Sujet Précédent Sujet Suivant

Rapport Hijackthis

Résolu/Fermé
Alias - 27 mai 2008 à 13:06
 cafanada - 30 mai 2008 à 16:55
Bonjour,
voila depuis hier soir mon pc est infecte je pense par un Vundo mais je n arrive pas à m en debarasser !!
j ai des pages internet qui s ouvre sans cesse , spybot ma detecte un "virtumonde"
ensuite j ai un runtime microsoft C++ qui souvre egalement , et quand je clic sur ok ca disparait ><


je vous joint mon rapport hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:27, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\qzufupsd.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Egd\Bureau\procexp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c7e6f82] rundll32.exe "C:\WINDOWS\system32\knxeohnh.dll",b
O4 - HKLM\..\Run: [BM1f4d5c1e] Rundll32.exe "C:\WINDOWS\system32\ljuxnsnw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [brdoidbk] C:\WINDOWS\system32\qzufupsd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [WbL7bDPpOv] C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

30 réponses

  • 1
  • 2
Réponse 1 / 30
Utilisateur anonyme
27 mai 2008 à 13:14
salut :

télécharge Vundofix sur ton bureau: http://www.atribune.org/public-beta/VundoFix.exe
Double-clique sur VundoFix.exe.Puis clique sur le bouton Scan for Vundo.
Si des fichiers ont été détectés efface les ( yes ), clique sur le bouton Remove Vundo .
Ton bureau va disparaitre un moment lors de la suppression des fichiers.
A un moment donner, une " fenêtre " va t'indiquer que ton PC va s'éteindre, clique OK
Redemarre ton pc et copie colle moi le rapport qui est situé dans C:\vundofix.txt
0
Réponse 2 / 30
Alias
27 mai 2008 à 17:50
Alors j ai effectue le scan avec vundofix mais il na rien trouver !!

j ai ensuite suivi ce tuto
http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up

j ai utiliser navilog sans succes u_u

j ai cette erreur qui apparait

[URL=https://imageshack.com/][IMG]http://img212.imageshack.us/img212/1589/erreurps8.jpg[/IMG][/URL]
[URL=http://g.imageshack.us/g.php?h=212&i=erreurps8.jpg][IMG]http://img212.imageshack.us/img212/1589/erreurps8.51f54653d7.jpg[/IMG][/URL]

puis les popups apparaissent ><

j'ai refais un rapport hijackthis que voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:08, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\qzufupsd.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c7e6f82] rundll32.exe "C:\WINDOWS\system32\yyhdncaw.dll",b
O4 - HKLM\..\Run: [BM1f4d5c1e] Rundll32.exe "C:\WINDOWS\system32\wyecfqli.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [brdoidbk] C:\WINDOWS\system32\qzufupsd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [WbL7bDPpOv] C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 3 / 30
Utilisateur anonyme
27 mai 2008 à 17:57
Telecharge malwarebytes

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 4 / 30
Alias
27 mai 2008 à 19:45
voila scan fini


ca donne ca

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 790

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Eléments examinés: 180841
Temps écoulé: 1 hour(s), 24 minute(s), 53 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
C:\WINDOWS\system32\qzufupsd.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJATmJc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yyhdncaw.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4860144e-c118-4ae8-8dad-bb446253f99c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4860144e-c118-4ae8-8dad-bb446253f99c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0541290b-954e-4b9e-b9d0-907944a5f690} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c7e6f82 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brdoidbk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0541290b-954e-4b9e-b9d0-907944a5f690} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1f4d5c1e (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjatmjc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjatmjc -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJATmJc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cJmTAJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cJmTAJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyhdncaw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wacndhyy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qzufupsd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOhghh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfcxivil.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyecfqli.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
Utilisateur anonyme
27 mai 2008 à 19:49
redémarre le pc si ça n a pas été fais

réouvre malewarebyte va sur quarantaine
supprime tout

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
0
Réponse 6 / 30
Alias
27 mai 2008 à 20:01
j espere que c est ca

C:\WINDOWS\System32\cJmTAJjl.ini -->27/05/2008 19:40:32
C:\WINDOWS\System32\foxjmcvh.dll -->27/05/2008 13:31:55
C:\WINDOWS\System32\cxetgksd.exe -->27/05/2008 13:25:33
C:\WINDOWS\System32\clkcnt.txt -->27/05/2008 13:19:49
C:\WINDOWS\System32\WyJjSvut.ini -->26/05/2008 20:28:46
C:\WINDOWS\System32\WyJjSvut.ini2 -->26/05/2008 20:28:32
C:\WINDOWS\System32\xfyhhfaf.dll -->26/05/2008 12:39:23
C:\WINDOWS\System32\vltgytao.exe -->26/05/2008 12:36:23
C:\WINDOWS\System32\cgekbbuh.dll -->26/05/2008 12:28:07
C:\WINDOWS\System32\bdod.bin -->20/05/2008 21:53:36
C:\WINDOWS\System32\xcomm.dll -->20/05/2008 21:28:08
C:\WINDOWS\System32\bdss.log -->20/05/2008 20:03:59
C:\WINDOWS\System32\CmdLineExt.dll -->13/05/2008 22:05:14
C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
C:\WINDOWS\System32\FNTCACHE.DAT -->08/05/2008 17:11:05
C:\WINDOWS\System32\lhacm.acm -->07/05/2008 13:36:21
C:\WINDOWS\System32\BASSMOD.dll -->17/04/2008 13:01:05
C:\WINDOWS\System32\PerfStringBackup.INI -->11/04/2008 10:02:26
C:\WINDOWS\System32\perfh00C.dat -->11/04/2008 10:02:26
C:\WINDOWS\System32\perfh009.dat -->11/04/2008 10:02:26
C:\WINDOWS\System32\perfc00C.dat -->11/04/2008 10:02:26
C:\WINDOWS\System32\perfc009.dat -->11/04/2008 10:02:26
C:\WINDOWS\System32\mswstr10.dll -->25/03/2008 06:51:09
C:\WINDOWS\System32\msjint40.dll -->25/03/2008 06:51:08
C:\WINDOWS\System32\msxbde40.dll -->25/03/2008 06:50:58

C:\WINDOWS\WindowsUpdate.log -->27/05/2008 19:49:48
C:\WINDOWS\KB932823-v3.log -->27/05/2008 19:45:03
C:\WINDOWS\0.log -->27/05/2008 19:42:56
C:\WINDOWS\wiaservc.log -->27/05/2008 19:42:26
C:\WINDOWS\wiadebug.log -->27/05/2008 19:42:25
C:\WINDOWS\bootstat.dat -->27/05/2008 19:42:09
C:\WINDOWS\SchedLgU.Txt -->27/05/2008 19:40:52
C:\WINDOWS\bdagent.INI -->27/05/2008 19:40:37
C:\WINDOWS\setupapi.log -->27/05/2008 19:22:14
C:\WINDOWS\BM1f4d5c1e.txt -->27/05/2008 17:41:04
C:\WINDOWS\BM1f4d5c1e.xml -->27/05/2008 17:37:50
C:\WINDOWS\pskt.ini -->27/05/2008 17:34:33
C:\WINDOWS\wininit.ini -->26/05/2008 20:24:15
C:\WINDOWS\NeroDigital.ini -->23/05/2008 17:43:55
C:\WINDOWS\wmsetup.log -->23/05/2008 16:57:25

