Mozilla\Firefox
[20/08/2007|10:25] C:\Users\Chr\AppData\Roaming\OpenOffice.org2\user
[08/07/2008|17:21] C:\Users\Chr\AppData\Roaming\Packard Bell\Setup my PC
[21/08/2007|09:55] C:\Users\Chr\AppData\Roaming\Packard Bell\Smart Restore
[18/08/2007|19:36] C:\Users\Chr\AppData\Roaming\Packard Bell\Identity Card
[07/01/2008|18:29] C:\Users\Chr\AppData\Roaming\Participatory Culture Foundation\Miro
[07/01/2008|18:30] C:\Users\Chr\AppData\Roaming\PCF-VLC\cache
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\core
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\bt
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\zed
[04/07/2008|16:56] C:\Users\Chr\AppData\Roaming\Roxio\MediaManager9
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral33
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\logs
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\cache
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\jizeusse_odriscoll
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\user_settings
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\browser_profile
[18/08/2007|20:27] C:\Users\Chr\AppData\Roaming\SecuROM\UserData
[06/07/2008|12:52] C:\Users\Chr\AppData\Roaming\Simply Super Software\Trojan Remover
[06/07/2008|12:49] C:\Users\Chr\AppData\Roaming\SpywareStop\Log
[19/08/2007|21:47] C:\Users\Chr\AppData\Roaming\Talkback\MozillaOrg
[19/03/2008|11:09] C:\Users\Chr\AppData\Roaming\THQ\Juiced2
[20/08/2007|20:15] C:\Users\Chr\AppData\Roaming\vlc\cache
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[08/07/2008 10:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF90C9A2-09ED-4F81-94F4-CE7C40F86DB4}.job
[04/07/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - Chr.job
[08/07/2008 17:00][--a------] C:\Windows\tasks\Extension de garantie.job
[08/07/2008 17:00][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[08/07/2008 17:21][--ah-----] C:\Windows\tasks\SA.DAT
[08/07/2008 17:20][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[14/12/2007|17:48] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[18/08/2007|19:28] C:\ProgramData\Bureau
[17/06/2008|10:47] C:\ProgramData\Codemasters
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[20/08/2007|20:01] C:\ProgramData\eMule
[18/08/2007|19:28] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/06/2007|17:50] C:\ProgramData\Google
[18/08/2007|19:35] C:\ProgramData\GTek
[02/06/2007|17:49] C:\ProgramData\InstallShield
[02/06/2007|17:44] C:\ProgramData\Intel
[06/07/2008|11:21] C:\ProgramData\Kaspersky Lab Setup Files
[05/11/2007|18:45] C:\ProgramData\Logitech
[18/08/2007|19:28] C:\ProgramData\Menu D‚marrer
[14/09/2007|19:14] C:\ProgramData\Messenger Plus!
[21/08/2007|20:10] C:\ProgramData\Microsoft
[18/08/2007|19:28] C:\ProgramData\ModŠles
[24/06/2008|19:38] C:\ProgramData\NFS Underground
[26/06/2008|10:39] C:\ProgramData\NVIDIA
[07/01/2008|18:27] C:\ProgramData\Participatory Culture Foundation
[16/05/2008|11:38] C:\ProgramData\Playrix Entertainment
[28/06/2008|19:08] C:\ProgramData\Roxio
[02/06/2007|17:49] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[14/11/2007|14:02] C:\ProgramData\Symantec
[07/07/2008|09:31] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2007|18:04] C:\ProgramData\Test Drive Unlimited
[06/03/2008|14:41] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/01/2008|10:55] C:\Program Files\AC3Filter
[20/08/2007|10:24] C:\Program Files\Adobe
[07/07/2008|09:57] C:\Program Files\Alwil Software
[24/06/2008|19:33] C:\Program Files\Around the World in 80 Days
[08/11/2007|16:13] C:\Program Files\BitTorrent
[28/08/2007|10:17] C:\Program Files\BitZip
[17/06/2008|10:48] C:\Program Files\Codemasters
[06/03/2008|14:41] C:\Program Files\Common Files
[02/06/2007|17:37] C:\Program Files\CyberLink
[26/03/2008|20:35] C:\Program Files\DAEMON Tools
[26/06/2008|10:37] C:\Program Files\desktop.ini
[01/09/2007|17:41] C:\Program Files\Dictionnaire
[19/08/2007|19:19] C:\Program Files\DivX
[18/08/2007|19:54] C:\Program Files\Eicon
[30/03/2008|11:35] C:\Program Files\Empire Interactive
[19/08/2007|20:51] C:\Program Files\eMule
[18/08/2007|19:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/10/2007|16:49] C:\Program Files\FlashGet
[21/08/2007|10:07] C:\Program Files\Google
[08/07/2008|09:41] C:\Program Files\GRISOFT
[02/06/2007|17:43] C:\Program Files\HDReg
[01/07/2008|09:35] C:\Program Files\InstallShield Installation Information
[22/01/2008|13:29] C:\Program Files\Intel
[26/06/2008|10:28] C:\Program Files\Internet Explorer
[05/11/2007|18:45] C:\Program Files\Logitech
[22/01/2008|12:42] C:\Program Files\ma-config.com
[20/01/2008|12:17] C:\Program Files\MediaRoverCodec
[03/04/2008|12:28] C:\Program Files\Messenger Plus! Live
