|
|
Auteur
|
Message
|
1
2
|
|
|
|
bonjour
en voulant lancer wow, un message po-up est arrivé m'annonçant que j'étais infecté par "trojan-Downloader.win32.agent variant". J'ai vu que d'autres personnes avaient également été confrontées à ce problème et l'avaient résolu avec hijackthis et OTMoveIt , mais les lignes à cocher obtenues diffèrent.
Pourriez vous m'aider s'il vous plait?
-->Message édité par takezo117 le 11/07/2008 20:01:30<--
|
|
|
|
|
Salut takezo117
Poste le rapport HijackThis
@++
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:27, on 7/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Users\Chr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVQ5LAN9\HiJackThis[1].exe
C:\Users\Chr\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15332 bytes
|
|
|
|
|
Salut takezo117
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
---
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://siri.geekstogo.com/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
@++
|
|
|
|
|
SmitFraudFix v2.329
Scan done at 17:29:13,43, lun. 07/07/2008
Run from C:\Users\Chr\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\System32\gsicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chr\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: DhcpNameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer=85.255.116.163,85.255.112.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.163 85.255.112.15
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
|
|
|
Salut takezo117
Télécharge SDFix par AndyManchesta sur le Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clic sur SDFix.exe sur le bureau et clic sur Install , un dossier sera créer sur le bureau.
Redémarre ton PC en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.
Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.
Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.
Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse avec un nouveau log Hijackthis.
@++
|
|
|
|
|
|
en mode sans échec, pas moyen de lancer runthis.bat : cela ne fait qu'ouvrir une fenêtre pendant une fraction de seconde... et en mode normal, il réclame le mode sans échec...
|
|
|
|
|
Salut takezo117
Supprime le fichier télécharger et le dossier créer, télécharge-le de nouveau
@++
|
|
|
|
|
salut dédétraqué
j'ai essayé, mais sdfix semble avoir une aversion pour vista...
sur les conseils d'un ami, j'ai téléchargé et exécuté avg anti-rootkit, qui a détecté deux rootkits. Je les ai supprimés, et miracle, le launcher de wow ne m'affiche plus de message d'alerte!
merci de m'avoir consacré du temps!
-->Message édité par takezo117 le 08/07/2008 15:45:43<--
|
|
|
|
|
Salut takezo117
Poste moi un nouveau rapport HijackThis
@++
|
|
|
|
|
yop dédétraqué, en voila un tout frais :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:43, on 8/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chr\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=BEFR&range=AD&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [calc.exe] C:\Users\Chr\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-434156370-2428998753-463404059-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C80A5-09B5-434C-A26B-F15342553080}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16E15823-0143-4043-B6D5-7221718C992A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdoqv.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 13164 bytes
|
|
|
|
|
Salut takezo117
Télécharge Lop S&D sur ton bureau ici :
http://eric.71.mespages.googlepages.com/LopSD.exe
- Double clique sur LopSD.exe qui est sur le bureau pour lancer l'installation
- Double clique sur le raccourci Lop S&D créé sur ton Bureau
- Sélectionne la langue souhaitée et choisis l'option 1 (Recherche)
- Poste le rapport (C:\lopR.txt) dans ton prochain poste
Note : Si le bureau ne réapparaît pas appuis sur Ctrl + Alt + Suppr , le gestionnaire des tâche apparaît. Dans le haut clique sur Fichier/Nouvelle tâche, tape explorer.exe et OK pour valider
Tutoriel : http://www.malekal.com/tutorial_Lop_SD.php