C:\WINDOWS\System32\cxetgksd.exe -->27/05/2008 13:25:33
C:\WINDOWS\System32\vltgytao.exe -->26/05/2008 12:36:23
C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
C:\WINDOWS\System32\foxjmcvh.dll -->27/05/2008 13:31:55
C:\WINDOWS\System32\xfyhhfaf.dll -->26/05/2008 12:39:23
C:\WINDOWS\System32\cgekbbuh.dll -->26/05/2008 12:28:07
C:\WINDOWS\System32\xcomm.dll -->20/05/2008 21:28:08
C:\WINDOWS\System32\CmdLineExt.dll -->13/05/2008 22:05:14
C:\WINDOWS\System32\BASSMOD.dll -->17/04/2008 13:01:05
C:\WINDOWS\System32\mswstr10.dll -->25/03/2008 06:51:09
C:\WINDOWS\System32\msjint40.dll -->25/03/2008 06:51:08
C:\WINDOWS\System32\msxbde40.dll -->25/03/2008 06:50:58


merci ^^
0
Réponse 7 / 30
Utilisateur anonyme
27 mai 2008 à 20:09
réouvre clean

passe l option 2

envoi le rapport clean + un rapport hijackthis fais apres passage de clean option 2 et dis moi tes soucis
0
Réponse 8 / 30
Alias
27 mai 2008 à 20:19
voila par contre je n ai pas eu de rapport de clean ><

voila mon nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:26, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {61C32521-C40C-4335-ACD8-1253214A85C9} - C:\WINDOWS\system32\tuvSjJyW.dll (file missing)
O2 - BHO: (no name) - {6ec406ff-5501-4118-a6eb-dacd0728939d} - (no file)
O2 - BHO: (no name) - {AF61DAF8-9552-45C8-A59E-A75767F9C30B} - (no file)
O2 - BHO: (no name) - {EBD33416-C473-40C6-A6EE-7E82A31543E7} - (no file)
O2 - BHO: {611a5444-33ae-494a-9aa4-6eb5efd9b3ee} - {ee3b9dfe-5be6-4aa9-a494-ea334445a116} - C:\WINDOWS\system32\foxjmcvh.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [WbL7bDPpOv] C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: byXOhghh - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 9 / 30
Utilisateur anonyme
27 mai 2008 à 20:22
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 10 / 30
Alias
27 mai 2008 à 20:41
voila

ComboFix 08-05-26.2 - Administrateur 2008-05-27 20:32:45.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2299 [GMT 2:00]
Endroit: C:\Documents and Settings\Egd\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1f4d5c1e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cJmTAJjl.ini
C:\WINDOWS\system32\cxetgksd.exe
C:\WINDOWS\system32\hnhoexnk.ini
C:\WINDOWS\system32\schhhmsr.ini
C:\WINDOWS\system32\vltgytao.exe
C:\WINDOWS\system32\WyJjSvut.ini
C:\WINDOWS\system32\WyJjSvut.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 20:30 . 2008-03-02 14:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-27 20:30 . 2008-03-02 13:41 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-27 20:30 . 2008-03-02 14:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-27 20:30 . 2008-05-27 20:30 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-27 20:21 . 2008-05-27 20:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 19:53 . 2008-05-27 19:53 10,290,154 --a------ C:\upload_moi_SYLVIA.tar.gz
2008-05-27 19:44 . <REP> C:\WINDOWS\LastGood.Tmp
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Malwarebytes
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 18:09 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 18:09 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 13:31 . 2008-05-27 13:31 134,144 --a------ C:\WINDOWS\system32\foxjmcvh.dll
2008-05-26 20:24 . 2008-05-26 20:24 95 --a------ C:\WINDOWS\wininit.ini
2008-05-26 20:12 . 2008-05-26 20:12 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Grisoft
2008-05-26 20:12 . 2008-05-26 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 20:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-26 19:56 . 2008-05-27 19:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 19:56 . 2008-05-27 18:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 12:39 . 2008-05-26 12:39 134,144 --a------ C:\WINDOWS\system32\xfyhhfaf.dll
2008-05-26 12:28 . 2008-05-26 12:28 124,928 --a------ C:\WINDOWS\system32\cgekbbuh.dll
2008-05-26 12:22 . 2008-05-26 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UiEnCom
2008-05-26 12:22 . 2008-05-26 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\smartsrvutil
2008-05-25 21:37 . 2008-05-27 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\kxyfkjyj
2008-05-25 21:02 . 2008-05-25 21:02 <REP> d-------- C:\Documents and Settings\Egd\Application Data\gtopala
2008-05-23 18:19 . 2008-05-23 18:19 <REP> d-------- C:\Documents and Settings\Egd\Application Data\ImgBurn
2008-05-23 18:09 . 2008-05-23 18:09 <REP> d-------- C:\Program Files\ImgBurn
2008-05-20 21:03 . 2008-05-20 21:03 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-05-20 20:52 . 2008-05-27 20:28 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-20 20:41 . 2008-05-20 20:41 <REP> d-------- C:\Program Files\BitDefender
2008-05-20 20:41 . 2008-05-20 20:41 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Bitdefender
2008-05-20 20:40 . 2008-05-20 20:41 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-19 11:53 . 2008-05-19 11:53 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-17 17:18 . 2008-05-26 20:26 <REP> d-------- C:\Program Files\Asgard Of Ardamir
2008-05-16 22:47 . 2008-05-16 23:00 <REP> d-------- C:\Program Files\Kingdom Of Midgard - Online
2008-05-16 20:54 . 2008-05-16 22:19 <REP> d-------- C:\Program Files\Dollcevita
2008-05-14 12:20 . 2008-05-14 12:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-14 12:17 . 2008-05-14 12:17 <REP> d-------- C:\Documents and Settings\Egd\Application Data\DAEMON Tools
2008-05-13 22:20 . 2008-05-13 22:20 <REP> dr-h----- C:\Documents and Settings\Egd\Application Data\SecuROM
2008-05-13 22:05 . 2008-05-13 22:05 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-13 21:45 . 2008-05-13 21:45 <REP> d-------- C:\Program Files\QuickPar
2008-05-08 23:28 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-05-08 23:11 . 2008-05-14 12:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-08 19:13 . 2008-05-08 19:13 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Samsung
2008-05-08 19:05 . 2008-05-08 19:05 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-08 19:05 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-08 19:05 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-05-08 19:05 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-05-08 19:05 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-05-08 19:05 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-05-08 19:05 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-05-08 19:05 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-05-08 19:05 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-05-08 19:05 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-08 19:04 . 2008-05-08 19:04 <REP> d-------- C:\Program Files\Samsung
2008-05-08 19:04 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-07 13:36 . 2008-05-07 13:36 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-07 13:36 . 2008-05-07 13:36 <REP> d-------- C:\Documents and Settings\Egd\Application Data\teamspeak2
2008-05-07 13:36 . 2008-05-07 13:36 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-29 10:21 . 2008-04-29 10:21 268 --ah----- C:\sqmdata19.sqm
2008-04-29 10:21 . 2008-04-29 10:21 244 --ah----- C:\sqmnoopt19.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-20 18:58 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-20 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-14 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-14 06:33 --------- d-----w C:\Documents and Settings\Egd\Application Data\skypePM
2008-04-26 16:10 --------- d-----w C:\Program Files\Total Video Converter
2008-04-20 20:26 --------- d-----w C:\Documents and Settings\Egd\Application Data\FileZilla
2008-04-20 18:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-17 19:22 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 15:17 --------- d-----w C:\Documents and Settings\Egd\Application Data\Hide IP NG
2008-04-17 10:41 --------- d-----w C:\Documents and Settings\Egd\Application Data\HideIP
2008-04-17 09:17 --------- d-----w C:\Program Files\Paint.NET
2008-04-15 18:09 --------- d-----w C:\Program Files\Moonlight-Destinys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61C32521-C40C-4335-ACD8-1253214A85C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ec406ff-5501-4118-a6eb-dacd0728939d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF61DAF8-9552-45C8-A59E-A75767F9C30B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBD33416-C473-40C6-A6EE-7E82A31543E7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee3b9dfe-5be6-4aa9-a494-ea334445a116}]
2008-05-27 13:31 134144 --a------ C:\WINDOWS\system32\foxjmcvh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-12-02 17:42 3739672]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2005-10-12 15:44 241664]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 18:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-20 20:58 360448]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"WbL7bDPpOv"= C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhghh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-05-20 20:58]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2006-06-24 02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518e66c0-1d45-11dd-8d76-00161723a1d6}]
\Shell\AutoRun\command - L:\Autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 20:37:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Documents and Settings\Egd\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 861 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 20:40:21 - machine was rebooted [Egd]
ComboFix-quarantined-files.txt 2008-05-27 18:40:17