[07/03/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[27/11/2007|18:20] C:\Program Files\MIKSOFT
[26/06/2008|10:28] C:\Program Files\Movie Maker
[23/12/2007|17:24] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[18/08/2007|20:06] C:\Program Files\MSXML 4.0
[22/11/2007|10:28] C:\Program Files\Norton Internet Security
[23/05/2008|10:24] C:\Program Files\OpenAL
[20/08/2007|10:18] C:\Program Files\OpenOffice.org 2.2
[02/06/2007|17:53] C:\Program Files\Packard Bell
[12/06/2008|20:27] C:\Program Files\Picasa2
[09/06/2008|15:30] C:\Program Files\Podmailing
[02/06/2007|17:37] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[23/08/2007|10:23] C:\Program Files\RivaTuner v2.0 Final Release
[02/06/2007|17:49] C:\Program Files\Roxio
[02/06/2007|17:53] C:\Program Files\Skype
[20/08/2007|19:48] C:\Program Files\Symantec
[24/04/2008|19:29] C:\Program Files\The Witcher
[01/05/2008|17:50] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/04/2008|08:17] C:\Program Files\UniUploader
[10/04/2008|17:13] C:\Program Files\Unlocker
[20/08/2007|20:12] C:\Program Files\VideoLAN
[26/06/2008|10:28] C:\Program Files\Windows Calendar
[26/06/2008|10:28] C:\Program Files\Windows Collaboration
[26/06/2008|10:28] C:\Program Files\Windows Defender
[26/06/2008|10:28] C:\Program Files\Windows Journal
[06/03/2008|14:41] C:\Program Files\Windows Live
[26/06/2008|10:28] C:\Program Files\Windows Mail
[26/06/2008|10:28] C:\Program Files\Windows Media Player
[18/08/2007|19:28] C:\Program Files\Windows NT
[26/06/2008|10:28] C:\Program Files\Windows Photo Gallery
[26/06/2008|10:28] C:\Program Files\Windows Sidebar
[21/08/2007|09:54] C:\Program Files\WinRAR
[29/05/2008|10:36] C:\Program Files\World of Warcraft
[11/12/2007|18:33] C:\Program Files\WowCartographe
[02/06/2007|17:39] C:\Program Files\X10 Hardware
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[20/08/2007|10:24] C:\Program Files\Common Files\Adobe
[10/01/2008|10:29] C:\Program Files\Common Files\Blizzard Entertainment
[02/06/2007|17:48] C:\Program Files\Common Files\InstallShield
[02/06/2007|17:44] C:\Program Files\Common Files\Intel
[05/11/2007|18:45] C:\Program Files\Common Files\Logishrd
[05/11/2007|18:46] C:\Program Files\Common Files\Logitech
[06/03/2008|14:42] C:\Program Files\Common Files\microsoft shared
[19/08/2007|10:45] C:\Program Files\Common Files\PX Storage Engine
[02/06/2007|17:49] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/06/2007|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/06/2007|17:49] C:\Program Files\Common Files\SureThing Shared
[18/08/2007|19:54] C:\Program Files\Common Files\SWF Studio
[20/08/2007|19:49] C:\Program Files\Common Files\Symantec Shared
[26/06/2008|10:28] C:\Program Files\Common Files\System
[06/03/2008|14:42] C:\Program Files\Common Files\WindowsLiveInstaller
[02/06/2007|17:38] C:\Program Files\Common Files\X10
---------------------------[ Process ]--------------------------
... 84
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 17:23:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.163 85.255.112.15
! WAREOUT Possible !
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
[F:228][D:51]-> C:\Users\Chr\AppData\Local\Temp
[F:1922][D:1]-> C:\Users\Chr\AppData\Roaming\MICROS~1\Windows\Cookies
[F:462][D:7]-> C:\Users\Chr\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin
[ UAC => 1 ]
--------------------[ Fin du rapport a 17:27:48,75 ]----------------------
et le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:25, on 8/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\system32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\system32\kdxlz.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12936 bytes
voila le nouveau rapport de lop s&d :
-----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Chr ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ mar. 08/07/2008 | 17:21:43,95 ] [ PC : PC-DE-CHR ]
[ MAJ : 06-07-2008 | 10:55 ]
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
RestaurÚ! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Roaming ]------------
[28/08/2007|10:17] C:\Users\Chr\AppData\Roaming\.BitZip\torrent
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\bsddb
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\piececache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\torrentcache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\datacache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\icons
[20/06/2008|19:47] C:\Users\Chr\AppData\Roaming\Adobe\Flash Player
[20/08/2007|10:15] C:\Users\Chr\AppData\Roaming\Adobe\Linguistics
[18/08/2007|19:43] C:\Users\Chr\AppData\Roaming\Adobe\Acrobat
[08/11/2007|16:13] C:\Users\Chr\AppData\Roaming\BitTorrent\data
[05/11/2007|10:28] C:\Users\Chr\AppData\Roaming\BitTorrent\incomplete