@++
|
|
|
|
|
salut dédétraqué, voila le rapport de lop s&d:
-----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Chr ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ mar. 08/07/2008 | 16:45:27,42 ] [ PC : PC-DE-CHR ]
[ MAJ : 06-07-2008 | 10:55 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Roaming ]------------
[28/08/2007|10:17] C:\Users\Chr\AppData\Roaming\.BitZip\torrent
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\bsddb
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\piececache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\torrentcache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\datacache
[28/08/2007|10:16] C:\Users\Chr\AppData\Roaming\.BitZip\icons
[20/06/2008|19:47] C:\Users\Chr\AppData\Roaming\Adobe\Flash Player
[20/08/2007|10:15] C:\Users\Chr\AppData\Roaming\Adobe\Linguistics
[18/08/2007|19:43] C:\Users\Chr\AppData\Roaming\Adobe\Acrobat
[08/11/2007|16:13] C:\Users\Chr\AppData\Roaming\BitTorrent\data
[05/11/2007|10:28] C:\Users\Chr\AppData\Roaming\BitTorrent\incomplete
[04/11/2007|18:17] C:\Users\Chr\AppData\Roaming\BitTorrent\locale
[19/08/2007|10:47] C:\Users\Chr\AppData\Roaming\DivX\DivX Player
[19/08/2007|10:46] C:\Users\Chr\AppData\Roaming\DivX\DivX Codec
[19/10/2007|10:08] C:\Users\Chr\AppData\Roaming\FastStone\FSC
[29/10/2007|16:49] C:\Users\Chr\AppData\Roaming\FlashGet\DataBase
[24/12/2007|18:57] C:\Users\Chr\AppData\Roaming\Gearbox Software\Brothers In Arms
[07/04/2008|19:08] C:\Users\Chr\AppData\Roaming\Google\Local Search History
[21/08/2007|09:56] C:\Users\Chr\AppData\Roaming\Google\GoogleEarth
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\GTek\GTUpdate
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Identities\{1A3BCDF0-0218-488B-88AC-C9B4CF8A542E}
[03/02/2008|21:48] C:\Users\Chr\AppData\Roaming\ijjigame\HUL
[09/12/2007|11:03] C:\Users\Chr\AppData\Roaming\InstallShield\UpdateService
[20/11/2007|11:01] C:\Users\Chr\AppData\Roaming\InstallShield\ISEngine12.0
[22/01/2008|12:42] C:\Users\Chr\AppData\Roaming\ma-config.com\Logs
[09/10/2007|16:31] C:\Users\Chr\AppData\Roaming\Macromedia\Flash Player
[01/05/2008|19:25] C:\Users\Chr\AppData\Roaming\Microsoft\Installer
[03/10/2007|10:13] C:\Users\Chr\AppData\Roaming\Microsoft\Internet Explorer
[10/09/2007|13:44] C:\Users\Chr\AppData\Roaming\Microsoft\IdentityCRL
[23/08/2007|13:31] C:\Users\Chr\AppData\Roaming\Microsoft\Speech
[21/08/2007|20:10] C:\Users\Chr\AppData\Roaming\Microsoft\HTML Help
[19/08/2007|21:18] C:\Users\Chr\AppData\Roaming\Microsoft\MSN Messenger
[19/08/2007|10:35] C:\Users\Chr\AppData\Roaming\Microsoft\MMC
[19/08/2007|09:54] C:\Users\Chr\AppData\Roaming\Microsoft\Windows
[18/08/2007|19:55] C:\Users\Chr\AppData\Roaming\Microsoft\Network
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\Crypto
[18/08/2007|19:35] C:\Users\Chr\AppData\Roaming\Microsoft\CLR Security Config
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\SystemCertificates
[18/08/2007|19:34] C:\Users\Chr\AppData\Roaming\Microsoft\Protect
[18/08/2007|19:31] C:\Users\Chr\AppData\Roaming\Microsoft\Credentials
[23/12/2007|17:09] C:\Users\Chr\AppData\Roaming\Mozilla\Firefox
[20/08/2007|10:25] C:\Users\Chr\AppData\Roaming\OpenOffice.org2\user
[08/07/2008|16:44] C:\Users\Chr\AppData\Roaming\Packard Bell\Setup my PC
[21/08/2007|09:55] C:\Users\Chr\AppData\Roaming\Packard Bell\Smart Restore
[18/08/2007|19:36] C:\Users\Chr\AppData\Roaming\Packard Bell\Identity Card
[07/01/2008|18:29] C:\Users\Chr\AppData\Roaming\Participatory Culture Foundation\Miro
[07/01/2008|18:30] C:\Users\Chr\AppData\Roaming\PCF-VLC\cache
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\core
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\bt
[07/05/2008|16:53] C:\Users\Chr\AppData\Roaming\Podmailing\zed
[04/07/2008|16:56] C:\Users\Chr\AppData\Roaming\Roxio\MediaManager9
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral
[12/01/2008|20:14] C:\Users\Chr\AppData\Roaming\Roxio\RoxioCentral33
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\logs