Pre-Run: 19,181,535,232 octets libres
Post-Run: 19,165,433,856 octets libres

183 --- E O F --- 2008-05-27 18:00:10



merci ^^
0
Réponse 11 / 30
Utilisateur anonyme
27 mai 2008 à 20:45
ok refais un scan hijackthis et poste le nouveau rapport stp
0
Réponse 12 / 30
Alias
27 mai 2008 à 20:51
voila Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {61C32521-C40C-4335-ACD8-1253214A85C9} - (no file)
O2 - BHO: (no name) - {6ec406ff-5501-4118-a6eb-dacd0728939d} - (no file)
O2 - BHO: (no name) - {AF61DAF8-9552-45C8-A59E-A75767F9C30B} - (no file)
O2 - BHO: (no name) - {EBD33416-C473-40C6-A6EE-7E82A31543E7} - (no file)
O2 - BHO: {611a5444-33ae-494a-9aa4-6eb5efd9b3ee} - {ee3b9dfe-5be6-4aa9-a494-ea334445a116} - C:\WINDOWS\system32\foxjmcvh.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [WbL7bDPpOv] C:\Documents and Settings\All Users\Application Data\kxyfkjyj\anybsbut.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: byXOhghh - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 13 / 30
Utilisateur anonyme
27 mai 2008 à 21:01
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\foxjmcvh.dll
C:\WINDOWS\system32\xfyhhfaf.dll
C:\WINDOWS\system32\cgekbbuh.dll
C:\WINDOWS\ALCFDRTM.EXE
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm



Folder::
C:\Program Files\Asgard Of Ardamir
C:\Program Files\Kingdom Of Midgard - Online
C:\Program Files\Dollcevita
C:\Documents and Settings\All Users\Application Data\ezsid.dat
C:\Documents and Settings\Egd\Application Data\Hide IP NG
C:\Documents and Settings\Egd\Application Data\HideIP
C:\Program Files\Moonlight-Destinys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"WbL7bDPpOv"=-



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 14 / 30
Alias
27 mai 2008 à 21:29
voila le rapport de combo