[04/11/2007|18:17] C:\Users\Chr\AppData\Roaming\BitTorrent\locale
[19/08/2007|10:47] C:\Users\Chr\AppData\Roaming\DivX\DivX Player
[19/08/2007|10:46] C:\Users\Chr\AppData\Roaming\DivX\DivX Codec
[19/10/2007|10:08] C:\Users\Chr\AppData\Roaming\FastStone\FSC
[29/10/2007|16:49] C:\Users\Chr\AppData\Roaming\FlashGet\DataBase
[24/12/2007|18:57] C:\Users\Chr\AppData\Roaming\Gearbox Software\Brothers In Arms
[07/04/2008|19:08] C:\Users\Chr\AppData\Roaming\Google\Local Search History
[21/08/2007|09:56] C:\Users\Chr\AppData\Roaming\Google\GoogleEarth
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\GTek\GTUpdate
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Identities\{1A3BCDF0-0218-488B-88AC-C9B4CF8A542E}
[03/02/2008|21:48] C:\Users\Chr\AppData\Roaming\ijjigame\HUL
[09/12/2007|11:03] C:\Users\Chr\AppData\Roaming\InstallShield\UpdateService
[20/11/2007|11:01] C:\Users\Chr\AppData\Roaming\InstallShield\ISEngine12.0
[22/01/2008|12:42] C:\Users\Chr\AppData\Roaming\ma-config.com\Logs
[09/10/2007|16:31] C:\Users\Chr\AppData\Roaming\Macromedia\Flash Player
[01/05/2008|19:25] C:\Users\Chr\AppData\Roaming\Microsoft\Installer
[03/10/2007|10:13] C:\Users\Chr\AppData\Roaming\Microsoft\Internet Explorer
[10/09/2007|13:44] C:\Users\Chr\AppData\Roaming\Microsoft\IdentityCRL
[23/08/2007|13:31] C:\Users\Chr\AppData\Roaming\Microsoft\Speech
[21/08/2007|20:10] C:\Users\Chr\AppData\Roaming\Microsoft\HTML Help
[19/08/2007|21:18] C:\Users\Chr\AppData\Roaming\Microsoft\MSN Messenger
[19/08/2007|10:35] C:\Users\Chr\AppData\Roaming\Microsoft\MMC
[19/08/2007|09:54] C:\Users\Chr\AppData\Roaming\Microsoft\Windows
[18/08/2007|19:55] C:\Users\Chr\AppData\Roaming\Microsoft\Network
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\Crypto
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\CLR Security Config
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\SystemCertificates
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\Protect
[18/08/2007|19:31] C:\Users\Chr\AppData\Roaming\Microsoft\Credentials
[23/12/2007|17:09] C:\Users\Chr\AppData\Roaming\Mozilla\Firefox
[20/08/2007|10:25] C:\Users\Chr\AppData\Roaming\OpenOffice.org2\user
[08/07/2008|17:21] C:\Users\Chr\AppData\Roaming\Packard Bell\Setup my PC
[21/08/2007|09:55] C:\Users\Chr\AppData\Roaming\Packard Bell\Smart Restore
[18/08/2007|19:36] C:\Users\Chr\AppData\Roaming\Packard Bell\Identity Card
[07/01/2008|18:29] C:\Users\Chr\AppData\Roaming\Participatory Culture Foundation\Miro
[07/01/2008|18:30] C:\Users\Chr\AppData\Roaming\PCF-VLC\cache
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\core
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\bt
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\zed
[04/07/2008|16:56] C:\Users\Chr\AppData\Roaming\Roxio\MediaManager9
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral33
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\logs
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\cache
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\jizeusse_odriscoll
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\user_settings
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\browser_profile
[18/08/2007|20:27] C:\Users\Chr\AppData\Roaming\SecuROM\UserData
[06/07/2008|12:52] C:\Users\Chr\AppData\Roaming\Simply Super Software\Trojan Remover
[06/07/2008|12:49] C:\Users\Chr\AppData\Roaming\SpywareStop\Log
[19/08/2007|21:47] C:\Users\Chr\AppData\Roaming\Talkback\MozillaOrg
[19/03/2008|11:09] C:\Users\Chr\AppData\Roaming\THQ\Juiced2
[20/08/2007|20:15] C:\Users\Chr\AppData\Roaming\vlc\cache
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[08/07/2008 10:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF90C9A2-09ED-4F81-94F4-CE7C40F86DB4}.job
[04/07/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - Chr.job
[08/07/2008 17:00][--a------] C:\Windows\tasks\Extension de garantie.job
[08/07/2008 17:00][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[08/07/2008 17:21][--ah-----] C:\Windows\tasks\SA.DAT
[08/07/2008 17:20][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[14/12/2007|17:48] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[18/08/2007|19:28] C:\ProgramData\Bureau
[17/06/2008|10:47] C:\ProgramData\Codemasters
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[20/08/2007|20:01] C:\ProgramData\eMule
[18/08/2007|19:28] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/06/2007|17:50] C:\ProgramData\Google
[18/08/2007|19:35] C:\ProgramData\GTek
[02/06/2007|17:49] C:\ProgramData\InstallShield
[02/06/2007|17:44] C:\ProgramData\Intel
[06/07/2008|11:21] C:\ProgramData\Kaspersky Lab Setup Files
[05/11/2007|18:45] C:\ProgramData\Logitech
[18/08/2007|19:28] C:\ProgramData\Menu D‚marrer
[14/09/2007|19:14] C:\ProgramData\Messenger Plus!