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\cache
[15/10/2007|10:41] C:\Users\Chr\AppData\Roaming\SecondLife\jizeusse_odriscoll
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\user_settings
[15/10/2007|10:36] C:\Users\Chr\AppData\Roaming\SecondLife\browser_profile
[18/08/2007|20:27] C:\Users\Chr\AppData\Roaming\SecuROM\UserData
[06/07/2008|12:52] C:\Users\Chr\AppData\Roaming\Simply Super Software\Trojan Remover
[06/07/2008|12:49] C:\Users\Chr\AppData\Roaming\SpywareStop\Log
[19/08/2007|21:47] C:\Users\Chr\AppData\Roaming\Talkback\MozillaOrg
[19/03/2008|11:09] C:\Users\Chr\AppData\Roaming\THQ\Juiced2
[20/08/2007|20:15] C:\Users\Chr\AppData\Roaming\vlc\cache
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[08/07/2008 10:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FF90C9A2-09ED-4F81-94F4-CE7C40F86DB4}.job
[04/07/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - Chr.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Extension de garantie.job
[08/07/2008 16:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[08/07/2008 16:44][--ah-----] C:\Windows\tasks\SA.DAT
[08/07/2008 16:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[14/12/2007|17:48] C:\ProgramData\Adobe
[02/11/2006|15:02] C:\ProgramData\Application Data
[18/08/2007|19:28] C:\ProgramData\Bureau
[17/06/2008|10:47] C:\ProgramData\Codemasters
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[20/08/2007|20:01] C:\ProgramData\eMule
[18/08/2007|19:28] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/06/2007|17:50] C:\ProgramData\Google
[18/08/2007|19:35] C:\ProgramData\GTek
[02/06/2007|17:49] C:\ProgramData\InstallShield
[02/06/2007|17:44] C:\ProgramData\Intel
[06/07/2008|11:21] C:\ProgramData\Kaspersky Lab Setup Files
[05/11/2007|18:45] C:\ProgramData\Logitech
[18/08/2007|19:28] C:\ProgramData\Menu D‚marrer
[14/09/2007|19:14] C:\ProgramData\Messenger Plus!
[21/08/2007|20:10] C:\ProgramData\Microsoft
[18/08/2007|19:28] C:\ProgramData\ModŠles
[24/06/2008|19:38] C:\ProgramData\NFS Underground
[26/06/2008|10:39] C:\ProgramData\NVIDIA
[07/01/2008|18:27] C:\ProgramData\Participatory Culture Foundation
[16/05/2008|11:38] C:\ProgramData\Playrix Entertainment
[28/06/2008|19:08] C:\ProgramData\Roxio
[02/06/2007|17:49] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[14/11/2007|14:02] C:\ProgramData\Symantec
[07/07/2008|09:31] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2007|18:04] C:\ProgramData\Test Drive Unlimited
[06/03/2008|14:41] C:\ProgramData\WLInstaller
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/01/2008|10:55] C:\Program Files\AC3Filter
[20/08/2007|10:24] C:\Program Files\Adobe
[07/07/2008|09:57] C:\Program Files\Alwil Software
[24/06/2008|19:33] C:\Program Files\Around the World in 80 Days
[08/11/2007|16:13] C:\Program Files\BitTorrent
[28/08/2007|10:17] C:\Program Files\BitZip
[17/06/2008|10:48] C:\Program Files\Codemasters
[06/03/2008|14:41] C:\Program Files\Common Files
[02/06/2007|17:37] C:\Program Files\CyberLink
[26/03/2008|20:35] C:\Program Files\DAEMON Tools
[26/06/2008|10:37] C:\Program Files\desktop.ini
[01/09/2007|17:41] C:\Program Files\Dictionnaire
[19/08/2007|19:19] C:\Program Files\DivX
[18/08/2007|19:54] C:\Program Files\Eicon
[30/03/2008|11:35] C:\Program Files\Empire Interactive
[19/08/2007|20:51] C:\Program Files\eMule
[18/08/2007|19:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[29/10/2007|16:49] C:\Program Files\FlashGet
[21/08/2007|10:07] C:\Program Files\Google
[08/07/2008|09:41] C:\Program Files\GRISOFT
[02/06/2007|17:43] C:\Program Files\HDReg
[01/07/2008|09:35] C:\Program Files\InstallShield Installation Information
[22/01/2008|13:29] C:\Program Files\Intel
[26/06/2008|10:28] C:\Program Files\Internet Explorer
[05/11/2007|18:45] C:\Program Files\Logitech
[22/01/2008|12:42] C:\Program Files\ma-config.com
[20/01/2008|12:17] C:\Program Files\MediaRoverCodec
[03/04/2008|12:28] C:\Program Files\Messenger Plus! Live
[07/03/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[27/11/2007|18:20] C:\Program Files\MIKSOFT
[26/06/2008|10:28] C:\Program Files\Movie Maker
[23/12/2007|17:24] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[18/08/2007|20:06] C:\Program Files\MSXML 4.0
[22/11/2007|10:28] C:\Program Files\Norton Internet Security
[23/05/2008|10:24] C:\Program Files\OpenAL
[20/08/2007|10:18] C:\Program Files\OpenOffice.org 2.2
[02/06/2007|17:53] C:\Program Files\Packard Bell
[12/06/2008|20:27] C:\Program Files\Picasa2
[09/06/2008|15:30] C:\Program Files\Podmailing
[02/06/2007|17:37] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[23/08/2007|10:23] C:\Program Files\RivaTuner v2.0 Final Release
[02/06/2007|17:49] C:\Program Files\Roxio
[02/06/2007|17:53] C:\Program Files\Skype
[20/08/2007|19:48] C:\Program Files\Symantec
[24/04/2008|19:29] C:\Program Files\The Witcher
[01/05/2008|17:50] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/04/2008|08:17] C:\Program Files\UniUploader
[10/04/2008|17:13] C:\Program Files\Unlocker
[20/08/2007|20:12] C:\Program Files\VideoLAN
[26/06/2008|10:28] C:\Program Files\Windows Calendar
[26/06/2008|10:28] C:\Program Files\Windows Collaboration
[26/06/2008|10:28] C:\Program Files\Windows Defender
[26/06/2008|10:28] C:\Program Files\Windows Journal
[06/03/2008|14:41] C:\Program Files\Windows Live
[26/06/2008|10:28] C:\Program Files\Windows Mail
[26/06/2008|10:28] C:\Program Files\Windows Media Player
[18/08/2007|19:28] C:\Program Files\Windows NT
[26/06/2008|10:28] C:\Program Files\Windows Photo Gallery
[26/06/2008|10:28] C:\Program Files\Windows Sidebar
[21/08/2007|09:54] C:\Program Files\WinRAR
[29/05/2008|10:36] C:\Program Files\World of Warcraft
[11/12/2007|18:33] C:\Program Files\WowCartographe
[02/06/2007|17:39] C:\Program Files\X10 Hardware
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[20/08/2007|10:24] C:\Program Files\Common Files\Adobe
[10/01/2008|10:29] C:\Program Files\Common Files\Blizzard Entertainment
[02/06/2007|17:48] C:\Program Files\Common Files\InstallShield
[02/06/2007|17:44] C:\Program Files\Common Files\Intel
[05/11/2007|18:45] C:\Program Files\Common Files\Logishrd
[05/11/2007|18:46] C:\Program Files\Common Files\Logitech
[06/03/2008|14:42] C:\Program Files\Common Files\microsoft shared
[19/08/2007|10:45] C:\Program Files\Common Files\PX Storage Engine
[02/06/2007|17:49] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/06/2007|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/06/2007|17:49] C:\Program Files\Common Files\SureThing Shared
[18/08/2007|19:54] C:\Program Files\Common Files\SWF Studio
[20/08/2007|19:49] C:\Program Files\Common Files\Symantec Shared
[26/06/2008|10:28] C:\Program Files\Common Files\System
[06/03/2008|14:42] C:\Program Files\Common Files\WindowsLiveInstaller
[02/06/2007|17:38] C:\Program Files\Common Files\X10
---------------------------[ Process ]--------------------------
... 83
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 16:46:44
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\Windows\System32\kdxlz.exe 51712 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------[ Recherche d'autres infections ]---------------------
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.163 85.255.112.15
! WAREOUT Possible !
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_02.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\UpCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER1_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER2_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER3_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.BBX
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Item\ModelItem\Mesh\COM_CONSUME_FIRECRACKER4_255.msh
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\EventCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_00.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Online;\Snd\Item\FireCracker\FireCracker_01.wav
=> C:\Users\Chr\AppData\Local\Application Data\Application Data\VirtualStore\Program Files\Codemasters\RF Onli | | |