ComboFix 08-05-26.2 - Egd 2008-05-27 21:16:18.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2004 [GMT 2:00]
Endroit: C:\Documents and Settings\Egd\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Egd\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\cgekbbuh.dll
C:\WINDOWS\system32\foxjmcvh.dll
C:\WINDOWS\system32\xfyhhfaf.dll
C:\WINDOWS\wininit.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ezsid.dat\
C:\Documents and Settings\Egd\Application Data\Hide IP NG
C:\Documents and Settings\Egd\Application Data\Hide IP NG\hideip.ini
C:\Documents and Settings\Egd\Application Data\Hide IP NG\log.txt
C:\Documents and Settings\Egd\Application Data\HideIP
C:\Documents and Settings\Egd\Application Data\HideIP\hideip.ini
C:\Documents and Settings\Egd\Application Data\HideIP\log.txt
C:\Program Files\Asgard Of Ardamir
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_2_23.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_20_4.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_22_3.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_23_8.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_25_31.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_30_58.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_4_172.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_5_30.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_7_2.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_8_1.ebm
C:\Program Files\Asgard Of Ardamir\_tmpEmblem\Asgard Of Ardamir_9_25.ebm
C:\Program Files\Asgard Of Ardamir\AI\È£¹®Å¬·ç½º ÀΰøÁö´É ½ºÅ©¸³Æ® ¼³¸í¼­.htm
C:\Program Files\Asgard Of Ardamir\AI\AI.lua
C:\Program Files\Asgard Of Ardamir\AI\Const.lua
C:\Program Files\Asgard Of Ardamir\AI\USER_AI\AI.lua
C:\Program Files\Asgard Of Ardamir\AI\USER_AI\Const.lua
C:\Program Files\Asgard Of Ardamir\AI\USER_AI\Util.lua
C:\Program Files\Asgard Of Ardamir\AI\Util.lua
C:\Program Files\Asgard Of Ardamir\aoa.exe
C:\Program Files\Asgard Of Ardamir\aoa1.grf
C:\Program Files\Asgard Of Ardamir\aoa2.grf
C:\Program Files\Asgard Of Ardamir\aoa3.grf
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]1.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]2.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]3.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]4.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]5.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]6.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]7.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]8.mp3
C:\Program Files\Asgard Of Ardamir\BGM\[u]0[/u]9.mp3
C:\Program Files\Asgard Of Ardamir\BGM\10.mp3
C:\Program Files\Asgard Of Ardamir\BGM\100.mp3
C:\Program Files\Asgard Of Ardamir\BGM\101.mp3
C:\Program Files\Asgard Of Ardamir\BGM\102.mp3
C:\Program Files\Asgard Of Ardamir\BGM\103.mp3
C:\Program Files\Asgard Of Ardamir\BGM\104.mp3
C:\Program Files\Asgard Of Ardamir\BGM\105.mp3
C:\Program Files\Asgard Of Ardamir\BGM\106.mp3
C:\Program Files\Asgard Of Ardamir\BGM\107.mp3
C:\Program Files\Asgard Of Ardamir\BGM\108.mp3
C:\Program Files\Asgard Of Ardamir\BGM\109.mp3
C:\Program Files\Asgard Of Ardamir\BGM\11.mp3
C:\Program Files\Asgard Of Ardamir\BGM\110.mp3
C:\Program Files\Asgard Of Ardamir\BGM\111.mp3
C:\Program Files\Asgard Of Ardamir\BGM\112.mp3
C:\Program Files\Asgard Of Ardamir\BGM\113.mp3
C:\Program Files\Asgard Of Ardamir\BGM\12.mp3
C:\Program Files\Asgard Of Ardamir\BGM\13.mp3
C:\Program Files\Asgard Of Ardamir\BGM\14.mp3
C:\Program Files\Asgard Of Ardamir\BGM\15.mp3
C:\Program Files\Asgard Of Ardamir\BGM\16.mp3
C:\Program Files\Asgard Of Ardamir\BGM\17.mp3
C:\Program Files\Asgard Of Ardamir\BGM\18.mp3
C:\Program Files\Asgard Of Ardamir\BGM\19.mp3
C:\Program Files\Asgard Of Ardamir\BGM\20.mp3
C:\Program Files\Asgard Of Ardamir\BGM\200.mp3
C:\Program Files\Asgard Of Ardamir\BGM\201.mp3
C:\Program Files\Asgard Of Ardamir\BGM\202.mp3
C:\Program Files\Asgard Of Ardamir\BGM\203.mp3
C:\Program Files\Asgard Of Ardamir\BGM\205.mp3
C:\Program Files\Asgard Of Ardamir\BGM\206.mp3
C:\Program Files\Asgard Of Ardamir\BGM\21.mp3
C:\Program Files\Asgard Of Ardamir\BGM\22.mp3
C:\Program Files\Asgard Of Ardamir\BGM\23.mp3
C:\Program Files\Asgard Of Ardamir\BGM\24.mp3
C:\Program Files\Asgard Of Ardamir\BGM\25.mp3
C:\Program Files\Asgard Of Ardamir\BGM\26.mp3
C:\Program Files\Asgard Of Ardamir\BGM\27.mp3
C:\Program Files\Asgard Of Ardamir\BGM\28.mp3
C:\Program Files\Asgard Of Ardamir\BGM\29.mp3
C:\Program Files\Asgard Of Ardamir\BGM\30.mp3
C:\Program Files\Asgard Of Ardamir\BGM\31.mp3
C:\Program Files\Asgard Of Ardamir\BGM\33.mp3
C:\Program Files\Asgard Of Ardamir\BGM\34.mp3
C:\Program Files\Asgard Of Ardamir\BGM\35.mp3
C:\Program Files\Asgard Of Ardamir\BGM\36.mp3
C:\Program Files\Asgard Of Ardamir\BGM\37.mp3
C:\Program Files\Asgard Of Ardamir\BGM\38.mp3
C:\Program Files\Asgard Of Ardamir\BGM\39.mp3
C:\Program Files\Asgard Of Ardamir\BGM\40.mp3
C:\Program Files\Asgard Of Ardamir\BGM\41.mp3
C:\Program Files\Asgard Of Ardamir\BGM\42.mp3
C:\Program Files\Asgard Of Ardamir\BGM\43.mp3
C:\Program Files\Asgard Of Ardamir\BGM\44.mp3
C:\Program Files\Asgard Of Ardamir\BGM\45.mp3
C:\Program Files\Asgard Of Ardamir\BGM\46.mp3
C:\Program Files\Asgard Of Ardamir\BGM\47.mp3
C:\Program Files\Asgard Of Ardamir\BGM\48.mp3
C:\Program Files\Asgard Of Ardamir\BGM\49.mp3
C:\Program Files\Asgard Of Ardamir\BGM\50.mp3
C:\Program Files\Asgard Of Ardamir\BGM\51.mp3
C:\Program Files\Asgard Of Ardamir\BGM\52.mp3
C:\Program Files\Asgard Of Ardamir\BGM\53.mp3
C:\Program Files\Asgard Of Ardamir\BGM\54.mp3
C:\Program Files\Asgard Of Ardamir\BGM\55.mp3
C:\Program Files\Asgard Of Ardamir\BGM\56.mp3
C:\Program Files\Asgard Of Ardamir\BGM\57.mp3
C:\Program Files\Asgard Of Ardamir\BGM\58.mp3
C:\Program Files\Asgard Of Ardamir\BGM\59.mp3
C:\Program Files\Asgard Of Ardamir\BGM\60.mp3
C:\Program Files\Asgard Of Ardamir\BGM\61.mp3
C:\Program Files\Asgard Of Ardamir\BGM\62.mp3
C:\Program Files\Asgard Of Ardamir\BGM\63.mp3
C:\Program Files\Asgard Of Ardamir\BGM\64.mp3
C:\Program Files\Asgard Of Ardamir\BGM\65.mp3
C:\Program Files\Asgard Of Ardamir\BGM\66.mp3
C:\Program Files\Asgard Of Ardamir\BGM\67.mp3
C:\Program Files\Asgard Of Ardamir\BGM\68.mp3
C:\Program Files\Asgard Of Ardamir\BGM\69.mp3
C:\Program Files\Asgard Of Ardamir\BGM\70.mp3
C:\Program Files\Asgard Of Ardamir\BGM\71.mp3
C:\Program Files\Asgard Of Ardamir\BGM\72.mp3
C:\Program Files\Asgard Of Ardamir\BGM\73.mp3
C:\Program Files\Asgard Of Ardamir\BGM\74.mp3
C:\Program Files\Asgard Of Ardamir\BGM\75.mp3
C:\Program Files\Asgard Of Ardamir\BGM\76.mp3
C:\Program Files\Asgard Of Ardamir\BGM\77.mp3
C:\Program Files\Asgard Of Ardamir\BGM\78.mp3
C:\Program Files\Asgard Of Ardamir\BGM\79.mp3
C:\Program Files\Asgard Of Ardamir\BGM\80.mp3
C:\Program Files\Asgard Of Ardamir\BGM\81.mp3
C:\Program Files\Asgard Of Ardamir\BGM\82.mp3
C:\Program Files\Asgard Of Ardamir\BGM\83.mp3
C:\Program Files\Asgard Of Ardamir\BGM\84.mp3
C:\Program Files\Asgard Of Ardamir\BGM\85.mp3
C:\Program Files\Asgard Of Ardamir\BGM\86.mp3
C:\Program Files\Asgard Of Ardamir\BGM\87.mp3
C:\Program Files\Asgard Of Ardamir\BGM\88.mp3
C:\Program Files\Asgard Of Ardamir\BGM\89.mp3
C:\Program Files\Asgard Of Ardamir\BGM\90.mp3
C:\Program Files\Asgard Of Ardamir\BGM\91.mp3
C:\Program Files\Asgard Of Ardamir\BGM\92.mp3
C:\Program Files\Asgard Of Ardamir\BGM\93.mp3
C:\Program Files\Asgard Of Ardamir\BGM\94.mp3
C:\Program Files\Asgard Of Ardamir\BGM\95.mp3
C:\Program Files\Asgard Of Ardamir\BGM\96.mp3
C:\Program Files\Asgard Of Ardamir\BGM\97.mp3
C:\Program Files\Asgard Of Ardamir\BGM\99.mp3
C:\Program Files\Asgard Of Ardamir\BGM\intro.mp3
C:\Program Files\Asgard Of Ardamir\binkw32.dll
C:\Program Files\Asgard Of Ardamir\Config.tpc
C:\Program Files\Asgard Of Ardamir\cps.dll
C:\Program Files\Asgard Of Ardamir\dbghelp.dll
C:\Program Files\Asgard Of Ardamir\dinput.dll
C:\Program Files\Asgard Of Ardamir\Emblem\Mettre son embleme de guilde.txt
C:\Program Files\Asgard Of Ardamir\granny2.dll
C:\Program Files\Asgard Of Ardamir\GRF.dll
C:\Program Files\Asgard Of Ardamir\ijl15.dll
C:\Program Files\Asgard Of Ardamir\KOR_LANG.CFG
C:\Program Files\Asgard Of Ardamir\licence.txt
C:\Program Files\Asgard Of Ardamir\Mp3dec.asi
C:\Program Files\Asgard Of Ardamir\Mss32.dll
C:\Program Files\Asgard Of Ardamir\Mssfast.m3d
C:\Program Files\Asgard Of Ardamir\msvcp60.dll
C:\Program Files\Asgard Of Ardamir\NPCHK.DLL
C:\Program Files\Asgard Of Ardamir\NPCIPHER.DLL
C:\Program Files\Asgard Of Ardamir\npkcrypt.dll
C:\Program Files\Asgard Of Ardamir\npkcrypt.sys
C:\Program Files\Asgard Of Ardamir\npkcrypt.vxd
C:\Program Files\Asgard Of Ardamir\npkcusb.sys
C:\Program Files\Asgard Of Ardamir\npkeysdk.dll
C:\Program Files\Asgard Of Ardamir\npkpdb.dll
C:\Program Files\Asgard Of Ardamir\NPPSK.DLL
C:\Program Files\Asgard Of Ardamir\NPSCAN.DES
C:\Program Files\Asgard Of Ardamir\npupdate.dll
C:\Program Files\Asgard Of Ardamir\NPUPDATE0.DLL
C:\Program Files\Asgard Of Ardamir\NPX.DLL
C:\Program Files\Asgard Of Ardamir\Patcher.exe
C:\Program Files\Asgard Of Ardamir\Registry Keys.reg
C:\Program Files\Asgard Of Ardamir\Setup.exe
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ARW_DOWN.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ARW_LEFT.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\arw_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\arw_right_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ARW_UP.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\basewin_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\basewin_mini.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_abil_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_abil_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_abil_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_cartoff.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_comm_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_comm_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_comm_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_dialog_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_dialog_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_equip_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_equip_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_equip_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_friend_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_friend_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_friend_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_items_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_items_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_items_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_job_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_job_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_job_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_map_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_map_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_map_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_option_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_option_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_option_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_profile_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_profile_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_profile_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_skill_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_skill_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_skill_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_status_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_status_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btn_status_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_arrow.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_left2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_mid2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\btnbar_right2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\chatwin0_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\chatwin1_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\chatwin1_line.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\chatwin1_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\chatwin1_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\collection_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\cutline_0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialbtn_his.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialbtn_his0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialbtn_opt.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialbtn_opt0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_btn0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_btn1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_btn2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_his.