[21/08/2007|20:10] C:\ProgramData\Microsoft
[18/08/2007|19:28] C:\ProgramData\ModŠles
[24/06/2008|19:38] C:\ProgramData\NFS Underground
[26/06/2008|10:39] C:\ProgramData\NVIDIA
[07/01/2008|18:27] C:\ProgramData\Participatory Culture Foundation
[16/05/2008|11:38] C:\ProgramData\Playrix Entertainment
[28/06/2008|19:08] C:\ProgramData\Roxio
[02/06/2007|17:49] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[14/11/2007|14:02] C:\ProgramData\Symantec
[07/07/2008|09:31] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2007|18:04] C:\ProgramData\Test Drive Unlimited
[06/03/2008|14:41] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/01/2008|10:55] C:\Program Files\AC3Filter
[20/08/2007|10:24] C:\Program Files\Adobe
[07/07/2008|09:57] C:\Program Files\Alwil Software
[24/06/2008|19:33] C:\Program Files\Around the World in 80 Days
[08/11/2007|16:13] C:\Program Files\BitTorrent
[28/08/2007|10:17] C:\Program Files\BitZip
[17/06/2008|10:48] C:\Program Files\Codemasters
[06/03/2008|14:41] C:\Program Files\Common Files
[02/06/2007|17:37] C:\Program Files\CyberLink
[26/03/2008|20:35] C:\Program Files\DAEMON Tools
[26/06/2008|10:37] C:\Program Files\desktop.ini
[01/09/2007|17:41] C:\Program Files\Dictionnaire
[19/08/2007|19:19] C:\Program Files\DivX
[18/08/2007|19:54] C:\Program Files\Eicon
[30/03/2008|11:35] C:\Program Files\Empire Interactive
[19/08/2007|20:51] C:\Program Files\eMule
[18/08/2007|19:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/10/2007|16:49] C:\Program Files\FlashGet
[21/08/2007|10:07] C:\Program Files\Google
[08/07/2008|09:41] C:\Program Files\GRISOFT
[02/06/2007|17:43] C:\Program Files\HDReg
[01/07/2008|09:35] C:\Program Files\InstallShield Installation Information
[22/01/2008|13:29] C:\Program Files\Intel
[26/06/2008|10:28] C:\Program Files\Internet Explorer
[05/11/2007|18:45] C:\Program Files\Logitech
[22/01/2008|12:42] C:\Program Files\ma-config.com
[20/01/2008|12:17] C:\Program Files\MediaRoverCodec
[03/04/2008|12:28] C:\Program Files\Messenger Plus! Live
[07/03/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[27/11/2007|18:20] C:\Program Files\MIKSOFT
[26/06/2008|10:28] C:\Program Files\Movie Maker
[23/12/2007|17:24] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[18/08/2007|20:06] C:\Program Files\MSXML 4.0
[22/11/2007|10:28] C:\Program Files\Norton Internet Security
[23/05/2008|10:24] C:\Program Files\OpenAL
[20/08/2007|10:18] C:\Program Files\OpenOffice.org 2.2
[02/06/2007|17:53] C:\Program Files\Packard Bell
[12/06/2008|20:27] C:\Program Files\Picasa2
[09/06/2008|15:30] C:\Program Files\Podmailing
[02/06/2007|17:37] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[23/08/2007|10:23] C:\Program Files\RivaTuner v2.0 Final Release
[02/06/2007|17:49] C:\Program Files\Roxio
[02/06/2007|17:53] C:\Program Files\Skype
[20/08/2007|19:48] C:\Program Files\Symantec
[24/04/2008|19:29] C:\Program Files\The Witcher
[01/05/2008|17:50] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/04/2008|08:17] C:\Program Files\UniUploader
[10/04/2008|17:13] C:\Program Files\Unlocker
[20/08/2007|20:12] C:\Program Files\VideoLAN
[26/06/2008|10:28] C:\Program Files\Windows Calendar
[26/06/2008|10:28] C:\Program Files\Windows Collaboration
[26/06/2008|10:28] C:\Program Files\Windows Defender
[26/06/2008|10:28] C:\Program Files\Windows Journal
[06/03/2008|14:41] C:\Program Files\Windows Live
[26/06/2008|10:28] C:\Program Files\Windows Mail
[26/06/2008|10:28] C:\Program Files\Windows Media Player
[18/08/2007|19:28] C:\Program Files\Windows NT
[26/06/2008|10:28] C:\Program Files\Windows Photo Gallery
[26/06/2008|10:28] C:\Program Files\Windows Sidebar
[21/08/2007|09:54] C:\Program Files\WinRAR
[29/05/2008|10:36] C:\Program Files\World of Warcraft
[11/12/2007|18:33] C:\Program Files\WowCartographe
[02/06/2007|17:39] C:\Program Files\X10 Hardware
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[20/08/2007|10:24] C:\Program Files\Common Files\Adobe
[10/01/2008|10:29] C:\Program Files\Common Files\Blizzard Entertainment
[02/06/2007|17:48] C:\Program Files\Common Files\InstallShield
[02/06/2007|17:44] C:\Program Files\Common Files\Intel
[05/11/2007|18:45] C:\Program Files\Common Files\Logishrd
[05/11/2007|18:46] C:\Program Files\Common Files\Logitech
[06/03/2008|14:42] C:\Program Files\Common Files\microsoft shared
[19/08/2007|10:45] C:\Program Files\Common Files\PX Storage Engine
[02/06/2007|17:49] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/06/2007|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/06/2007|17:49] C:\Program Files\Common Files\SureThing Shared
[18/08/2007|19:54] C:\Program Files\Common Files\SWF Studio
[20/08/2007|19:49] C:\Program Files\Common Files\Symantec Shared
[26/06/2008|10:28] C:\Program Files\Common Files\System
[06/03/2008|14:42] C:\Program Files\Common Files\WindowsLiveInstaller
[02/06/2007|17:38] C:\Program Files\Common Files\X10
---------------------------[ Process ]--------------------------
... 84
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 17:23:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.163 85.255.112.15
! WAREOUT Possible !