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_resize.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialog_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialscr_bar.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialscr_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialscr_down.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dialscr_up.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\dlgoptwin_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\equipwin_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\exchange_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\grp_leader.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\grp_offline.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\grp_online.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\GRP_STUN.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\GZE_BG.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzeblue_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzeblue_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzeblue_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzered_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzered_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\gzered_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_confusion.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_curse.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_frozen.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_poison.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_silence.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\ico_stone.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\item_invert.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\itemwin_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\itemwin_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\itemwin_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\lv_up_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\LV_UP_ON.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_01.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_01_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_01_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_02.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_02_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_02_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_03.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_03_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_03_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_04.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_04_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_04_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_05.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_05_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_05_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\mesbtn_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\optwin0_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\optwin1_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\shortcut_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\shortitem_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\shortitem_btn.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\shtcut_item.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\shtcut_skill.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\skill_up_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\skill_up_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\skill_up_c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\skillcollection.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sprite_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\statwin_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\statwin0_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\statwin1_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_base_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_base_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_close_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_close_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_mini_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sys_mini_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sysboxs_ld.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sysboxs_lu.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sysboxs_rd.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\sysboxs_ru.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\tab_itm_01.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\tab_itm_02.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\tab_itm_03.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\titlebar_fix.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\titlebar_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\titlebar_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\titlebar_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_btn_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_btn_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_btn_c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_l.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_m.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtbox_r.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtdown_btn_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtdown_btn_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtdown_btn_c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtup_btn_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtup_btn_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\basic_interface\txtup_btn_c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_1on1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_1on1_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_1on1_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_add.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_add_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_add_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_agree.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_agree_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_agree_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_BACK.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\btn_back_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_back_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_BUY.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\btn_buy_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_buy_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_cancel.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_cancel_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_cancel_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_close.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_close_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_close_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_del.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_del_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_del_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_disagree.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_disagree_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_disagree_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_edit.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_edit_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_edit_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_exchange.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_exchange_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_exchange_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_exchange_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_find.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_find_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_find_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_friend.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_friend_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_friend_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_get.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_get_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_get_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_help.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_help_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_help_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_help2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_info.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_info_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_info_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_learn.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_learn_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_learn_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_list.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_list_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_list_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_make.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_make_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_make_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_memo.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_memo_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_memo_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_NEXT.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\btn_next_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_next_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_OK.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_OK_A.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_OK_B.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\btn_ok_dis.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_reply.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_reply_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_reply_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_resize.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_restart.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_restart_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_restart_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_rewrite.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_rewrite_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_rewrite_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_SELL.BMP
C:\Program Files\Asgard Of Ardamir\skin\default\btn_sell_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_sell_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_send.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_send_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_send_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_use.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_use_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\BTN_use_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_view.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_view_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_view_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_write.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_write_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\btn_write_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\chat_close.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\chat_open.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\checkbox_0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\checkbox_1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\client_select_cs.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\client_select_cs1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\colorchip.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\empty_card_slot.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_01a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_01b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_01c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_02a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_02b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_02c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_03a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_03b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_03c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_04a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_04b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\esc_04c.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-agi0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-agi1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-dex0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-dex1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-int0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-int1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-luk0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-luk1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-str0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-str1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-vit0.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\arw-vit1.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\box_select.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_back.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_cancel.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_close.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_connect.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_connect_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_connect_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_exit.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_exit_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_exit_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_help.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_help2.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_make.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_next.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_ok.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_request.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_request_a.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\btn_request_b.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\chk_saveoff.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\chk_saveon.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\etc_empty.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\name-edit.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\win_login.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\win_make.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\win_select.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\login_interface\win_service.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\radiobtn_off.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\radiobtn_on.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0bar_down.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0bar_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0bar_up.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0down.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll0up.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1bar_left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1bar_mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1bar_right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1left.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1mid.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\scroll1right.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\shop.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_arr_l.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_arr_r.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_bg.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_ld.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_lm.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_lu.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_md.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_mu.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_rd.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_rm.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysbox_ru.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysboxs_ld.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysboxs_lu.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysboxs_rd.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\sysboxs_ru.bmp
C:\Program Files\Asgard Of Ardamir\skin\default\win_msgbox.bmp
C:\Program Files\Asgard Of Ardamir\TipOfTheDay.txt
C:\Program Files\Asgard Of Ardamir\TriadPatchsList.ini
C:\Program Files\Asgard Of Ardamir\unins000.dat
C:\Program Files\Asgard Of Ardamir\unins000.exe
C:\Program Files\Dollcevita
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_1124_22.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_11964_146.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_15164_61.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_15177_40.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_15214_1.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_15226_2.ebm
C:\Program Files\Dollcevita\_tmpEmblem\Dollcevita_15228_4.ebm
C:\Program Files\Dollcevita\adata.grf
C:\Program Files\Dollcevita\AI\AI.lua
C:\Program Files\Dollcevita\AI\AI_M.lua
C:\Program Files\Dollcevita\AI\Const.lua
C:\Program Files\Dollcevita\AI\Util.lua
C:\Program Files\Dollcevita\bdata.grf
C:\Program Files\Dollcevita\BGM\[u]0[/u]1.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]2.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]3.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]4.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]5.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]6.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]7.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]8.mp3
C:\Program Files\Dollcevita\BGM\[u]0[/u]9.mp3
C:\Program Files\Dollcevita\BGM\10.mp3
C:\Program Files\Dollcevita\BGM\100.mp3
C:\Program Files\Dollcevita\BGM\101.mp3
C:\Program Files\Dollcevita\BGM\102.mp3
C:\Program Files\Dollcevita\BGM\103.mp3
C:\Program Files\Dollcevita\BGM\104.mp3
C:\Program Files\Dollcevita\BGM\105.mp3
C:\Program Files\Dollcevita\BGM\106.mp3
C:\Program Files\Dollcevita\BGM\107.mp3
C:\Program Files\Dollcevita\BGM\108.mp3
C:\Program Files\Dollcevita\BGM\109.mp3
C:\Program Files\Dollcevita\BGM\11.mp3
C:\Program Files\Dollcevita\BGM\110.mp3
C:\Program Files\Dollcevita\BGM\111.mp3
C:\Program Files\Dollcevita\BGM\112.mp3
C:\Program Files\Dollcevita\BGM\113.mp3
C:\Program Files\Dollcevita\BGM\114.mp3
C:\Program Files\Dollcevita\BGM\115.mp3
C:\Program Files\Dollcevita\BGM\116.mp3
C:\Program Files\Dollcevita\BGM\117.mp3
C:\Program Files\Dollcevita\BGM\118.mp3
C:\Program Files\Dollcevita\BGM\119.mp3
C:\Program Files\Dollcevita\BGM\12.mp3
C:\Program Files\Dollcevita\BGM\120.mp3
C:\Program Files\Dollcevita\BGM\121.mp3
C:\Program Files\Dollcevita\BGM\122.mp3
C:\Program Files\Dollcevita\BGM\123.mp3
C:\Program Files\Dollcevita\BGM\124.mp3
C:\Program Files\Dollcevita\BGM\125.mp3
C:\Program Files\Dollcevita\BGM\13.mp3
C:\Program Files\Dollcevita\BGM\14.mp3
C:\Program Files\Dollcevita\BGM\15.mp3
C:\Program Files\Dollcevita\BGM\16.mp3
C:\Program Files\Dollcevita\BGM\17.mp3
C:\Program Files\Dollcevita\BGM\18.mp3
C:\Program Files\Dollcevita\BGM\19.mp3
C:\Program Files\Dollcevita\BGM\20.mp3
C:\Program Files\Dollcevita\BGM\21.mp3
C:\Program Files\Dollcevita\BGM\22.mp3
C:\Program Files\Dollcevita\BGM\23.mp3
C:\Program Files\Dollcevita\BGM\24.mp3
C:\Program Files\Dollcevita\BGM\25.mp3
C:\Program Files\Dollcevita\BGM\26.mp3
C:\Program Files\Dollcevita\BGM\27.mp3
C:\Program Files\Dollcevita\BGM\28.mp3
C:\Program Files\Dollcevita\BGM\29.mp3
C:\Program Files\Dollcevita\BGM\30.mp3
C:\Program Files\Dollcevita\BGM\31.mp3
C:\Program Files\Dollcevita\BGM\33.mp3
C:\Program Files\Dollcevita\BGM\34.mp3
C:\Program Files\Dollcevita\BGM\35.mp3
C:\Program Files\Dollcevita\BGM\36.mp3
C:\Program Files\Dollcevita\BGM\37.mp3
C:\Program Files\Dollcevita\BGM\38.mp3
C:\Program Files\Dollcevita\BGM\39.mp3
C:\Program Files\Dollcevita\BGM\40.mp3
C:\Program Files\Dollcevita\BGM\41.mp3
C:\Program Files\Dollcevita\BGM\42.mp3
C:\Program Files\Dollcevita\BGM\43.mp3
C:\Program Files\Dollcevita\BGM\44.mp3
C:\Program Files\Dollcevita\BGM\45.mp3
C:\Program Files\Dollcevita\BGM\46.mp3
C:\Program Files\Dollcevita\BGM\47.mp3
C:\Program Files\Dollcevita\BGM\48.mp3
C:\Program Files\Dollcevita\BGM\49.mp3
C:\Program Files\Dollcevita\BGM\50.mp3
C:\Program Files\Dollcevita\BGM\51.mp3
C:\Program Files\Dollcevita\BGM\52.mp3
C:\Program Files\Dollcevita\BGM\53.mp3
C:\Program Files\Dollcevita\BGM\54.mp3
C:\Program Files\Dollcevita\BGM\55.mp3
C:\Program Files\Dollcevita\BGM\56.mp3
C:\Program Files\Dollcevita\BGM\57.mp3
C:\Program Files\Dollcevita\BGM\58.mp3
C:\Program Files\Dollcevita\BGM\59.mp3
C:\Program Files\Dollcevita\BGM\60.mp3
C:\Program Files\Dollcevita\BGM\61.mp3
C:\Program Files\Dollcevita\BGM\62.mp3
C:\Program Files\Dollcevita\BGM\63.mp3
C:\Program Files\Dollcevita\BGM\64.mp3
C:\Program Files\Dollcevita\BGM\65.mp3
C:\Program Files\Dollcevita\BGM\66.mp3
C:\Program Files\Dollcevita\BGM\67.mp3
C:\Program Files\Dollcevita\BGM\68.mp3
C:\Program Files\Dollcevita\BGM\69.mp3
C:\Program Files\Dollcevita\BGM\70.mp3
C:\Program Files\Dollcevita\BGM\71.mp3
C:\Program Files\Dollcevita\BGM\72.mp3
C:\Program Files\Dollcevita\BGM\73.mp3
C:\Program Files\Dollcevita\BGM\74.mp3
C:\Program Files\Dollcevita\BGM\75.mp3
C:\Program Files\Dollcevita\BGM\76.mp3
C:\Program Files\Dollcevita\BGM\77.mp3
C:\Program Files\Dollcevita\BGM\78.mp3
C:\Program Files\Dollcevita\BGM\79.mp3
C:\Program Files\Dollcevita\BGM\80.mp3
C:\Program Files\Dollcevita\BGM\81.mp3
C:\Program Files\Dollcevita\BGM\82.mp3
C:\Program Files\Dollcevita\BGM\83.mp3
C:\Program Files\Dollcevita\BGM\84.mp3
C:\Program Files\Dollcevita\BGM\85.mp3
C:\Program Files\Dollcevita\BGM\86.mp3
C:\Program Files\Dollcevita\BGM\87.mp3
C:\Program Files\Dollcevita\BGM\88.mp3
C:\Program Files\Dollcevita\BGM\89.mp3
C:\Program Files\Dollcevita\BGM\90.mp3
C:\Program Files\Dollcevita\BGM\91.mp3
C:\Program Files\Dollcevita\BGM\92.mp3
C:\Program Files\Dollcevita\BGM\93.mp3
C:\Program Files\Dollcevita\BGM\94.mp3
C:\Program Files\Dollcevita\BGM\95.mp3
C:\Program Files\Dollcevita\BGM\96.mp3
C:\Program Files\Dollcevita\BGM\97.mp3
C:\Program Files\Dollcevita\BGM\98.mp3
C:\Program Files\Dollcevita\BGM\99.mp3
C:\Program Files\Dollcevita\binkw32.dll
C:\Program Files\Dollcevita\cps.dll
C:\Program Files\Dollcevita\data.grf
C:\Program Files\Dollcevita\DATA.INI
C:\Program Files\Dollcevita\dbghelp.dll
C:\Program Files\Dollcevita\dcv.exe
C:\Program Files\Dollcevita\dinput.dll
C:\Program Files\Dollcevita\granny2.dll
C:\Program Files\Dollcevita\ijl15.dll
C:\Program Files\Dollcevita\Mp3dec.asi
C:\Program Files\Dollcevita\Mss32.dll
C:\Program Files\Dollcevita\Mssfast.m3d
C:\Program Files\Dollcevita\msvcp60.dll
C:\Program Files\Dollcevita\neoncube.file
C:\Program Files\Dollcevita\neoncube\neoncube.ini
C:\Program Files\Dollcevita\neoncube\skin\bg.bmp
C:\Program Files\Dollcevita\neoncube\skin\bg.jpg
C:\Program Files\Dollcevita\neoncube\skin\cancel.bmp
C:\Program Files\Dollcevita\neoncube\skin\cancel_hover.bmp
C:\Program Files\Dollcevita\neoncube\skin\close.bmp
C:\Program Files\Dollcevita\neoncube\skin\close_hover.bmp
C:\Program Files\Dollcevita\neoncube\skin\frame.bmp
C:\Program Files\Dollcevita\neoncube\skin\minimize.bmp
C:\Program Files\Dollcevita\neoncube\skin\minimize_hover.bmp
C:\Program Files\Dollcevita\neoncube\skin\neoncube.style
C:\Program Files\Dollcevita\neoncube\skin\progressbar.bmp
C:\Program Files\Dollcevita\neoncube\skin\register.bmp
C:\Program Files\Dollcevita\neoncube\skin\register_hover.bmp
C:\Program Files\Dollcevita\neoncube\skin\startgame.bmp
C:\Program Files\Dollcevita\neoncube\skin\startgame_hover.bmp
C:\Program Files\Dollcevita\NHCgogo_10.eot
C:\Program Files\Dollcevita\NHCgogo_12.eot
C:\Program Files\Dollcevita\npkcrypt.dll
C:\Program Files\Dollcevita\npkpdb.dll
C:\Program Files\Dollcevita\Patcheur.exe
C:\Program Files\Dollcevita\ProhibitionLog.gd
C:\Program Files\Dollcevita\ProhibitionLog.txt
C:\Program Files\Dollcevita\RixLoveangel_10.eot
C:\Program Files\Dollcevita\RixLoveangel_12.eot
C:\Program Files\Dollcevita\RixSquirrel_10.eot
C:\Program Files\Dollcevita\RixSquirrel_12.eot
C:\Program Files\Dollcevita\RO_MF.ini
C:\Program Files\Dollcevita\Setup.exe
C:\Program Files\Dollcevita\TipOfTheDay.txt
C:\Program Files\Dollcevita\tmp.nc
C:\Program Files\Dollcevita\unins000.dat
C:\Program Files\Dollcevita\unins000.exe
C:\Program Files\Dollcevita\unrar.dll
C:\Program Files\Kingdom Of Midgard - Online
C:\Program Files\Kingdom Of Midgard - Online\_tmpEmblem\Kingdom Of midgard _21_1.ebm
C:\Program Files\Kingdom Of Midgard - Online\_tmpEmblem\Kingdom Of midgard _30_81.ebm
C:\Program Files\Kingdom Of Midgard - Online\_tmpEmblem\Kingdom Of midgard _48_1.ebm
C:\Program Files\Kingdom Of Midgard - Online\_tmpEmblem\Kingdom Of midgard _57_1.ebm
C:\Program Files\Kingdom Of Midgard - Online\_tmpEmblem\Kingdom Of midgard _60_7.ebm
C:\Program Files\Kingdom Of Midgard - Online\AI\AI.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\Const.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\AI.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Amistr.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\AntiPosLag.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\AutoAlch.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Battle.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Commands.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Conf\AMCs.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Conf\Config.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Conf\Custom.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Conf\Friends.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Conf\Monsters.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\ConfCheck.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Const.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Const2.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Docs\en\AdvMove.txt