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
[F:228][D:51]-> C:\Users\Chr\AppData\Local\Temp
[F:1922][D:1]-> C:\Users\Chr\AppData\Roaming\MICROS~1\Windows\Cookies
[F:462][D:7]-> C:\Users\Chr\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin
[ UAC => 1 ]
--------------------[ Fin du rapport a 17:27:48,75 ]----------------------
et le nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:25, on 8/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\system32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\system32\kdxlz.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12936 bytes
dédétraqué
le 08 juillet 2008 à 17h37
Salut takezo117
- Imprime ces instructions, il va y avoir un redémarrage de l'ordinateur
1/
- Télécharge FixWareout sur le bureau:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
-Télécharge Winsockfix sur le bureau :
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
http://www.snapfiles.com/get/winsockxpfix.html
(Pour son utilisation voir en fin de procédure)
2/
- Navigateur ainsi que toutes les applications en cours fermés
- Double clic sur Fixwareout.exe
- Clique sur Next puis Install
- Assure toi que Run fixit est activé puis clique sur Finish
- Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
- Ton système mettra un peu plus de temps au démarrage, c'est normal.
- Quand ton système aura redémarré, suivre les invites des messages.
- A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
3/
- Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis
** Note : En cas de perte de connexion, lance Winsockfix
- clique sur ReG-Backup pour créer une sauvegarde du registre, dans un dossier de ton choix.
- Une fois la sauvegarde éffectuée, clique sur Fix , au message WinsockFix will now attempt to Repair your connection Clique sur "OUI"
- Patiente le temps que la réparation se fasse,à la fin des corrections au méssage suivant Repair completed Please Reboot , cliques sur OK ton Pc va redémarrer.
- Je le répéte n'utilise Winsockfix que si tu as une perte de connection
@++
- Imprime ces instructions, il va y avoir un redémarrage de l'ordinateur
1/
- Télécharge FixWareout sur le bureau:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
-Télécharge Winsockfix sur le bureau :
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
http://www.snapfiles.com/get/winsockxpfix.html
(Pour son utilisation voir en fin de procédure)
2/
- Navigateur ainsi que toutes les applications en cours fermés
- Double clic sur Fixwareout.exe
- Clique sur Next puis Install
- Assure toi que Run fixit est activé puis clique sur Finish
- Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
- Ton système mettra un peu plus de temps au démarrage, c'est normal.
- Quand ton système aura redémarré, suivre les invites des messages.
- A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
3/
- Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis
** Note : En cas de perte de connexion, lance Winsockfix
- clique sur ReG-Backup pour créer une sauvegarde du registre, dans un dossier de ton choix.
- Une fois la sauvegarde éffectuée, clique sur Fix , au message WinsockFix will now attempt to Repair your connection Clique sur "OUI"
- Patiente le temps que la réparation se fasse,à la fin des corrections au méssage suivant Repair completed Please Reboot , cliques sur OK ton Pc va redémarrer.
- Je le répéte n'utilise Winsockfix que si tu as une perte de connection
@++
takezo117
le 08 juillet 2008 à 18h55
quand je double clique sur fixwareout.exe pour l'installer, il m'affiche un message d'erreur disant que "une référence a été renvoyée par le serveur"...
que faire?
que faire?
dédétraqué
le 08 juillet 2008 à 19h17
Salut takezo117
Le contrôle des comptes utilisateurs (UAC) est bien désactiver?
@++
Le contrôle des comptes utilisateurs (UAC) est bien désactiver?
@++
takezo117
le 08 juillet 2008 à 19h27
:$ c'était bien l'UAC
par contre fixwareout ne supporte pas vista non plus
par contre fixwareout ne supporte pas vista non plus
dédétraqué
le 08 juillet 2008 à 19h56
Salut takezo117
Redémarre l'ordinateur en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
-----
- Double clique sur le dossier SmitfraudFix sur le bureau, double clique sur smitfraudfix.cmd
Sélectionne 5 pour le nettoyage.
Redémarre en mode normal et poste le rapport avec un nouveau rapport HijackThis
@++
Redémarre l'ordinateur en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
-----
- Double clique sur le dossier SmitfraudFix sur le bureau, double clique sur smitfraudfix.cmd
Sélectionne 5 pour le nettoyage.
Redémarre en mode normal et poste le rapport avec un nouveau rapport HijackThis
@++
takezo117
le 09 juillet 2008 à 10h00
salut dédétraqué
l'option 5 requiert le mode normal, c'est "search and clean dns hijack"
l'option 2 c'est juste clean, mais c'est elle qui se fait en mode sans échec
laquelle dois-je exécuter?
l'option 5 requiert le mode normal, c'est "search and clean dns hijack"
l'option 2 c'est juste clean, mais c'est elle qui se fait en mode sans échec
laquelle dois-je exécuter?
-->Message édité par takezo117 le 09/07/2008 11:14:05<--
dédétraqué
le 09 juillet 2008 à 14h00
Salut takezo117
Oui tu fais l'option 5 pour supprimer les détournements DNS.
@++
Oui tu fais l'option 5 pour supprimer les détournements DNS.
@++
takezo117
le 09 juillet 2008 à 16h08
salut dédétraqué, voila le rapport de smitfraudfix
SmitFraudFix v2.329
Scan done at 17:29:13,43, lun. 07/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
et un nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:46, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12377 bytes
SmitFraudFix v2.329
Scan done at 17:29:13,43, lun. 07/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
et un nouveau rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:46, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12377 bytes
dédétraqué
le 09 juillet 2008 à 16h29
Salut takezo117
As-tu bien lancé l'option 5?
@++
As-tu bien lancé l'option 5?
@++
takezo117
le 09 juillet 2008 à 16h42
salut dédétraqué
oui j'avais bien saisi l'option 5 mais j'avais oublié de désactiver l'UAC! voila un rapport surement plus conforme a ce que vous attendiez
SmitFraudFix v2.329
Scan done at 16:38:30,62, mer. 09/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
et un autre rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:32, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\SLsvc.exe
C:\Users\Chr\Desktop\HiJackThis.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15169 bytes
excusez-moi pour cette erreur
oui j'avais bien saisi l'option 5 mais j'avais oublié de désactiver l'UAC! voila un rapport surement plus conforme a ce que vous attendiez
SmitFraudFix v2.329
Scan done at 16:38:30,62, mer. 09/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
et un autre rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:32, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\SLsvc.exe
C:\Users\Chr\Desktop\HiJackThis.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15169 bytes
excusez-moi pour cette erreur
dédétraqué
le 09 juillet 2008 à 17h16
Salut takezo117
Panneau de configuration => centre réseau et partage => Clic sur Voir le statut ( milieu de page à droite) => Clic : Propriétés => Double-clic sur Protocole internet 4(tcp/ipv4)
Supprimer si présent : 85.255.116.163 et 85.255.112.15
----
Clique sur Démarrer ==> Programmes ==> Accessoires ==> Exécuter ==> Ecrire : regedit
presser : CTRL et F
Tout cocher sauf nom entier
Ecrire ou copier/coller : 85.255.116.163
clic : Suivant
Si trouvé ==> clic-droit et supprimer
relancer la recherche jusqu'à l'annonce de FIN
pareil avec 85.255.112.15
Redémarre l’ordinateur et poste moi un nouveau rapport HijackThis
@++
Panneau de configuration => centre réseau et partage => Clic sur Voir le statut ( milieu de page à droite) => Clic : Propriétés => Double-clic sur Protocole internet 4(tcp/ipv4)
Supprimer si présent : 85.255.116.163 et 85.255.112.15
----
Clique sur Démarrer ==> Programmes ==> Accessoires ==> Exécuter ==> Ecrire : regedit
presser : CTRL et F
Tout cocher sauf nom entier
Ecrire ou copier/coller : 85.255.116.163
clic : Suivant
Si trouvé ==> clic-droit et supprimer
relancer la recherche jusqu'à l'annonce de FIN
pareil avec 85.255.112.15
Redémarre l’ordinateur et poste moi un nouveau rapport HijackThis
@++
takezo117
le 09 juillet 2008 à 17h31
salut dédétraqué, voila le rapport hijackthis effectué après les manoeuvres que vous avez décrites :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:08, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14920 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:08, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14920 bytes
dédétraqué
le 09 juillet 2008 à 17h44
Salut takezo117
Recommence la dernière opération, dans la deuxième manœuvre (regedit), il faut bien relancer la recherche jusqu'à l'annonce de FIN.
Poste un nouveau rapport Hijacthis
@++
Recommence la dernière opération, dans la deuxième manœuvre (regedit), il faut bien relancer la recherche jusqu'à l'annonce de FIN.
Poste un nouveau rapport Hijacthis
@++
takezo117
le 09 juillet 2008 à 19h03
salut dédétraqué
en effte, certaisn m'avaient échappé ; je vous joint le rapt hijackthis tiré à l'instant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:22, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14574 bytes
en effte, certaisn m'avaient échappé ; je vous joint le rapt hijackthis tiré à l'instant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:22, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14574 bytes
dédétraqué
le 09 juillet 2008 à 19h26
Salut takezo117
- Télécharge et installe MalwareByte's Anti-Malware http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
- Mets le à jour
---
- Redémarre en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport avec un nouveau rapport HijackThis.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
@++
- Télécharge et installe MalwareByte's Anti-Malware http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
- Mets le à jour
---
- Redémarre en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport avec un nouveau rapport HijackThis.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
@++
takezo117
le 09 juillet 2008 à 20h24
salut dédétraqué
voila le rapport de MBAM :
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 935
Windows 6.0.6001 Service Pack 1
20:17:18 9/07/2008
mbam-log-7-9-2008 (20-17-18).txt
Type de recherche: Examen complet (C:\|Z:\|)
Eléments examinés: 141032
Temps écoulé: 22 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{c2a73c02-fe74-4258-a720-d3eddc6bb998} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediarovercodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.bosp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\VAC.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MediaRoverCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\Chr\AppData\Local\Temp\tmp52CF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chr\AppData\Local\Temp\vidxcore.dll (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\Program Files\MediaRoverCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MediaRoverCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Windows\fknxwqf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ainsi que celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:24, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14776 bytes
voila le rapport de MBAM :
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 935
Windows 6.0.6001 Service Pack 1
20:17:18 9/07/2008
mbam-log-7-9-2008 (20-17-18).txt
Type de recherche: Examen complet (C:\|Z:\|)
Eléments examinés: 141032
Temps écoulé: 22 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{c2a73c02-fe74-4258-a720-d3eddc6bb998} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediarovercodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.bosp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\VAC.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MediaRoverCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\Chr\AppData\Local\Temp\tmp52CF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chr\AppData\Local\Temp\vidxcore.dll (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\Program Files\MediaRoverCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MediaRoverCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Windows\fknxwqf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ainsi que celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:24, on 9/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14776 bytes
dédétraqué
le 09 juillet 2008 à 21h37
Salut takezo117
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Procédure à appliquer en entier. Si tu as des difficultés à une étape passe la mais signale le dans ta prochaine réponse.
- Si tu as des questions à poser n'hésite pas
Je te conseille d'enregistrer la page web complète sous Internet Explorer comme ceci :
Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht)
- Donne lui un nom
- Enregistre la sur le bureau. Comme cela tu retrouveras la mise en forme. Ou bien imprime cette réponse, une partie de la désinfection se déroulera en mode sans échec sans prise en charge du réseau. L'accès à Internet ne sera donc pas possible
---
Télécharger :
- OTMoveIt (de Old_Timer) sur le bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Télécharge et installe :
- Ccleaner http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs(...)
- Lors de son installation décoche la case devant : Ajouter la Barre d'Outils Yahoo! CCleaner
-----
Redémarre ton PC en mode sans échec
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
Relance Hijackthis, clique sur Do a scan system only coche la case devant les lignes suivantes
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
- Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked
- Quitte HijackThis
-----
Double-clique sur OTMoveIt2.exe sur le bureau
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
- Clique sur MoveIt! pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
-----
Démarre Ccleaner
- Clique sur Registre décoche la case devant Intégrité du registre
- Clique sur Nettoyeur
- Onglet Windows ne coche pas la case Avancé
- Onglet Applications laisse toutes les cases cochées
- Clique sur le bouton Analyse puis celle-ci finie sur Lancer le nettoyage
-----
Redémarre ton PC en mode normal poste :
- Un nouveau rapport Hijackthis
- Le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
@++
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Procédure à appliquer en entier. Si tu as des difficultés à une étape passe la mais signale le dans ta prochaine réponse.
- Si tu as des questions à poser n'hésite pas
Je te conseille d'enregistrer la page web complète sous Internet Explorer comme ceci :
Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht)
- Donne lui un nom
- Enregistre la sur le bureau. Comme cela tu retrouveras la mise en forme. Ou bien imprime cette réponse, une partie de la désinfection se déroulera en mode sans échec sans prise en charge du réseau. L'accès à Internet ne sera donc pas possible
---
Télécharger :
- OTMoveIt (de Old_Timer) sur le bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Télécharge et installe :
- Ccleaner http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs(...)
- Lors de son installation décoche la case devant : Ajouter la Barre d'Outils Yahoo! CCleaner
-----
Redémarre ton PC en mode sans échec
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
Relance Hijackthis, clique sur Do a scan system only coche la case devant les lignes suivantes
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdbtz.exe] C:\Windows\System32\kdbtz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdxlz.exe] C:\Windows\System32\kdxlz.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdocn.exe] C:\Windows\system32\kdocn.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdduv.exe
- Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked
- Quitte HijackThis
-----
Double-clique sur OTMoveIt2.exe sur le bureau
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
- Clique sur MoveIt! pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
-----
Démarre Ccleaner
- Clique sur Registre décoche la case devant Intégrité du registre
- Clique sur Nettoyeur
- Onglet Windows ne coche pas la case Avancé
- Onglet Applications laisse toutes les cases cochées
- Clique sur le bouton Analyse puis celle-ci finie sur Lancer le nettoyage
-----
Redémarre ton PC en mode normal poste :
- Un nouveau rapport Hijackthis
- Le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
@++
takezo117
le 10 juillet 2008 à 10h58
salut dédétraqué. J'ai bien appliqué vos consignes, à ceci près que la ligne 023 n'est apparue nulle part. Voici donc un rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:18, on 10/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdnbv.exe] C:\Windows\System32\kdnbv.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdhkf.exe] C:\Windows\system32\kdhkf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14523 bytes
ainsi que le rapport de OTMoveIt :
File/Folder C:\Users\Chr\AppData\Local\Temp\calc.exe not found.
C:\Windows\System32\kdbtz.exe moved successfully.
C:\Windows\System32\kdxlz.exe moved successfully.
C:\Windows\system32\kdocn.exe moved successfully.
C:\Windows\system32\kdduv.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_105016
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:18, on 10/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdnbv.exe] C:\Windows\System32\kdnbv.exe
O4 - HKLM\..\Run: [C:\Windows\system32\kdhkf.exe] C:\Windows\system32\kdhkf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14523 bytes
ainsi que le rapport de OTMoveIt :
File/Folder C:\Users\Chr\AppData\Local\Temp\calc.exe not found.
C:\Windows\System32\kdbtz.exe moved successfully.
C:\Windows\System32\kdxlz.exe moved successfully.
C:\Windows\system32\kdocn.exe moved successfully.
C:\Windows\system32\kdduv.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_105016
dédétraqué
le 11 juillet 2008 à 04h32
Salut takezo117
Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)
- Désactive ton Antivirus durant le scan
- En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
- Accepte les Contrôle ActivX
- Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
- Poste le rapport
- Pour t'aider à utiliser le scan en ligne http://www.malekal.com/scan_Av_en_ligne.html#mozTocId291566
- Si tu as un probléme pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3
@++
Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)
- Désactive ton Antivirus durant le scan
- En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
- Accepte les Contrôle ActivX
- Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
- Poste le rapport
- Pour t'aider à utiliser le scan en ligne http://www.malekal.com/scan_Av_en_ligne.html#mozTocId291566
- Si tu as un probléme pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3
@++
takezo117
le 11 juillet 2008 à 11h06
salut dédétraqué
j'ai essayé plusieurs fois, à chaque fois que la mise à jour des bases de virus arrive à son terme un message d'erreur m'avertit que certaines données sont endommagées ou mal installées et qu'il faut réinstaller l'application...
edit : ah bah oui c'est écrit en rouge : compatibilité avec vista en cours de développement... je commence à détester vista!
j'ai essayé plusieurs fois, à chaque fois que la mise à jour des bases de virus arrive à son terme un message d'erreur m'avertit que certaines données sont endommagées ou mal installées et qu'il faut réinstaller l'application...
edit : ah bah oui c'est écrit en rouge : compatibilité avec vista en cours de développement... je commence à détester vista!
-->Message édité par takezo117 le 11/07/2008 11:07:51<--
dédétraqué
le 11 juillet 2008 à 13h14
Salut takezo117
Faut désactive le contrôle des comptes utilisateurs pour le scan :
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
@++
Faut désactive le contrôle des comptes utilisateurs pour le scan :
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
@++
takezo117
le 11 juillet 2008 à 17h38
salut dédétraqué
ça fait deux heures qu'il est lancé, dont une heure et quart qu'il affiche 99%de progression mais qu'il continue à faire défiler des fichiers, et j'ai la très nette impression qu'il fonctionne en circuit fermé là, je suis certain d'en avoir vu un passer plus de neuf fois. Le point positif c'est qu'aucune infection n'a été trouvée, mais il n'ira pas au bout s'il continue comme ça, il me saoule ^^
ça fait deux heures qu'il est lancé, dont une heure et quart qu'il affiche 99%de progression mais qu'il continue à faire défiler des fichiers, et j'ai la très nette impression qu'il fonctionne en circuit fermé là, je suis certain d'en avoir vu un passer plus de neuf fois. Le point positif c'est qu'aucune infection n'a été trouvée, mais il n'ira pas au bout s'il continue comme ça, il me saoule ^^
dédétraqué
le 11 juillet 2008 à 17h44
Salut takezo117
Attend encore un peu
@++
Attend encore un peu
@++
takezo117
le 11 juillet 2008 à 18h59
salut dédétraqué!
hé bé on peut pas dire qu'il soit rapide et bien conçu, mais il a fini par finir ^^
voici le rapport, sans aucune méchanceté détectée \o/ (mais par contre, que de fichiers verrouillés - ignorés... (je suis pas sur que ça soit bon signe)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, July 11, 2008 6:57:04 PM
Système d'exploitation : Home Edition, Service Pack 1 (Build 6001)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 11/07/2008
Enregistrements dans la base antivirus Kaspersky : 840459
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
Z:\
Statistiques de l'analyse:
Total d'objets analysés: 867166
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:17:50
Nom de l'objet infecté / Nom du virus / Dernière action
C:\boot\BCD L'objet est verrouillé ignoré
C:\boot\BCD.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\Downloads\Tri514\liveupdt.tri L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\Log.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wsb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010032.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy3718.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\
hé bé on peut pas dire qu'il soit rapide et bien conçu, mais il a fini par finir ^^
voici le rapport, sans aucune méchanceté détectée \o/ (mais par contre, que de fichiers verrouillés - ignorés... (je suis pas sur que ça soit bon signe)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, July 11, 2008 6:57:04 PM
Système d'exploitation : Home Edition, Service Pack 1 (Build 6001)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 11/07/2008
Enregistrements dans la base antivirus Kaspersky : 840459
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
Z:\
Statistiques de l'analyse:
Total d'objets analysés: 867166
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:17:50
Nom de l'objet infecté / Nom du virus / Dernière action
C:\boot\BCD L'objet est verrouillé ignoré
C:\boot\BCD.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\Downloads\Tri514\liveupdt.tri L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\Log.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDDBG.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDFW.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDIDS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDSYS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.329.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wsb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010032.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003D.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003E.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy3718.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfD85F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\Cache\Indiv01.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\2008-07-11_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBConfig.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDebug.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBDetect.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBNotify.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBRefr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetCfg2.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetDev.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetLoc.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBSetUsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBStHash.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\BBValid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPPolicy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStart.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SPBBC\SPStop.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtErEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtETmp\31131A65.TMP L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtMoEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtNvEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtScEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtTxFEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SRTSP\SrtViEvt.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDALRT.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\SNDCON.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\SymNetDrv\
-->Message édité par takezo117 le 11/07/2008 19:00:46<--
takezo117
le 11 juillet 2008 à 19h04
erf il l'a coupé avant la fin faute de place... et j'ai pas la patience d'aller rechercher le point à partir duquel ça a coupé ^^ mais bref ça continue ainsi jusqu'à la fin : verrouillé, ignoré
|
|
|
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
Discussions les plus actives
- mon pc rame a mort j ai des pic de uc a 70 a 100 %
- virus ou anti-virus 360? comment s'en débarrasser, je galère
- PC extremement lent et msg d'erreur
- disque dur,amovible,interne ne s'ouvre plus en 2 clic(virus)
- Connection internet impossible causée par virus
- comment nettoyer mon ordinateur?
- [RESOLU] Avast, pare feu ... tous bloqués !!
- infecté par spyware-secure ? (résolu)
- macrovirus : W97/Thus.AD (résolu)
- virus et disfonctionnement
 |
 |
Shopping
Des chaussures pour un automne en ville.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.