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Docs\en\ChangeLog.txt
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Docs\en\License.txt
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Docs\Support.html
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Filir.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Friends.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Globals.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\InitSupport.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Lif.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\List.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\MonSupport.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\NetUsageMonitor.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Personality.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Sequencer.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Simulator.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Table.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Timeout.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Utils.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\USER_AI\Vanilmirth.lua
C:\Program Files\Kingdom Of Midgard - Online\AI\Util.lua
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]1.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]2.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]3.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]4.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]5.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]6.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]7.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]8.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\[u]0[/u]9.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\10.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\100.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\101.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\102.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\103.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\104.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\105.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\106.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\107.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\108.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\109.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\11.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\110.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\111.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\112.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\113.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\12.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\13.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\14.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\15.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\16.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\17.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\18.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\19.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\20.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\21.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\22.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\23.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\24.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\25.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\26.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\27.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\28.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\29.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\30.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\31.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\33.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\34.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\35.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\36.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\37.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\38.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\39.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\40.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\41.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\42.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\43.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\44.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\45.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\46.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\47.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\48.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\49.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\50.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\51.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\52.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\53.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\54.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\55.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\56.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\57.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\58.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\59.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\60.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\61.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\62.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\63.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\64.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\65.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\66.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\67.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\68.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\69.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\70.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\71.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\72.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\73.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\74.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\75.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\76.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\77.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\78.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\79.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\80.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\81.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\82.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\83.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\84.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\85.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\86.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\87.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\88.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\89.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\90.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\91.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\92.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\94.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\95.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\96.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\97.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\98.mp3
C:\Program Files\Kingdom Of Midgard - Online\BGM\99.mp3
C:\Program Files\Kingdom Of Midgard - Online\binkw32.dll
C:\Program Files\Kingdom Of Midgard - Online\Config.tpc
C:\Program Files\Kingdom Of Midgard - Online\cps.dll
C:\Program Files\Kingdom Of Midgard - Online\data.grf
C:\Program Files\Kingdom Of Midgard - Online\DATA.INI
C:\Program Files\Kingdom Of Midgard - Online\dinput.dll
C:\Program Files\Kingdom Of Midgard - Online\emblem\Mettre son embleme de guilde.txt
C:\Program Files\Kingdom Of Midgard - Online\granny2.dll
C:\Program Files\Kingdom Of Midgard - Online\GRF.dll
C:\Program Files\Kingdom Of Midgard - Online\ijl15.dll
C:\Program Files\Kingdom Of Midgard - Online\Kingdom Of Midgard.exe
C:\Program Files\Kingdom Of Midgard - Online\KoM-Online.exe
C:\Program Files\Kingdom Of Midgard - Online\kom.grf
C:\Program Files\Kingdom Of Midgard - Online\KoM.ico
C:\Program Files\Kingdom Of Midgard - Online\Mp3dec.asi
C:\Program Files\Kingdom Of Midgard - Online\Mss32.dll
C:\Program Files\Kingdom Of Midgard - Online\Mssfast.m3d
C:\Program Files\Kingdom Of Midgard - Online\RO_MF.ini
C:\Program Files\Kingdom Of Midgard - Online\ScreenShot\Thumbs.db
C:\Program Files\Kingdom Of Midgard - Online\sdata.grf
C:\Program Files\Kingdom Of Midgard - Online\Setup.exe
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\ARW_DOWN.BMP
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\ARW_LEFT.BMP
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\arw_right.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\arw_right_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\ARW_UP.BMP
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\basewin_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\basewin_mini.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_cartoff.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_comm_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_comm_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_comm_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_equip_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_equip_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_equip_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_friend_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_friend_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_friend_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_items_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_items_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_items_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_map_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_map_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_map_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_option_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_option_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_option_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_skill_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_skill_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_skill_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_status_dis.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_status_off.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btn_status_on.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_left.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_left2.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_mid.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_mid2.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_right.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\btnbar_right2.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\chatwin0_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\chatwin1_left.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\chatwin1_line.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\chatwin1_mid.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\chatwin1_right.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\collection_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\cutline_0.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_btn0.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_btn1.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_btn2.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_mid.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\dialog_resize.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\equipwin_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\exchange_bg.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\grp_leader.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\basic_interface\grp_offline.bmp
C:\Program Files\Kingdom Of Midgard - Online\skin\default\b
0
Réponse 15 / 30
Utilisateur anonyme
27 mai 2008 à 21:34
t as la suite du rapport stp ???
0
Réponse 16 / 30
Alias
27 mai 2008 à 21:38
arf ca a buggue ^^

attend alors la suite

C:\Program Files\Moonlight-Destinys\binkw32.dll
C:\Program Files\Moonlight-Destinys\Config.tpc
C:\Program Files\Moonlight-Destinys\cps.dll
C:\Program Files\Moonlight-Destinys\data.grf
C:\Program Files\Moonlight-Destinys\data.ini
C:\Program Files\Moonlight-Destinys\dbghelp.dll
C:\Program Files\Moonlight-Destinys\dinput.dll
C:\Program Files\Moonlight-Destinys\granny2.dll
C:\Program Files\Moonlight-Destinys\GRF.dll
C:\Program Files\Moonlight-Destinys\ijl15.dll
C:\Program Files\Moonlight-Destinys\moonlight.grf
C:\Program Files\Moonlight-Destinys\moonlightdestinys.exe
C:\Program Files\Moonlight-Destinys\Mp3dec.asi
C:\Program Files\Moonlight-Destinys\Mss32.dll
C:\Program Files\Moonlight-Destinys\Mssfast.m3d
C:\Program Files\Moonlight-Destinys\msvcp60.dll
C:\Program Files\Moonlight-Destinys\Setup.exe
C:\Program Files\Moonlight-Destinys\slicence.txt
C:\Program Files\Moonlight-Destinys\TriadPatcherLog.txt
C:\Program Files\Moonlight-Destinys\TriadPatchsList.ini
C:\Program Files\Moonlight-Destinys\uninstall.exe
C:\Program Files\Moonlight-Destinys\unrar.dll
C:\Program Files\Moonlight-Destinys\updater.exe
C:\Program Files\Moonlight-Destinys\zlib1.dll
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\ALCFDRTM.EXE\
C:\WINDOWS\system32\cgekbbuh.dll
C:\WINDOWS\system32\foxjmcvh.dll
C:\WINDOWS\system32\xfyhhfaf.dll
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 21:15 . 2008-05-27 21:15 <REP> d-------- C:\327882R2FWJFW
2008-05-27 20:40 . <REP> C:\WINDOWS\LastGood.Tmp
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-27 20:30 . 2008-03-02 13:41 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-27 20:30 . 2008-03-02 14:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-27 20:30 . 2008-03-02 14:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-27 20:30 . 2008-05-27 20:30 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-27 20:21 . 2008-05-27 20:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 19:53 . 2008-05-27 19:53 10,290,154 --a------ C:\upload_moi_SYLVIA.tar.gz
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Malwarebytes
2008-05-27 18:09 . 2008-05-27 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 18:09 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 18:09 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 20:12 . 2008-05-26 20:12 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Grisoft
2008-05-26 20:12 . 2008-05-26 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 20:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-26 19:56 . 2008-05-27 19:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 19:56 . 2008-05-27 18:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 12:22 . 2008-05-26 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UiEnCom
2008-05-26 12:22 . 2008-05-26 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\smartsrvutil
2008-05-25 21:37 . 2008-05-27 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\kxyfkjyj
2008-05-25 21:02 . 2008-05-25 21:02 <REP> d-------- C:\Documents and Settings\Egd\Application Data\gtopala
2008-05-23 18:19 . 2008-05-23 18:19 <REP> d-------- C:\Documents and Settings\Egd\Application Data\ImgBurn
2008-05-23 18:09 . 2008-05-23 18:09 <REP> d-------- C:\Program Files\ImgBurn
2008-05-20 21:03 . 2008-05-20 21:03 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-05-20 20:52 . 2008-05-27 21:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-20 20:41 . 2008-05-20 20:41 <REP> d-------- C:\Program Files\BitDefender
2008-05-20 20:41 . 2008-05-20 20:41 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Bitdefender
2008-05-20 20:40 . 2008-05-20 20:41 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-14 12:20 . 2008-05-14 12:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-14 12:17 . 2008-05-14 12:17 <REP> d-------- C:\Documents and Settings\Egd\Application Data\DAEMON Tools
2008-05-13 22:20 . 2008-05-13 22:20 <REP> dr-h----- C:\Documents and Settings\Egd\Application Data\SecuROM
2008-05-13 22:05 . 2008-05-13 22:05 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-13 21:45 . 2008-05-13 21:45 <REP> d-------- C:\Program Files\QuickPar
2008-05-08 23:28 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-05-08 23:11 . 2008-05-14 12:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-08 19:13 . 2008-05-08 19:13 <REP> d-------- C:\Documents and Settings\Egd\Application Data\Samsung
2008-05-08 19:05 . 2008-05-08 19:05 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-08 19:05 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-08 19:05 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-05-08 19:05 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-05-08 19:05 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-05-08 19:05 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-05-08 19:05 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-05-08 19:05 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-05-08 19:05 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-05-08 19:05 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-08 19:04 . 2008-05-08 19:04 <REP> d-------- C:\Program Files\Samsung
2008-05-08 19:04 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-07 13:36 . 2008-05-07 13:36 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-07 13:36 . 2008-05-07 13:36 <REP> d-------- C:\Documents and Settings\Egd\Application Data\teamspeak2
2008-05-07 13:36 . 2008-05-07 13:36 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 18:48 --------- d-----w C:\Documents and Settings\Egd\Application Data\GrabIt
2008-05-27 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-20 18:58 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-20 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-14 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-14 06:33 --------- d-----w C:\Documents and Settings\Egd\Application Data\skypePM
2008-04-26 16:10 --------- d-----w C:\Program Files\Total Video Converter
2008-04-20 20:26 --------- d-----w C:\Documents and Settings\Egd\Application Data\FileZilla
2008-04-20 18:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-17 19:22 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 09:17 --------- d-----w C:\Program Files\Paint.NET
.

((((((((((((((((((((((((((((( snapshot@2008-05-27_20.40.02,06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 18:36:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 19:22:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2005-10-12 15:44 241664]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 18:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-20 20:58 360448]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhghh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-05-20 20:58]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2006-06-24 02:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518e66c0-1d45-11dd-8d76-00161723a1d6}]
\Shell\AutoRun\command - L:\Autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 21:23:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Documents and Settings\Egd\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 861 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 21:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 19:27:16
ComboFix2.txt 2008-05-27 18:40:22

Pre-Run: 23,420,149,760 octets libres
Post-Run: 23,528,599,552 octets libres

1327 --- E O F --- 2008-05-27 18:00:10
0
Réponse 17 / 30
Alias
27 mai 2008 à 21:40
et le hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39, on 2008-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\World of Warcraft\WoW-2.4.0-frFR-downloader.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: byXOhghh - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 18 / 30
Utilisateur anonyme
27 mai 2008 à 21:40
ok refais un scan hijackthis et poste le rapport stp
0
Réponse 19 / 30
Utilisateur anonyme
27 mai 2008 à 21:42
_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0
Réponse 20 / 30
Alias
27 mai 2008 à 21:42
jte l ai poster au dessus ^^

sinon ca fait 10min que j ai pas eu de popups

je sais pas si c est bon ?

merci ^^
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses