Votre question

PC infecter

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Décembre 2007 21:42:07

Bonjour mon PC est infecter par un virus, storagesecuritor je crois alors voici mon scan Hijackthis et merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:49, on 2007-12-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\lqsrulqa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FREDERIK\Local Settings\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\gcc.exe,C:\WINDOWS\System32\c++.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [74230463] rundll32.exe "C:\WINDOWS\System32\qvbyotbi.dll",b
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\FREDERIK\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD1D264-F0EB-48A7-A939-2C3246BAAE3C}: NameServer = 205.191.194.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\lqsrulqa.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\rtertenoma.html

--
End of file - 6444 bytes

Autres pages sur : infecter

26 Décembre 2007 22:31:44

bonsoir

tu es multiinfecté... -_-

1

~télécharge ce fichier http://downloads.malwareremoval.com/Nel/FixP.zip
sur le bureau.

Extraie et double clique sur Fix_Protocol_zones_ranges.reg.

Accepte lorsqu'il te demande de fusionner avec le registre.

2

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
27 Décembre 2007 05:09:21

Merci beaucoup ca l'air d'avoir marcher voici mon rapport vundofix


VundoFix V6.7.7

Checking Java version...

Scan started at 22:45:31 2007-12-27

Listing files found while scanning....

C:\WINDOWS\system32\adtsfavj.dll
C:\WINDOWS\system32\afawfnbl.exe
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\babkerwb.exe
C:\WINDOWS\System32\denjlsun.dll
C:\WINDOWS\system32\eajspetd.exe
C:\WINDOWS\system32\ectphrwe.dll
C:\WINDOWS\system32\efcyxya.dll
C:\WINDOWS\system32\enulxkre.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gnwiuqil.exe
C:\WINDOWS\system32\gsresieo.exe
C:\WINDOWS\system32\hmshtkej.exe
C:\WINDOWS\system32\htrirdvp.dll
C:\WINDOWS\system32\jkkjhhi.dll
C:\WINDOWS\system32\jsdyqflw.exe
C:\WINDOWS\system32\jvafstda.ini
C:\WINDOWS\system32\kbuxdtgv.exe
C:\WINDOWS\system32\kdrwprli.dll
C:\WINDOWS\system32\kqdjowbr.dll
C:\WINDOWS\system32\lgxovgsb.dll
C:\WINDOWS\system32\lnoiksju.dll
C:\WINDOWS\system32\lqsrulqa.exe
C:\WINDOWS\system32\lscsylbi.dll
C:\WINDOWS\system32\mkqfjpss.exe
C:\WINDOWS\system32\mvwvvluy.exe
C:\WINDOWS\system32\nmautqnw.exe
C:\WINDOWS\system32\nmdacrht.exe
C:\WINDOWS\system32\npposhaw.exe
C:\WINDOWS\system32\ofmdhams.exe
C:\WINDOWS\system32\opnmjki.dll
C:\WINDOWS\system32\ovghmcyw.dll
C:\WINDOWS\system32\qcgyvvmx.dll
C:\WINDOWS\system32\qllvvgvt.exe
C:\WINDOWS\system32\qvbyotbi.dll
C:\WINDOWS\system32\ratuocdy.dll
C:\WINDOWS\system32\twqjdxen.dll
C:\WINDOWS\system32\txoomqpe.dll
C:\WINDOWS\system32\uhumehhw.exe
C:\WINDOWS\system32\uiygkrvj.dll
C:\WINDOWS\system32\urqrrqr.dll
C:\WINDOWS\system32\uvmkgsys.dll
C:\WINDOWS\system32\vgxvlvqb.dll
C:\WINDOWS\system32\vhryjxfg.dll
C:\WINDOWS\system32\vvooajmk.dll
C:\WINDOWS\system32\wkmgragn.dll
C:\WINDOWS\system32\wnrliqqd.exe
C:\WINDOWS\system32\wygkailo.dll
C:\WINDOWS\system32\xsmgxohx.dll
C:\WINDOWS\system32\xvgsleea.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\adtsfavj.dll
C:\WINDOWS\system32\adtsfavj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\afawfnbl.exe
C:\WINDOWS\system32\afawfnbl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\babkerwb.exe
C:\WINDOWS\system32\babkerwb.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\denjlsun.dll
C:\WINDOWS\System32\denjlsun.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eajspetd.exe
C:\WINDOWS\system32\eajspetd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ectphrwe.dll
C:\WINDOWS\system32\ectphrwe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyxya.dll
C:\WINDOWS\system32\efcyxya.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\enulxkre.dll
C:\WINDOWS\system32\enulxkre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gnwiuqil.exe
C:\WINDOWS\system32\gnwiuqil.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsresieo.exe
C:\WINDOWS\system32\gsresieo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmshtkej.exe
C:\WINDOWS\system32\hmshtkej.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\htrirdvp.dll
C:\WINDOWS\system32\htrirdvp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjhhi.dll
C:\WINDOWS\system32\jkkjhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jsdyqflw.exe
C:\WINDOWS\system32\jsdyqflw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvafstda.ini
C:\WINDOWS\system32\jvafstda.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbuxdtgv.exe
C:\WINDOWS\system32\kbuxdtgv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kdrwprli.dll
C:\WINDOWS\system32\kdrwprli.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kqdjowbr.dll
C:\WINDOWS\system32\kqdjowbr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgxovgsb.dll
C:\WINDOWS\system32\lgxovgsb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnoiksju.dll
C:\WINDOWS\system32\lnoiksju.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqsrulqa.exe
C:\WINDOWS\system32\lqsrulqa.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lscsylbi.dll
C:\WINDOWS\system32\lscsylbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mkqfjpss.exe
C:\WINDOWS\system32\mkqfjpss.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvwvvluy.exe
C:\WINDOWS\system32\mvwvvluy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmautqnw.exe
C:\WINDOWS\system32\nmautqnw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmdacrht.exe
C:\WINDOWS\system32\nmdacrht.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\npposhaw.exe
C:\WINDOWS\system32\npposhaw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ofmdhams.exe
C:\WINDOWS\system32\ofmdhams.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjki.dll
C:\WINDOWS\system32\opnmjki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ovghmcyw.dll
C:\WINDOWS\system32\ovghmcyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qcgyvvmx.dll
C:\WINDOWS\system32\qcgyvvmx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qllvvgvt.exe
C:\WINDOWS\system32\qllvvgvt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qvbyotbi.dll
C:\WINDOWS\system32\qvbyotbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ratuocdy.dll
C:\WINDOWS\system32\ratuocdy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\twqjdxen.dll
C:\WINDOWS\system32\twqjdxen.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\txoomqpe.dll
C:\WINDOWS\system32\txoomqpe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhumehhw.exe
C:\WINDOWS\system32\uhumehhw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uiygkrvj.dll
C:\WINDOWS\system32\uiygkrvj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrrqr.dll
C:\WINDOWS\system32\urqrrqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvmkgsys.dll
C:\WINDOWS\system32\uvmkgsys.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vgxvlvqb.dll
C:\WINDOWS\system32\vgxvlvqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vhryjxfg.dll
C:\WINDOWS\system32\vhryjxfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvooajmk.dll
C:\WINDOWS\system32\vvooajmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkmgragn.dll
C:\WINDOWS\system32\wkmgragn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wnrliqqd.exe
C:\WINDOWS\system32\wnrliqqd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wygkailo.dll
C:\WINDOWS\system32\wygkailo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsmgxohx.dll
C:\WINDOWS\system32\xsmgxohx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvgsleea.exe
C:\WINDOWS\system32\xvgsleea.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcyxya.dll
C:\WINDOWS\system32\efcyxya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqsrulqa.exe
C:\WINDOWS\system32\lqsrulqa.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...



et voici mon nouveau scan hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:48, on 2007-12-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\lqsrulqa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\WINDOWS\ntfyapp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\explorer.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\gcc.exe,C:\WINDOWS\System32\c++.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\Rabio\Rabio.dll (file missing)
O2 - BHO: 0 - {619B4928-CB9F-4683-3F91-98BF8769EDE9} - C:\Program Files\Services en ligne\qulazuso.dll (file missing)
O2 - BHO: {bdd59925-6b43-bdca-3804-ee4df1ef4096} - {6904fe1f-d4ee-4083-acdb-34b652995ddb} - C:\WINDOWS\System32\xsmgxohx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\Ow7Vtb7L.dll (file missing)
O2 - BHO: (no name) - {8911B4A9-6421-4971-B2F3-7843A6D9D653} - C:\WINDOWS\System32\gebya.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [74230463] rundll32.exe "C:\WINDOWS\System32\kdrwprli.dll",b
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\FREDERIK\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD1D264-F0EB-48A7-A939-2C3246BAAE3C}: NameServer = 205.191.194.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\lqsrulqa.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\rtertenoma.html

--
End of file - 6958 bytes


Merci beaucoup pour le service rapide meme si c'est le temps des fête :) 
Contenus similaires
Pas de réponse à votre question ? Demandez !
27 Décembre 2007 10:19:09

bonjour
on continue
Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Désactive impérativement ton antivirus avant de lancer l'analyse.

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.
27 Décembre 2007 18:11:19

Salut j'ai télécharger combofix.exe sur mon bureau j'ai désactiver mon antivirus et quand je vien pour ouvrir le ficher il y a une fenetre qui s'ouvre disant : '' c:\Documents and settings\FRÉDÉRIK\Bureau\Combofix.exe n'est pas une application Win32 valide.''

alors je ne suis pas capable de l'ouvrir....
27 Décembre 2007 19:50:24

bonsoir
ok, on fait autrement alors

supprime ta version de ComboFix.


désactive ton antivirus le temps du téléchargement de celle ci:
Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)


Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, un rapport sera créé. Enregistre et poste ce rapport.

ajoute un nouveau rapport Hijackthis.
28 Décembre 2007 00:04:34

Tien voici mon scan combofix il y avait 2 document alors je vais poster les deux

ComboFix 07-12-28.1 - FREDERIK 2007-12-28 17:55:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.365 [GMT 1:00]
Running from: C:\Documents and Settings\FREDERIK\Local Settings\Temporary Internet Files\Content.IE5\7UTWLBV7\ComboFix[2].exe
.
ADS - svchost.exe: deleted 24064 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\FREDERIK\Application Data\NetMon
C:\Documents and Settings\FREDERIK\Application Data\NetMon\domains.txt
C:\Documents and Settings\FREDERIK\Application Data\NetMon\log.txt
C:\Documents and Settings\FREDERIK\Application Data\SpyGuardPro
C:\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\avtasks.dat
C:\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\av.log
C:\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\ga6Support.log
C:\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\FREDERIK\Application Data\WinTouch
C:\Documents and Settings\FREDERIK\Application Data\WinTouch\_install.exe
C:\Documents and Settings\FREDERIK\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\FREDERIK\Bureau\autre\HOLZED\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\ICD1.tmp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\ICD3.tmp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\ICD4.tmp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\is-OAI23.tmp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\is-PO8IA.tmp\_install.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\NI.UGA6P_0001_N122M2210\_install.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\ComPlus Applications\mezoge4444.dll
C:\Program Files\ComPlus Applications\mezoge83122.dll
C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\01\Intel32\_install.exe
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\_install.exe
C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\_install.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\_install.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Speech\_install.exe
C:\Program Files\Fichiers communs\StorageProtector
C:\Program Files\Guild Wars\_install.exe
C:\Program Files\Internet Explorer\Connection Wizard\_install.exe
C:\Program Files\Java\jre1.6.0_03\bin\_install.exe
C:\Program Files\Messenger\_install.exe
C:\Program Files\Movie Maker\_install.exe
C:\Program Files\MSN Gaming Zone\Windows\_install.exe
C:\Program Files\MSN Messenger\_install.exe
C:\Program Files\MSN Messenger\Device Manager\_install.exe
C:\Program Files\MSN\_install.exe
C:\Program Files\MSN\MSNCoreFiles\_install.exe
C:\Program Files\MSN\MSNCoreFiles\Setup\_install.exe
C:\Program Files\NetMeeting\_install.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\_install.exe
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Outlook Express\_install.exe
C:\Program Files\PokerStars\_install.exe
C:\Program Files\PokerStars\backup\_install.exe
C:\Program Files\Services en ligne\rtertenoma.html
C:\Program Files\Steam\_install.exe
C:\Program Files\Steam\bin\_install.exe
C:\Program Files\Steam\steamapps\fredoush\counter-strike source\_install.exe
C:\Program Files\Ventrilo\_install.exe
C:\Program Files\Windows Media Player\_install.exe
C:\Program Files\Windows NT\_install.exe
C:\Program Files\Windows NT\Accessoires\_install.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files.\xpreload.ocx
C:\WINDOWS\msettings.ini
C:\WINDOWS\ntfyapp.config
C:\WINDOWS\ntfyapp.exe
C:\WINDOWS\system32\bapevldj.ini
C:\WINDOWS\system32\cstgycui.ini
C:\WINDOWS\system32\denjlsun.dllbox
C:\WINDOWS\system32\drivers\Cpgw73.sys
C:\WINDOWS\system32\drivers\protect.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VQY51.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\fdmkqdqi.ini
C:\WINDOWS\system32\gguhjvlj.ini
C:\WINDOWS\system32\ibtoybvq.ini
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\iuhbmrmm.ini
C:\WINDOWS\system32\jbakkrpr.ini
C:\WINDOWS\system32\jvfmjvrn.ini
C:\WINDOWS\system32\lovvvgxe.ini
C:\WINDOWS\system32\lqsrulqa.exe
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\ncsdftku.ini
C:\WINDOWS\system32\nnyrjtit.ini
C:\WINDOWS\system32\nuxjolcy.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\titumiqk.ini
C:\WINDOWS\system32\totmrmsb.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xsnvoucs.ini
C:\WINDOWS\system32\ysaxvfny.ini
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FCI
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\LEGACY_VQY51
-------\DomainService
-------\FCI
-------\protect
-------\SysLibrary


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 17:53 . 2007-12-28 17:53 29 --a------ C:\WINDOWS\system32\daayuqqh.tmp
2007-12-28 12:27 . 2007-12-28 12:27 29 --a------ C:\WINDOWS\system32\wtgosgte.tmp
2007-12-28 12:03 . 2007-12-28 12:03 29 --a------ C:\WINDOWS\system32\fgqiitaf.tmp
2007-12-27 23:00 . 2007-12-27 23:00 496,936 --a------ C:\WINDOWS\system32\aybeg.tmp
2007-12-27 22:45 . 2007-12-27 23:02 <REP> d-------- C:\VundoFix Backups
2007-12-27 18:10 . 2007-12-27 18:10 1,027,582 ---hs---- C:\WINDOWS\system32\ilrpwrdk.ini
2007-12-25 16:38 . 2007-12-25 16:38 <REP> d-------- C:\Program Files\Avira
2007-12-25 16:38 . 2007-12-25 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-24 23:04 . 2007-12-27 15:11 1,029,798 ---hs---- C:\WINDOWS\system32\kmjaoovv.ini
2007-12-24 17:37 . 2007-12-24 17:37 <REP> d-------- C:\Documents and Settings\FREDERIK\Application Data\teamspeak2
2007-12-24 17:32 . 2007-12-24 17:37 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-24 17:32 . 2007-12-24 17:32 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-20 11:23 . 2007-12-20 11:23 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-20 11:22 . 2001-08-28 13:00 2,044,928 --a------ C:\WINDOWS\system32\msi.dll
2007-12-20 11:22 . 2001-08-28 13:00 2,044,928 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-20 11:22 . 2001-08-28 13:00 847,872 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-20 11:22 . 2001-08-28 13:00 847,872 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-20 11:22 . 2001-08-28 13:00 304,640 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-20 11:22 . 2001-08-28 13:00 304,640 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-20 11:22 . 2001-08-28 13:00 63,488 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-20 11:22 . 2001-08-28 13:00 63,488 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-20 11:22 . 2001-08-28 13:00 39,936 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-20 11:22 . 2001-08-28 13:00 39,936 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-20 11:20 . 2007-12-27 23:02 <REP> d-------- C:\Program Files\Google
2007-12-20 07:15 . 2007-12-20 07:15 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2007-12-20 05:48 . 2007-12-20 05:48 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-20 05:48 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-12-19 20:28 . 2007-12-19 20:28 165,472 --a------ C:\WINDOWS\system32\tephwbcr.dll
2007-12-19 10:55 . 2007-12-19 10:55 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-19 04:10 . 2007-12-19 05:08 <REP> d-------- C:\WINDOWS\system32\bits
2007-12-19 04:10 . 2002-05-23 09:34 310,272 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-19 04:10 . 2001-08-28 13:00 180,736 --a------ C:\WINDOWS\system32\qmgr.dll
2007-12-19 04:10 . 2001-08-28 13:00 180,736 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-19 04:10 . 2001-08-28 13:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-19 04:10 . 2001-08-28 13:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-19 04:03 . 2007-12-19 04:03 29 --a------ C:\WINDOWS\system32\ditdufgu.tmp
2007-12-19 03:53 . 2007-12-21 20:00 <REP> d-------- C:\Documents and Settings\FREDERIK\Incomplete
2007-12-19 03:53 . 2007-12-27 22:23 <REP> d-------- C:\Documents and Settings\FREDERIK\Application Data\LimeWire
2007-12-16 23:23 . 2007-12-16 23:23 29 --a------ C:\WINDOWS\system32\drgguptt.tmp
2007-12-16 23:21 . 2007-12-16 23:21 7,923 --a------ C:\WINDOWS\system32\DefLib.sys
2007-12-16 18:07 . 1991-11-11 18:03 40,960 --a------ C:\WINDOWS\yahooo.exe
2007-12-16 18:07 . 2007-12-27 18:02 20,480 --a------ C:\WINDOWS\quit.exe
2007-12-16 17:12 . 2007-12-16 17:12 29 --a------ C:\WINDOWS\system32\dgfautiq.tmp
2007-12-16 12:10 . 2007-12-16 12:10 <REP> d---s---- C:\Documents and Settings\FREDERIK\UserData
2007-12-14 01:09 . 1999-04-02 16:37 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2007-12-14 01:09 . 2007-12-14 01:09 501 --a------ C:\WINDOWS\eReg.dat
2007-12-14 01:08 . 2007-12-14 01:08 <REP> d-------- C:\Program Files\Electronic Arts
2007-12-14 01:01 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-14 01:00 . 2007-12-14 01:00 <REP> d-------- C:\Documents and Settings\FREDERIK\WINDOWS
2007-12-12 19:44 . 2007-12-12 19:44 <REP> d-------- C:\WINDOWS\Sun
2007-12-12 19:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-12 19:04 . 2007-12-12 19:05 <REP> d-------- C:\Program Files\Java
2007-12-12 18:59 . 2007-12-12 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-12 18:51 . 2007-12-19 03:52 <REP> d-------- C:\Program Files\LimeWire
2007-12-10 18:20 . 2007-12-28 17:56 <REP> d-------- C:\Program Files\Guild Wars
2007-12-10 18:11 . 2007-12-28 17:58 81,191 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-10 18:10 . 2007-12-10 18:15 <REP> d-------- C:\WINDOWS\nview
2007-12-10 17:55 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-10 17:55 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-10 17:55 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-10 17:55 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-10 17:55 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-10 17:55 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-10 17:55 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-09 18:56 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-09 15:18 . 2007-12-23 22:43 <REP> d-------- C:\Documents and Settings\FREDERIK\Application Data\Ventrilo
2007-12-09 15:17 . 2007-12-28 17:56 <REP> d-------- C:\Program Files\Ventrilo
2007-12-09 13:44 . 2004-11-16 02:25 191,360 -ra------ C:\WINDOWS\system32\drivers\RT2500.sys
2007-12-09 11:45 . 2007-12-09 13:16 <REP> d----c--- C:\WINDOWS\$xpsp1hfm$
2007-12-09 00:45 . 2002-05-23 09:34 310,272 --a------ C:\WINDOWS\system32\winhttp(2).dll
2007-12-08 22:10 . 2007-12-08 22:10 268 --ah----- C:\sqmdata00.sqm
2007-12-08 22:10 . 2007-12-08 22:10 244 --ah----- C:\sqmnoopt00.sqm
2007-12-07 22:25 . 2007-12-09 13:17 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-07 22:25 . 2007-12-09 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-06 23:31 . 2007-12-06 23:31 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-06 23:21 . 2007-12-09 13:17 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-06 23:03 . 2007-12-06 23:03 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-06 22:46 . 2007-12-06 22:46 1,060,864 --a------ C:\WINDOWS\system32\is-D6E53.tmp
2007-12-06 22:45 . 2007-12-28 17:56 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-06 22:45 . 2007-12-06 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-06 22:44 . 2007-12-06 22:44 <REP> d-------- C:\WINDOWS\system32\tdm2
2007-12-06 22:44 . 2007-12-06 22:44 <REP> d-------- C:\WINDOWS\system32\pi3
2007-12-06 22:44 . 2007-12-06 22:44 <REP> d-------- C:\WINDOWS\system32\eu1
2007-12-06 22:43 . 2007-12-06 22:43 <REP> d-------- C:\WINDOWS\system32\daSgo01
2007-12-06 19:13 . 2006-08-11 19:58 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-12-06 19:13 . 2006-08-12 05:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-06 19:13 . 2006-08-12 05:42 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-06 19:01 . 2007-12-06 19:01 385 --a------ C:\WINDOWS\ODBC.INI
2007-12-06 19:00 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-06 18:58 . 2007-12-06 18:59 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-06 18:55 . 2007-12-06 18:55 <REP> dr-h----- C:\MSOCache
2007-12-06 17:45 . 2007-12-28 17:56 <REP> d-------- C:\Program Files\PokerStars
2007-12-06 17:14 . 2007-12-10 17:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-06 17:10 . 2007-12-28 17:58 <REP> d-------- C:\Program Files\Steam
2007-12-06 13:01 . 2007-12-06 16:00 195 ---hs---- C:\boot.ini
2007-12-06 13:00 . 2007-12-06 16:09 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 16:56 --------- d-----w C:\Program Files\Services en ligne
2007-12-16 22:22 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-06 15:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-06 15:07 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-06 15:04 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-06 11:02 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-06 11:02 --------- d-----w C:\Program Files\Fichiers communs\ODBC
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
C:\Program Files\Rabio\Rabio.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{619B4928-CB9F-4683-3F91-98BF8769EDE9}]
C:\Program Files\Services en ligne\qulazuso.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6904fe1f-d4ee-4083-acdb-34b652995ddb}]
C:\WINDOWS\System32\xsmgxohx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8911B4A9-6421-4971-B2F3-7843A6D9D653}]
C:\WINDOWS\System32\gebya.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Steam"="c:\program files\steam\steam.exe" [2007-12-06 17:10]
"ntfyapp"="C:\WINDOWS\ntfyapp.exe" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-12 05:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
"74230463"="C:\WINDOWS\System32\kdrwprli.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-25 10:00:45 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 11:00:47 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-28 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 19:00:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-27 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 01:00:45 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 02:00:45 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 03:00:45 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 04:00:45 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 05:00:45 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 06:00:45 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\qT3n458R.exe
"2007-12-25 07:00:45 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\qT3n458R.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 17:59:12
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 18:00:34 - machine was rebooted
.
2007-12-19 03:11:11 --- E O F ---

1991-11-11 18:03 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mp43.exe.vir
2006-01-03 17:45 1989 --a------ C:\Qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
2006-01-04 18:09 94208 --a------ C:\Qoobox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir
2007-08-02 14:43 282624 --a------ C:\Qoobox\Quarantine\C\Program Files\ComPlus Applications\mezoge4444.dll.vir
2007-08-02 14:43 282624 --a------ C:\Qoobox\Quarantine\C\Program Files\ComPlus Applications\mezoge83122.dll.vir
2007-09-24 02:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2007-10-04 10:46 142 --a------ C:\Qoobox\Quarantine\C\Program Files\Services en ligne\rtertenoma.html.vir
2007-10-10 14:53 184320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b111.exe.vir
2007-10-30 17:53 97280 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b147.exe.vir
2007-11-01 10:23 229376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b128.exe.vir
2007-12-06 22:43 20480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\xpreload.ocx.vir
2007-12-06 22:45 169147 --a------ C:\Qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir
2007-12-06 22:53 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\ga6Support.log.vir
2007-12-06 22:53 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt.vir
2007-12-06 22:53 372 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\NetMon\log.txt.vir
2007-12-06 22:57 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\avtasks.dat.vir
2007-12-06 22:57 463 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\av.log.vir
2007-12-06 23:00 5496 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\SpyGuardPro\Logs\update.log.vir
2007-12-09 01:03 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\NetMon\domains.txt.vir
2007-12-09 01:03 248 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\NetMon\log.txt.vir
2007-12-09 13:52 167424 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\WinTouch\WinTouch.exe.vir
2007-12-09 16:43 14 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir
2007-12-09 16:43 5952 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir
2007-12-10 08:06 74304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lqsrulqa.exe.vir
2007-12-11 08:07 851373 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bapevldj.ini.vir
2007-12-12 07:25 913852 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jvfmjvrn.ini.vir
2007-12-13 08:09 997310 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iuhbmrmm.ini.vir
2007-12-14 22:28 872350 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gguhjvlj.ini.vir
2007-12-15 22:30 872590 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\titumiqk.ini.vir
2007-12-16 11:38 970563 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ncsdftku.ini.vir
2007-12-16 18:07 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\IExplorer.dll .dbt.vir
2007-12-16 22:29 970494 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xsnvoucs.ini.vir
2007-12-16 23:21 18944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\protect.sys.vir
2007-12-16 23:22 185344 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Vqy51.sys.vir
2007-12-16 23:22 4 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winsub.xml.vir
2007-12-16 23:22 62 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\svcp.csv.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Application Data\WinTouch\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Bureau\autre\HOLZED\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\ICD1.tmp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\ICD3.tmp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\ICD4.tmp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\is-OAI23.tmp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\is-PO8IA.tmp\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\FREDERIK\Local Settings\Temp\NI.UGA6P_0001_N122M2210\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\01\Intel32\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSInfo\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Speech\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Guild Wars\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Connection Wizard\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Messenger\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Movie Maker\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN Gaming Zone\Windows\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN Messenger\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN Messenger\Device Manager\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\MSNCoreFiles\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Setup\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\NetMeeting\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Network Monitor\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Outlook Express\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\PokerStars\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\PokerStars\backup\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Steam\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Steam\bin\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Steam\steamapps\fredoush\counter-strike source\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Ventrilo\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Windows Media Player\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Windows NT\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\Program Files\Windows NT\Accessoires\_install.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ntfyapp.exe.vir
2007-12-16 23:23 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\shift.exe.exe.vir
2007-12-17 05:23 185344 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Cpgw73.sys.vir
2007-12-17 05:23 185344 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir
2007-12-17 20:07 980154 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\totmrmsb.ini.vir
2007-12-17 20:11 980274 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jbakkrpr.ini.vir
2007-12-18 20:21 988569 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fdmkqdqi.ini.vir
2007-12-20 04:40 987583 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ysaxvfny.ini.vir
2007-12-20 05:48 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\storageprotector\Data\em.vir
2007-12-20 05:48 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\storageprotector\Data\oid.vir
2007-12-20 05:48 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\storageprotector\Data\user.vir
2007-12-21 12:01 987832 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nuxjolcy.ini.vir
2007-12-22 23:01 992082 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lovvvgxe.ini.vir
2007-12-23 23:05 991350 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnyrjtit.ini.vir
2007-12-24 13:57 991479 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cstgycui.ini.vir
2007-12-25 15:42 20860 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msettings.ini.vir
2007-12-25 15:43 835 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-12-27 15:15 937384 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ibtoybvq.ini.vir
2007-12-27 20:03 7168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\windows.vir
2007-12-27 22:45 33184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\denjlsun.dllbox.vir
2007-12-28 12:30 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\explorer.exe.vir
2007-12-28 17:54 37231 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ntfyapp.config.vir
2007-12-28 17:56 1098 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
2007-12-28 17:56 1348 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_VQY51.reg.dat
2007-12-28 17:56 1376 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_PROTECT.reg.dat
2007-12-28 17:56 1418 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_SYSLIBRARY.reg.dat
2007-12-28 17:56 176 --a------ C:\Qoobox\Quarantine\catchme.log
2007-12-28 17:56 2452 --a------ C:\Qoobox\Quarantine\Registry_backups\services_protect.reg.dat
2007-12-28 17:56 2578 --a------ C:\Qoobox\Quarantine\Registry_backups\services_FCI.reg.dat
2007-12-28 17:56 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.dat
2007-12-28 17:56 700 --a------ C:\Qoobox\Quarantine\Registry_backups\services_SysLibrary.reg.dat
2007-12-28 17:56 766 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_FCI.reg.dat
2007-12-28 17:56 832 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.dat
2007-12-28 17:56 97433 --a------ C:\Qoobox\Quarantine\catchme2007-12-28_175849.98.zip
2007-12-28 17:57 22947 --a------ C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir



28 Décembre 2007 00:05:23

Voici mon Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:06, on 2007-12-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\yahooo.exe
C:\Documents and Settings\FREDERIK\Local Settings\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\Rabio\Rabio.dll (file missing)
O2 - BHO: 0 - {619B4928-CB9F-4683-3F91-98BF8769EDE9} - C:\Program Files\Services en ligne\qulazuso.dll (file missing)
O2 - BHO: {bdd59925-6b43-bdca-3804-ee4df1ef4096} - {6904fe1f-d4ee-4083-acdb-34b652995ddb} - C:\WINDOWS\System32\xsmgxohx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8911B4A9-6421-4971-B2F3-7843A6D9D653} - C:\WINDOWS\System32\gebya.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [74230463] rundll32.exe "C:\WINDOWS\System32\kdrwprli.dll",b
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD1D264-F0EB-48A7-A939-2C3246BAAE3C}: NameServer = 205.191.194.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5933 bytes



Merci Beaucoup pour l'aide
28 Décembre 2007 10:39:05

bonjour
on continue...

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    28 Décembre 2007 20:14:33

    salut il n'y a rien qui se produit quand jappuis sur Y et il ny a pas lair davoir doption pour un nettoyage...
    29 Décembre 2007 01:11:26

    re

    on fait autrement.
    tu es en allemagne?

    +++++++++++++++++
    Tu cliques sur démarrer, tu cliques executer et tu tapes dans la boîte de dialogue: services.msc , tu recherches la ligne de service Microsoft cache control et tu fais" type de démarrage désactivé" puis et "type de démarrage" sur arrêter.

    ++++++++++++++++
    Puis déplace impérativement Combofix et mets le sur ton bureau... comme je te l'avais demandé.


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\daayuqqh.tmp
    C:\WINDOWS\system32\wtgosgte.tmp
    C:\WINDOWS\system32\fgqiitaf.tmp
    C:\WINDOWS\system32\aybeg.tmp
    C:\WINDOWS\system32\ilrpwrdk.ini
    C:\WINDOWS\system32\kmjaoovv.ini
    C:\WINDOWS\system32\tephwbcr.dll
    C:\WINDOWS\system32\ditdufgu.tmp
    C:\WINDOWS\system32\drgguptt.tmp
    C:\WINDOWS\system32\DefLib.sys
    C:\WINDOWS\yahooo.exe
    C:\WINDOWS\quit.exe
    C:\WINDOWS\system32\dgfautiq.tmp
    C:\WINDOWS\system32\is-D6E53.tmp
    C:\WINDOWS\System32\windows
    C:\WINDOWS\System32\qT3n458R.exe
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\System32\kdrwprli.dll
    C\WINDOWS\system32\IExplorer.dll .dbt
    C:\WINDOWS\ntfyapp.exe

    Folder::
    C:\VundoFix Backups
    C:\Documents and Settings\All Users\Application Data\Rabio
    C:\Program Files\Rabio
    C:\WINDOWS\system32\tdm2
    C:\WINDOWS\system32\pi3
    C:\WINDOWS\system32\eu1
    C:\WINDOWS\system32\daSgo01
    C:\Program Files\PokerStars

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{619B4928-CB9F-4683-3F91-98BF8769EDE9}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6904fe1f-d4ee-4083-acdb-34b652995ddb}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8911B4A9-6421-4971-B2F3-7843A6D9D653}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ntfyapp"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "74230463"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    ajoute un nouveau log hijackthis

    16 Janvier 2008 22:10:33

    Tien voici mon scan de combofix je suis vraiment désolé pour le temps de réponse je n'ai pas eu accès a mon PC depuis...

    ComboFix 08-01-09.2 - FREDERIK 2008-01-17 16:02:23.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.431 [GMT 1:00]
    Running from: C:\Documents and Settings\FREDERIK\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\FREDERIK\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\ntfyapp.exe
    C:\WINDOWS\quit.exe
    C:\WINDOWS\system32\aybeg.tmp
    C:\WINDOWS\system32\daayuqqh.tmp
    C:\WINDOWS\system32\DefLib.sys
    C:\WINDOWS\system32\dgfautiq.tmp
    C:\WINDOWS\system32\ditdufgu.tmp
    C:\WINDOWS\system32\drgguptt.tmp
    C:\WINDOWS\system32\fgqiitaf.tmp
    C:\WINDOWS\system32\ilrpwrdk.ini
    C:\WINDOWS\system32\is-D6E53.tmp
    C:\WINDOWS\System32\kdrwprli.dll
    C:\WINDOWS\system32\kmjaoovv.ini
    C:\WINDOWS\System32\qT3n458R.exe
    C:\WINDOWS\system32\tephwbcr.dll
    C:\WINDOWS\System32\windows
    C:\WINDOWS\system32\wtgosgte.tmp
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\yahooo.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Rabio
    C:\Program Files\PokerStars
    C:\Program Files\PokerStars\_update2g.dat
    C:\Program Files\PokerStars\_update2gcd.dat
    C:\Program Files\PokerStars\_update2ni.dat
    C:\Program Files\PokerStars\_update2rare.dat
    C:\Program Files\PokerStars\_update2s.dat
    C:\Program Files\PokerStars\_updcache.dat
    C:\Program Files\PokerStars\backup\PokerStars.exe
    C:\Program Files\PokerStars\backup\Themes\&default\gx.ini
    C:\Program Files\PokerStars\backup\Themes\themes.ini
    C:\Program Files\PokerStars\backup\update.ini
    C:\Program Files\PokerStars\fw.ini
    C:\Program Files\PokerStars\Gx\arr.a.bmp
    C:\Program Files\PokerStars\Gx\arr.bmp
    C:\Program Files\PokerStars\Gx\bg.jpg
    C:\Program Files\PokerStars\Gx\blt.a.bmp
    C:\Program Files\PokerStars\Gx\blt.bmp
    C:\Program Files\PokerStars\Gx\cashierpaysystem.a.bmp
    C:\Program Files\PokerStars\Gx\cashierpaysystem.bmp
    C:\Program Files\PokerStars\Gx\cashierpaysystem.jpg
    C:\Program Files\PokerStars\Gx\cheque.jpg
    C:\Program Files\PokerStars\Gx\chequeCA.jpg
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\0\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\1\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\2\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\3\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\4\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\5\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip-d.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip000025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0001.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0005.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0025.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0100.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip0500.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip100000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip1000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip25000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip500000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\chips\6\chip5000000.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\0\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\1\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\2\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\3\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\4\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\5\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardface.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\6\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\back.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\cardfade.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\default\smback.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\0\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\1\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\2\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\3\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\4\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\5\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\6\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\large\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\0\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\1\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\2\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\3\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\4\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\5\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardbase.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardrank.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\cardsuit.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\6\deck.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\back.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.a.bmp
    C:\Program Files\PokerStars\Gx\chips&deck\deck\simple\cardfade.bmp
    C:\Program Files\PokerStars\Gx\close.a.bmp
    C:\Program Files\PokerStars\Gx\close.bmp
    C:\Program Files\PokerStars\Gx\ctep.bmp
    C:\Program Files\PokerStars\Gx\ctrls\bb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\bb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\btn.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\btn.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashierb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashierb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashiergb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashiergb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashierrb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cashierrb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cb2.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cb2.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cbtn.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\cbtn.bmp
    C:\Program Files\PokerStars\Gx\ctrls\lb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\lb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\rbtn.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\rbtn.bmp
    C:\Program Files\PokerStars\Gx\ctrls\sizebox.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\sizebox.bmp
    C:\Program Files\PokerStars\Gx\ctrls\slider-grip.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\slider-grip.bmp
    C:\Program Files\PokerStars\Gx\ctrls\slider.bmp
    C:\Program Files\PokerStars\Gx\ctrls\stb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\stb.bmp
    C:\Program Files\PokerStars\Gx\ctrls\tabs.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\tabs.bmp
    C:\Program Files\PokerStars\Gx\ctrls\wb.a.bmp
    C:\Program Files\PokerStars\Gx\ctrls\wb.bmp
    C:\Program Files\PokerStars\Gx\cvn.jpg
    C:\Program Files\PokerStars\Gx\dialog.a.bmp
    C:\Program Files\PokerStars\Gx\dialog.bmp
    C:\Program Files\PokerStars\Gx\fg.a.bmp
    C:\Program Files\PokerStars\Gx\fg.bmp
    C:\Program Files\PokerStars\Gx\filter.a.bmp
    C:\Program Files\PokerStars\Gx\filter.bmp
    C:\Program Files\PokerStars\Gx\filterb.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar08.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar08.pff
    C:\Program Files\PokerStars\Gx\fonts\ar09.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\ar09.pff
    C:\Program Files\PokerStars\Gx\fonts\arb08.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb08.pff
    C:\Program Files\PokerStars\Gx\fonts\arb09.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb09.pff
    C:\Program Files\PokerStars\Gx\fonts\arb10.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb10.pff
    C:\Program Files\PokerStars\Gx\fonts\arb11.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb11.cp1250i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb11.cp1252i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb11.pff
    C:\Program Files\PokerStars\Gx\fonts\arb11i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.cp1250i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.cp1252i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb12.pff
    C:\Program Files\PokerStars\Gx\fonts\arb12i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.cp1250i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.cp1252i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arb14.pff
    C:\Program Files\PokerStars\Gx\fonts\arb14i.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu09.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu09.pff
    C:\Program Files\PokerStars\Gx\fonts\arbu10.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu10.pff
    C:\Program Files\PokerStars\Gx\fonts\arbu12.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu12.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\arbu12.pff
    C:\Program Files\PokerStars\Gx\fonts\arbu12i.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru08.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru08.pff
    C:\Program Files\PokerStars\Gx\fonts\aru09.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru09.pff
    C:\Program Files\PokerStars\Gx\fonts\aru10.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\aru10.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb075.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb075.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb075.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb08.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb08.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb09.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb09.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb10.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb10.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb11.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb11.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb11.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb11.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb12.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb12.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb12.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb12.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb14.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb14.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb14.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb14.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb16.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb16.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb16.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb16.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb18.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb18.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb18.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb18.pff
    C:\Program Files\PokerStars\Gx\fonts\gmb20.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb20.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb20.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\gmb20.pff
    C:\Program Files\PokerStars\Gx\fonts\lg08.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg08.pff
    C:\Program Files\PokerStars\Gx\fonts\lg09.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lg09.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb075.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb075.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb075.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb075.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb08.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb08.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb09.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb09.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb10.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb10.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb11.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb11.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb11.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb11.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb12.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb12.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb12.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb12.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb14.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb14.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb14.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb14.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb16.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb16.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb16.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb16.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb18.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb18.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb18.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb18.pff
    C:\Program Files\PokerStars\Gx\fonts\lgb20.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb20.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb20.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\lgb20.pff
    C:\Program Files\PokerStars\Gx\fonts\sb08.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb08.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb08.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb08.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb08.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb08.pff
    C:\Program Files\PokerStars\Gx\fonts\sb08x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb09.pff
    C:\Program Files\PokerStars\Gx\fonts\sb09x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb10.pff
    C:\Program Files\PokerStars\Gx\fonts\sb10x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb11.pff
    C:\Program Files\PokerStars\Gx\fonts\sb11x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb12.pff
    C:\Program Files\PokerStars\Gx\fonts\sb12x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb14.pff
    C:\Program Files\PokerStars\Gx\fonts\sb14x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sb16.pff
    C:\Program Files\PokerStars\Gx\fonts\sb16x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr10.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr10.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr10.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr10.pff
    C:\Program Files\PokerStars\Gx\fonts\sbr11.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1250x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr11.cp1252x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sbr11.pff
    C:\Program Files\PokerStars\Gx\fonts\sbr11x.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf05.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf05.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf05.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf05.pff
    C:\Program Files\PokerStars\Gx\fonts\sf06.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf06.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf06.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf06.pff
    C:\Program Files\PokerStars\Gx\fonts\sf07.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf07.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf07.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sf07.pff
    C:\Program Files\PokerStars\Gx\fonts\sfu06.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu06.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu06.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu06.pff
    C:\Program Files\PokerStars\Gx\fonts\sfu07.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu07.cp1250.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu07.cp1252.bmp
    C:\Program Files\PokerStars\Gx\fonts\sfu07.pff
    C:\Program Files\PokerStars\Gx\fonts\subst.ini
    C:\Program Files\PokerStars\Gx\ico.bmp
    C:\Program Files\PokerStars\Gx\instacashlogo.bmp
    C:\Program Files\PokerStars\Gx\ipb.a.bmp
    C:\Program Files\PokerStars\Gx\ipb.bmp
    C:\Program Files\PokerStars\Gx\ipkt1.a.bmp
    C:\Program Files\PokerStars\Gx\ipkt1.bmp
    C:\Program Files\PokerStars\Gx\ipkt2.a.bmp
    C:\Program Files\PokerStars\Gx\ipkt2.bmp
    C:\Program Files\PokerStars\Gx\ipkt3.a.bmp
    C:\Program Files\PokerStars\Gx\ipkt3.bmp
    C:\Program Files\PokerStars\Gx\label\border.a.bmp
    C:\Program Files\PokerStars\Gx\label\border.bmp
    C:\Program Files\PokerStars\Gx\label\borderb.a.bmp
    C:\Program Files\PokerStars\Gx\label\borderb.bmp
    C:\Program Files\PokerStars\Gx\label\emblem.a.bmp
    C:\Program Files\PokerStars\Gx\label\emblem.bmp
    C:\Program Files\PokerStars\Gx\label\note.a.bmp
    C:\Program Files\PokerStars\Gx\label\note.bmp
    C:\Program Files\PokerStars\Gx\label\ps.a.bmp
    C:\Program Files\PokerStars\Gx\label\ps.bmp
    C:\Program Files\PokerStars\Gx\label\psw.a.bmp
    C:\Program Files\PokerStars\Gx\label\psw.bmp
    C:\Program Files\PokerStars\Gx\label\seat.a.bmp
    C:\Program Files\PokerStars\Gx\label\seat.bmp
    C:\Program Files\PokerStars\Gx\label\status.a.bmp
    C:\Program Files\PokerStars\Gx\label\status.bmp
    C:\Program Files\PokerStars\Gx\label\statusb.a.bmp
    C:\Program Files\PokerStars\Gx\label\statusb.bmp
    C:\Program Files\PokerStars\Gx\label\userface.bmp
    C:\Program Files\PokerStars\Gx\lobby\b.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\b.bmp
    C:\Program Files\PokerStars\Gx\lobby\bi.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\bi.bmp
    C:\Program Files\PokerStars\Gx\lobby\bl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\bl.bmp
    C:\Program Files\PokerStars\Gx\lobby\bm.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\bm.bmp
    C:\Program Files\PokerStars\Gx\lobby\cb.bmp
    C:\Program Files\PokerStars\Gx\lobby\cbg.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\cbg.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\b.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\b.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\bl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\bl.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\bm.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\en\bm.bmp
    C:\Program Files\PokerStars\Gx\lobby\f-arr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\f-arr.bmp
    C:\Program Files\PokerStars\Gx\lobby\f.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\f.bmp
    C:\Program Files\PokerStars\Gx\lobby\lb.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbc.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbl.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbbr.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbml.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbml.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbmr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbmr.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbo.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbo.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtc.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtl.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lbtr.bmp
    C:\Program Files\PokerStars\Gx\lobby\lto.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\lto.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbc.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbl.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\mbr.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbc.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbcr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbcr.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbl.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbbr.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbml.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbml.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbmr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbmr.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtc.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtc2.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtc2.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtl.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtl2.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtl2.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtr.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtr2.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\pbtr2.bmp
    C:\Program Files\PokerStars\Gx\lobby\ps.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\ps.bmp
    C:\Program Files\PokerStars\Gx\lobby\quote.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\quote.bmp
    C:\Program Files\PokerStars\Gx\lobby\r1.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\r1.bmp
    C:\Program Files\PokerStars\Gx\lobby\r2.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\r2.bmp
    C:\Program Files\PokerStars\Gx\lobby\r3.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlmc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlmc.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlml.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlml.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlmr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tlmr.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltc.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltc.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltl.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltl.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltr.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tltr.bmp
    C:\Program Files\PokerStars\Gx\lobby\tm.a.bmp
    C:\Program Files\PokerStars\Gx\lobby\tm.bmp
    C:\Program Files\PokerStars\Gx\lobby\tn.bmp
    C:\Program Files\PokerStars\Gx\pb.a.bmp
    C:\Program Files\PokerStars\Gx\pb.bmp
    C:\Program Files\PokerStars\Gx\pbb.a.bmp
    C:\Program Files\PokerStars\Gx\pbb.bmp
    C:\Program Files\PokerStars\Gx\pbc.bmp
    C:\Program Files\PokerStars\Gx\pblt.a.bmp
    C:\Program Files\PokerStars\Gx\pblt.bmp
    C:\Program Files\PokerStars\Gx\pci.a.bmp
    C:\Program Files\PokerStars\Gx\pci.bmp
    C:\Program Files\PokerStars\Gx\pib.bmp
    C:\Program Files\PokerStars\Gx\pmsp.bmp
    C:\Program Files\PokerStars\Gx\pmt.bmp
    C:\Program Files\PokerStars\Gx\ps.a.bmp
    C:\Program Files\PokerStars\Gx\ps.bmp
    C:\Program Files\PokerStars\Gx\ptb.bmp
    C:\Program Files\PokerStars\Gx\reserved.a.bmp
    C:\Program Files\PokerStars\Gx\reserved.bmp
    C:\Program Files\PokerStars\Gx\table.jpg
    C:\Program Files\PokerStars\Gx\tableseat.a.bmp
    C:\Program Files\PokerStars\Gx\tableseat.bmp
    C:\Program Files\PokerStars\Gx\templates\browser.css
    C:\Program Files\PokerStars\Gx\templates\dialog.css
    C:\Program Files\PokerStars\Gx\templates\dialog.html
    C:\Program Files\PokerStars\Gx\templates\dialog.xml
    C:\Program Files\PokerStars\Gx\templates\help.html
    C:\Program Files\PokerStars\Gx\templates\menu.xml
    C:\Program Files\PokerStars\Gx\tmp.jpg
    C:\Program Files\PokerStars\Gx\tourneyinfo.bmp
    C:\Program Files\PokerStars\Gx\update.bmp
    C:\Program Files\PokerStars\i18n.msg_cli.txt
    C:\Program Files\PokerStars\ImgCache\000070D3.psi
    C:\Program Files\PokerStars\ImgCache\0000A207.psi
    C:\Program Files\PokerStars\ImgCache\0001AF5D.psi
    C:\Program Files\PokerStars\ImgCache\00028FE8.psi
    C:\Program Files\PokerStars\ImgCache\0003A76D.psi
    C:\Program Files\PokerStars\ImgCache\0004DBE4.psi
    C:\Program Files\PokerStars\ImgCache\00053FB3.psi
    C:\Program Files\PokerStars\ImgCache\00059BAB.psi
    C:\Program Files\PokerStars\ImgCache\0005AED0.psi
    C:\Program Files\PokerStars\ImgCache\000653D1.psi
    C:\Program Files\PokerStars\ImgCache\00069ECC.psi
    C:\Program Files\PokerStars\ImgCache\0007083A.psi
    C:\Program Files\PokerStars\ImgCache\0007694F.psi
    C:\Program Files\PokerStars\ImgCache\00079DC6.psi
    C:\Program Files\PokerStars\ImgCache\000807FA.psi
    C:\Program Files\PokerStars\ImgCache\0008F89B.psi
    C:\Program Files\PokerStars\ImgCache\000ABBE9.psi
    C:\Program Files\PokerStars\ImgCache\000AC9AF.psi
    C:\Program Files\PokerStars\ImgCache\000B19AC.psi
    C:\Program Files\PokerStars\ImgCache\000B1EFC.psi
    C:\Program Files\PokerStars\ImgCache\000B9C18.psi
    C:\Program Files\PokerStars\ImgCache\000C6B97.psi
    C:\Program Files\PokerStars\ImgCache\000D6530.psi
    C:\Program Files\PokerStars\ImgCache\000E1432.psi
    C:\Program Files\PokerStars\ImgCache\000E1BF6.psi
    C:\Program Files\PokerStars\ImgCache\000E2B92.psi
    C:\Program Files\PokerStars\ImgCache\000E6E41.psi
    C:\Program Files\PokerStars\ImgCache\000ED6F1.psi
    C:\Program Files\PokerStars\ImgCache\000F2CB9.psi
    C:\Program Files\PokerStars\ImgCache\001190C4.psi
    C:\Program Files\PokerStars\ImgCache\00130944.psi
    C:\Program Files\PokerStars\ImgCache\0013276D.psi
    C:\Program Files\PokerStars\ImgCache\0013EAA6.psi
    C:\Program Files\PokerStars\ImgCache\00140916.psi
    C:\Program Files\PokerStars\ImgCache\001494BB.psi
    C:\Program Files\PokerStars\ImgCache\00149E91.psi
    C:\Program Files\PokerStars\ImgCache\00162958.psi
    C:\Program Files\PokerStars\ImgCache\0017A385.psi
    C:\Program Files\PokerStars\ImgCache\0017C429.psi
    C:\Program Files\PokerStars\ImgCache\0017EB74.psi
    C:\Program Files\PokerStars\ImgCache\0018203B.psi
    C:\Program Files\PokerStars\ImgCache\00185AE7.psi
    C:\Program Files\PokerStars\ImgCache\00188059.psi
    C:\Program Files\PokerStars\ImgCache\0018CE51.psi
    C:\Program Files\PokerStars\ImgCache\0019EB3E.psi
    C:\Program Files\PokerStars\ImgCache\001AAB7C.psi
    C:\Program Files\PokerStars\ImgCache\001D5B06.psi
    C:\Program Files\PokerStars\ImgCache\001D5F5A.psi
    C:\Program Files\PokerStars\ImgCache\001DF437.psi
    C:\Program Files\PokerStars\ImgCache\001DFC01.psi
    C:\Program Files\PokerStars\ImgCache\001DFFEF.psi
    C:\Program Files\PokerStars\ImgCache\001E0701.psi
    C:\Program Files\PokerStars\ImgCache\001EB4CA.psi
    C:\Program Files\PokerStars\ImgCache\001FD3E8.psi
    C:\Program Files\PokerStars\ImgCache\001FF520.psi
    C:\Program Files\PokerStars\ImgCache\00208E4D.psi
    C:\Program Files\PokerStars\ImgCache\002111FB.psi
    C:\Program Files\PokerStars\ImgCache\0023588D.psi
    C:\Program Files\PokerStars\ImgCache\00237AEA.psi
    C:\Program Files\PokerStars\ImgCache\0023E7D9.psi
    C:\Program Files\PokerStars\ImgCache\0025C4F6.psi
    C:\Program Files\PokerStars\ImgCache\0025EBEF.psi
    C:\Program Files\PokerStars\ImgCache\00267165.psi
    C:\Program Files\PokerStars\ImgCache\0026A403.psi
    C:\Program Files\PokerStars\ImgCache\0026D036.psi
    C:\Program Files\PokerStars\ImgCache\002744F4.psi
    C:\Program Files\PokerStars\ImgCache\00276230.psi
    C:\Program Files\PokerStars\ImgCache\002810C7.psi
    C:\Program Files\PokerStars\ImgCache\00288A7B.psi
    C:\Program Files\PokerStars\ImgCache\0029178E.psi
    C:\Program Files\PokerStars\ImgCache\00295F41.psi
    C:\Program Files\PokerStars\ImgCache\0029C834.psi
    C:\Program Files\PokerStars\ImgCache\002A2901.psi
    C:\Program Files\PokerStars\ImgCache\002A63BE.psi
    C:\Program Files\PokerStars\ImgCache\002AC0AA.psi
    C:\Program Files\PokerStars\ImgCache\002AD05A.psi
    C:\Program Files\PokerStars\ImgCache\002AE12B.psi
    C:\Program Files\PokerStars\ImgCache\002B3860.psi
    C:\Program Files\PokerStars\ImgCache\002BCF7F.psi
    C:\Program Files\PokerStars\ImgCache\002BDC01.psi
    C:\Program Files\PokerStars\ImgCache\002BDFA5.psi
    C:\Program Files\PokerStars\ImgCache\002BE5E2.psi
    C:\Program Files\PokerStars\ImgCache\002C4B5D.psi
    C:\Program Files\PokerStars\ImgCache\002CFB81.psi
    C:\Program Files\PokerStars\ImgCache\002DBCD4.psi
    C:\Program Files\PokerStars\ImgCache\002DC1A9.psi
    C:\Program Files\PokerStars\ImgCache\002E47E8.psi
    C:\Program Files\PokerStars\ImgCache\002E9C25.psi
    C:\Program Files\PokerStars\ImgCache\002F578E.psi
    C:\Program Files\PokerStars\ImgCache\002F838C.psi
    C:\Program Files\PokerStars\ImgCache\002FC882.psi
    C:\Program Files\PokerStars\ImgCache\00301AD3.psi
    C:\Program Files\PokerStars\ImgCache\003074B2.psi
    C:\Program Files\PokerStars\ImgCache\00307C61.psi
    C:\Program Files\PokerStars\ImgCache\0030AA4B.psi
    C:\Program Files\PokerStars\ImgCache\0030BE1D.psi
    C:\Program Files\PokerStars\ImgCache\0031C709.psi
    C:\Program Files\PokerStars\ImgCache\0031CBD8.psi
    C:\Program Files\PokerStars\ImgCache\0031D41D.psi
    C:\Program Files\PokerStars\ImgCache\0031E20C.psi
    C:\Program Files\PokerStars\ImgCache\0031ED0D.psi
    C:\Program Files\PokerStars\ImgCache\0031F363.psi
    C:\Program Files\PokerStars\ImgCache\00323B48.psi
    C:\Program Files\PokerStars\ImgCache\00338A0C.psi
    C:\Program Files\PokerStars\ImgCache\00340CF5.psi
    C:\Program Files\PokerStars\ImgCache\00341DB4.psi
    C:\Program Files\PokerStars\ImgCache\00342033.psi
    C:\Program Files\PokerStars\ImgCache\00349593.psi
    C:\Program Files\PokerStars\ImgCache\0034E8B3.psi
    C:\Program Files\PokerStars\ImgCache\00359B6E.psi
    C:\Program Files\PokerStars\ImgCache\0036CCFF.psi
    C:\Program Files\PokerStars\ImgCache\0036D23A.psi
    C:\Program Files\PokerStars\ImgCache\0036FC6B.psi
    C:\Program Files\PokerStars\ImgCache\00373224.psi
    C:\Program Files\PokerStars\ImgCache\00374616.psi
    C:\Program Files\PokerStars\ImgCache\0037503C.psi
    C:\Program Files\PokerStars\ImgCache\003787CD.psi
    C:\Program Files\PokerStars\ImgCache\003821FF.psi
    C:\Program Files\PokerStars\ImgCache\00386C15.psi
    C:\Program Files\PokerStars\ImgCache\003918CA.psi
    C:\Program Files\PokerStars\ImgCache\00392F43.psi
    C:\Program Files\PokerStars\ImgCache\00395999.psi
    C:\Program Files\PokerStars\ImgCache\00395CD7.psi
    C:\Program Files\PokerStars\ImgCache\0039B8CD.psi
    C:\Program Files\PokerStars\ImgCache\0039D428.psi
    C:\Program Files\PokerStars\ImgCache\0039F85C.psi
    C:\Program Files\PokerStars\ImgCache\003A24E0.psi
    C:\Program Files\PokerStars\ImgCache\003A4042.psi
    C:\Program Files\PokerStars\ImgCache\003A4C33.psi
    C:\Program Files\PokerStars\ImgCache\003A6142.psi
    C:\Program Files\PokerStars\ImgCache\003AB122.psi
    C:\Program Files\PokerStars\ImgCache\003B1B6A.psi
    C:\Program Files\PokerStars\ImgCache\003B40A5.psi
    C:\Program Files\PokerStars\ImgCache\003B73CB.psi
    C:\Program Files\PokerStars\ImgCache\003BB72B.psi
    C:\Program Files\PokerStars\ImgCache\003BCE19.psi
    C:\Program Files\PokerStars\ImgCache\003BEF1A.psi
    C:\Program Files\PokerStars\ImgCache\003C40C0.psi
    C:\Program Files\PokerStars\ImgCache\003CC8EA.psi
    C:\Program Files\PokerStars\ImgCache\003D57F9.psi
    C:\Program Files\PokerStars\ImgCache\003D7F9C.psi
    C:\Program Files\PokerStars\ImgCache\003DA200.psi
    C:\Program Files\PokerStars\ImgCache\003DFE14.psi
    C:\Program Files\PokerStars\ImgCache\003E0A0B.psi
    C:\Program Files\PokerStars\ImgCache\003E3C8F.psi
    C:\Program Files\PokerStars\ImgCache\003F1139.psi
    C:\Program Files\PokerStars\ImgCache\003F5CA4.psi
    C:\Program Files\PokerStars\ImgCache\003F70EA.psi
    C:\Program Files\PokerStars\ImgCache\003FC844.psi
    C:\Program Files\PokerStars\ImgCache\004019E1.psi
    C:\Program Files\PokerStars\ImgCache\004031FF.psi
    C:\Program Files\PokerStars\ImgCache\004107AD.psi
    C:\Program Files\PokerStars\ImgCache\00418282.psi
    C:\Program Files\PokerStars\ImgCache\0041AD92.psi
    C:\Program Files\PokerStars\ImgCache\0041DA11.psi
    C:\Program Files\PokerStars\ImgCache\0042553F.psi
    C:\Program Files\PokerStars\ImgCache\00429208.psi
    C:\Program Files\PokerStars\ImgCache\004380DE.psi
    C:\Program Files\PokerStars\ImgCache\0043A382.psi
    C:\Program Files\PokerStars\ImgCache\0043E6CC.psi
    C:\Program Files\PokerStars\ImgCache\0044B800.psi
    C:\Program Files\PokerStars\ImgCache\0044D72B.psi
    C:\Program Files\PokerStars\ImgCache\00450EFF.psi
    C:\Program Files\PokerStars\ImgCache\00454BD5.psi
    C:\Program Files\PokerStars\ImgCache\004597CD.psi
    C:\Program Files\PokerStars\ImgCache\0045C9E9.psi
    C:\Program Files\PokerStars\ImgCache\0045FDE9.psi
    C:\Program Files\PokerStars\ImgCache\004637AB.psi
    C:\Program Files\PokerStars\ImgCache\0046718F.psi
    C:\Program Files\PokerStars\ImgCache\00467AAB.psi
    C:\Program Files\PokerStars\ImgCache\00468030.psi
    C:\Program Files\PokerStars\ImgCache\0046FC8E.psi
    C:\Program Files\PokerStars\ImgCache\0047DED4.psi
    C:\Program Files\PokerStars\ImgCache\00481BD7.psi
    C:\Program Files\PokerStars\ImgCache\00482EA2.psi
    C:\Program Files\PokerStars\ImgCache\00485933.psi
    C:\Program Files\PokerStars\ImgCache\0048943B.psi
    C:\Program Files\PokerStars\ImgCache\0048AA2B.psi
    C:\Program Files\PokerStars\ImgCache\0048EEB5.psi
    C:\Program Files\PokerStars\ImgCache\0049339A.psi
    C:\Program Files\PokerStars\ImgCache\004990A3.psi
    C:\Program Files\PokerStars\ImgCache\004A0BF8.psi
    C:\Program Files\PokerStars\ImgCache\004A2B31.psi
    C:\Program Files\PokerStars\ImgCache\004A3399.psi
    C:\Program Files\PokerStars\ImgCache\004A36A7.psi
    C:\Program Files\PokerStars\ImgCache\004A4754.psi
    C:\Program Files\PokerStars\ImgCache\004A5614.psi
    C:\Program Files\PokerStars\ImgCache\004A747F.psi
    C:\Program Files\PokerStars\ImgCache\004A7A27.psi
    C:\Program Files\PokerStars\ImgCache\004B0028.psi
    C:\Program Files\PokerStars\ImgCache\004BC3C3.psi
    C:\Program Files\PokerStars\ImgCache\004BD66B.psi
    C:\Program Files\PokerStars\ImgCache\004BDBFA.psi
    C:\Program Files\PokerStars\ImgCache\004C5A4C.psi
    C:\Program Files\PokerStars\ImgCache\004C737D.psi
    C:\Program Files\PokerStars\ImgCache\004CB1A2.psi
    C:\Program Files\PokerStars\ImgCache\004D33F3.psi
    C:\Program Files\PokerStars\ImgCache\004D75CB.psi
    C:\Program Files\PokerStars\ImgCache\004D75D7.psi
    C:\Program Files\PokerStars\ImgCache\004D75DC.psi
    C:\Program Files\PokerStars\ImgCache\004D75ED.psi
    C:\Program Files\PokerStars\ImgCache\004D7606.psi
    C:\Program Files\PokerStars\ImgCache\004D7609.psi
    C:\Program Files\PokerStars\ImgCache\004D760B.psi
    C:\Program Files\PokerStars\ImgCache\004D760F.psi
    C:\Program Files\PokerStars\ImgCache\004D7611.psi
    C:\Program Files\PokerStars\ImgCache\004D7613.psi
    C:\Program Files\PokerStars\ImgCache\004D8ADB.psi
    C:\Program Files\PokerStars\ImgCache\004DA7E9.psi
    C:\Program Files\PokerStars\ImgCache\004DE720.psi
    C:\Program Files\PokerStars\ImgCache\004DEAAC.psi
    C:\Program Files\PokerStars\ImgCache\004ED0CA.psi
    C:\Program Files\PokerStars\ImgCache\004F2B26.psi
    C:\Program Files\PokerStars\ImgCache\004F47E8.psi
    C:\Program Files\PokerStars\ImgCache\004FC917.psi
    C:\Program Files\PokerStars\ImgCache\00505C37.psi
    C:\Program Files\PokerStars\ImgCache\00508C90.psi
    C:\Program Files\PokerStars\ImgCache\0050AD6D.psi
    C:\Program Files\PokerStars\ImgCache\00516045.psi
    C:\Program Files\PokerStars\ImgCache\0051A3A3.psi
    C:\Program Files\PokerStars\ImgCache\0051C610.psi
    C:\Program Files\PokerStars\ImgCache\0051F2BF.psi
    C:\Program Files\PokerStars\ImgCache\0051F37F.psi
    C:\Program Files\PokerStars\ImgCache\00521643.psi
    C:\Program Files\PokerStars\ImgCache\005235D8.psi
    C:\Program Files\PokerStars\ImgCache\0052763F.psi
    C:\Program Files\PokerStars\ImgCache\00527C75.psi
    C:\Program Files\PokerStars\ImgCache\00527F6D.psi
    C:\Program Files\PokerStars\ImgCache\0052A453.psi
    C:\Program Files\PokerStars\ImgCache\0052B394.psi
    C:\Program Files\PokerStars\ImgCache\0052FB79.psi
    C:\Program Files\PokerStars\ImgCache\00537FD7.psi
    C:\Program Files\PokerStars\ImgCache\00538256.psi
    C:\Program Files\PokerStars\ImgCache\0053A4B8.psi
    C:\Program Files\PokerStars\ImgCache\0053C661.psi
    C:\Program Files\PokerStars\ImgCache\0053C7B3.psi
    C:\Program Files\PokerStars\ImgCache\0053E723.psi
    C:\Program Files\PokerStars\ImgCache\0053F4EB.psi
    C:\Program Files\PokerStars\ImgCache\00540612.psi
    C:\Program Files\PokerStars\ImgCache\00541F4B.psi
    C:\Program Files\PokerStars\ImgCache\005423E2.psi
    C:\Program Files\PokerStars\ImgCache\00542A8D.psi
    C:\Program Files\PokerStars\ImgCache\00546430.psi
    C:\Program Files\PokerStars\ImgCache\00546446.psi
    C:\Program Files\PokerStars\ImgCache\0054666F.psi
    C:\Program Files\PokerStars\ImgCache\0054B37E.psi
    C:\Program Files\PokerStars\ImgCache\0054C68E.psi
    C:\Program Files\PokerStars\ImgCache\0054E4A4.psi
    C:\Program Files\PokerStars\ImgCache\0054F8F8.psi
    C:\Program Files\PokerStars\ImgCache\00551063.psi
    C:\Program Files\PokerStars\ImgCache\00551E3A.psi
    C:\Program Files\PokerStars\ImgCache\00552601.psi
    C:\Program Files\PokerStars\ImgCache\00552664.psi
    C:\Program Files\PokerStars\ImgCache\00556BB3.psi
    C:\Program Files\PokerStars\ImgCache\00556FD9.psi
    C:\Program Files\PokerStars\ImgCache\00557C09.psi
    C:\Program Files\PokerStars\Im
    16 Janvier 2008 22:30:02

    bonsoir
    le rapport n'est pas complet
    ajoute un log hijackthis
    16 Janvier 2008 22:34:42

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33:45, on 2008-01-17
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\FREDERIK\Local Settings\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD1D264-F0EB-48A7-A939-2C3246BAAE3C}: NameServer = 205.191.194.14
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1705D81C-FCCA-4914-B802-42A6378AC254}: NameServer = 205.191.194.14
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 4837 bytes
    16 Janvier 2008 22:38:44

    je voudrais voir le rapport de ComboFix en entier
    21 Janvier 2008 22:28:14

    C:\Program Files\PokerStars\ImgCache\0058E46C.psi
    C:\Program Files\PokerStars\ImgCache\img.idx
    C:\Program Files\PokerStars\Install.log
    C:\Program Files\PokerStars\main.ico
    C:\Program Files\PokerStars\notes.txt
    C:\Program Files\PokerStars\PokerStars.exe
    C:\Program Files\PokerStars\PokerStars.ini
    C:\Program Files\PokerStars\PokerStars.log.0
    C:\Program Files\PokerStars\PokerStars.log.1
    C:\Program Files\PokerStars\PokerStarsCommunicate.exe
    C:\Program Files\PokerStars\PokerStarsUninstall.exe
    C:\Program Files\PokerStars\PokerStarsUpdate.exe
    C:\Program Files\PokerStars\PokerStarsUpdate.log.0
    C:\Program Files\PokerStars\PokerStarsUpdate.log.1
    C:\Program Files\PokerStars\Snd\snd0.wav
    C:\Program Files\PokerStars\Snd\snd1.wav
    C:\Program Files\PokerStars\Snd\snd2.wav
    C:\Program Files\PokerStars\Snd\snd3.wav
    C:\Program Files\PokerStars\Snd\snd4.wav
    C:\Program Files\PokerStars\Snd\snd5.wav
    C:\Program Files\PokerStars\Snd\snd6.wav
    C:\Program Files\PokerStars\Snd\snd7.wav
    C:\Program Files\PokerStars\Stub.exe
    C:\Program Files\PokerStars\Themes\&default\gx.ini
    C:\Program Files\PokerStars\Themes\azure\bg.jpg
    C:\Program Files\PokerStars\Themes\azure\ctrls\bb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\bb.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\btn.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\btn.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\cbtn.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\cbtn.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\lb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\lb.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\rbtn.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\rbtn.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\slider-grip.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\slider-grip.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\slider.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\slider.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\stb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\stb.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\tabs.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\tabs.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\wb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\ctrls\wb.bmp
    C:\Program Files\PokerStars\Themes\azure\fg.a.bmp
    C:\Program Files\PokerStars\Themes\azure\fg.bmp
    C:\Program Files\PokerStars\Themes\azure\gx.ini
    C:\Program Files\PokerStars\Themes\azure\label\border.a.bmp
    C:\Program Files\PokerStars\Themes\azure\label\border.bmp
    C:\Program Files\PokerStars\Themes\azure\label\borderb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\label\borderb.bmp
    C:\Program Files\PokerStars\Themes\azure\label\seat.a.bmp
    C:\Program Files\PokerStars\Themes\azure\label\seat.bmp
    C:\Program Files\PokerStars\Themes\azure\label\status.a.bmp
    C:\Program Files\PokerStars\Themes\azure\label\status.bmp
    C:\Program Files\PokerStars\Themes\azure\label\statusb.a.bmp
    C:\Program Files\PokerStars\Themes\azure\label\statusb.bmp
    C:\Program Files\PokerStars\Themes\preview\azure.jpg
    C:\Program Files\PokerStars\Themes\preview\marine.jpg
    C:\Program Files\PokerStars\Themes\preview\ordinary.jpg
    C:\Program Files\PokerStars\Themes\preview\renaissance.green.jpg
    C:\Program Files\PokerStars\Themes\preview\renaissance.jpg
    C:\Program Files\PokerStars\Themes\preview\renaissance.purple.jpg
    C:\Program Files\PokerStars\Themes\preview\renaissance.red.jpg
    C:\Program Files\PokerStars\Themes\preview\saloon.jpg
    C:\Program Files\PokerStars\Themes\preview\shiny.jpg
    C:\Program Files\PokerStars\Themes\preview\stars.jpg
    C:\Program Files\PokerStars\Themes\preview\techno.jpg
    C:\Program Files\PokerStars\Themes\simple\gx.ini
    C:\Program Files\PokerStars\Themes\simple\label\border.a.bmp
    C:\Program Files\PokerStars\Themes\simple\label\border.bmp
    C:\Program Files\PokerStars\Themes\simple\label\borderb.a.bmp
    C:\Program Files\PokerStars\Themes\simple\label\borderb.bmp
    C:\Program Files\PokerStars\Themes\simple\label\seat.a.bmp
    C:\Program Files\PokerStars\Themes\simple\label\seat.bmp
    C:\Program Files\PokerStars\Themes\simple\label\status.a.bmp
    C:\Program Files\PokerStars\Themes\simple\label\status.bmp
    C:\Program Files\PokerStars\Themes\simple\label\statusb.a.bmp
    C:\Program Files\PokerStars\Themes\simple\label\statusb.bmp
    C:\Program Files\PokerStars\Themes\simple\reserved.a.bmp
    C:\Program Files\PokerStars\Themes\simple\reserved.bmp
    C:\Program Files\PokerStars\Themes\techno\bg.jpg
    C:\Program Files\PokerStars\Themes\techno\ctrls\bb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\bb.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\btn.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\btn.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\cbtn.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\cbtn.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\lb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\lb.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\rbtn.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\rbtn.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\sizebox.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\sizebox.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\slider-grip.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\slider-grip.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\slider.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\slider.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\stb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\stb.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\tabs.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\tabs.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\wb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\ctrls\wb.bmp
    C:\Program Files\PokerStars\Themes\techno\fg.a.bmp
    C:\Program Files\PokerStars\Themes\techno\fg.bmp
    C:\Program Files\PokerStars\Themes\techno\gx.ini
    C:\Program Files\PokerStars\Themes\techno\label\border.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\border.bmp
    C:\Program Files\PokerStars\Themes\techno\label\borderb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\borderb.bmp
    C:\Program Files\PokerStars\Themes\techno\label\seat.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\seat.bmp
    C:\Program Files\PokerStars\Themes\techno\label\seatb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\seatb.bmp
    C:\Program Files\PokerStars\Themes\techno\label\status.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\status.bmp
    C:\Program Files\PokerStars\Themes\techno\label\statusb.a.bmp
    C:\Program Files\PokerStars\Themes\techno\label\statusb.bmp
    C:\Program Files\PokerStars\Themes\themes.ini
    C:\Program Files\PokerStars\tinfo.dat
    C:\Program Files\PokerStars\trace.ini
    C:\Program Files\PokerStars\Tracer.exe
    C:\Program Files\PokerStars\Uninstall PokerStars.lnk
    C:\Program Files\PokerStars\update.ini
    C:\Program Files\PokerStars\update\_update2.dat
    C:\Program Files\PokerStars\user.ini
    C:\VundoFix Backups
    C:\VundoFix Backups\adtsfavj.dll.bad
    C:\VundoFix Backups\afawfnbl.exe.bad
    C:\VundoFix Backups\aybeg.bak1.bad
    C:\VundoFix Backups\aybeg.bak2.bad
    C:\VundoFix Backups\aybeg.ini.bad
    C:\VundoFix Backups\babkerwb.exe.bad
    C:\VundoFix Backups\denjlsun.dll.bad
    C:\VundoFix Backups\eajspetd.exe.bad
    C:\VundoFix Backups\ectphrwe.dll.bad
    C:\VundoFix Backups\efcyxya.dll.bad
    C:\VundoFix Backups\enulxkre.dll.bad
    C:\VundoFix Backups\gebya.dll.bad
    C:\VundoFix Backups\gnwiuqil.exe.bad
    C:\VundoFix Backups\gsresieo.exe.bad
    C:\VundoFix Backups\hmshtkej.exe.bad
    C:\VundoFix Backups\htrirdvp.dll.bad
    C:\VundoFix Backups\jkkjhhi.dll.bad
    C:\VundoFix Backups\jsdyqflw.exe.bad
    C:\VundoFix Backups\jvafstda.ini.bad
    C:\VundoFix Backups\kbuxdtgv.exe.bad
    C:\VundoFix Backups\kdrwprli.dll.bad
    C:\VundoFix Backups\kqdjowbr.dll.bad
    C:\VundoFix Backups\lgxovgsb.dll.bad
    C:\VundoFix Backups\lnoiksju.dll.bad
    C:\VundoFix Backups\lqsrulqa.exe.bad
    C:\VundoFix Backups\lscsylbi.dll.bad
    C:\VundoFix Backups\mkqfjpss.exe.bad
    C:\VundoFix Backups\mvwvvluy.exe.bad
    C:\VundoFix Backups\nmautqnw.exe.bad
    C:\VundoFix Backups\nmdacrht.exe.bad
    C:\VundoFix Backups\npposhaw.exe.bad
    C:\VundoFix Backups\ofmdhams.exe.bad
    C:\VundoFix Backups\opnmjki.dll.bad
    C:\VundoFix Backups\ovghmcyw.dll.bad
    C:\VundoFix Backups\qcgyvvmx.dll.bad
    C:\VundoFix Backups\qllvvgvt.exe.bad
    C:\VundoFix Backups\qvbyotbi.dll.bad
    C:\VundoFix Backups\ratuocdy.dll.bad
    C:\VundoFix Backups\twqjdxen.dll.bad
    C:\VundoFix Backups\txoomqpe.dll.bad
    C:\VundoFix Backups\uhumehhw.exe.bad
    C:\VundoFix Backups\uiygkrvj.dll.bad
    C:\VundoFix Backups\urqrrqr.dll.bad
    C:\VundoFix Backups\uvmkgsys.dll.bad
    C:\VundoFix Backups\vgxvlvqb.dll.bad
    C:\VundoFix Backups\vhryjxfg.dll.bad
    C:\VundoFix Backups\vvooajmk.dll.bad
    C:\VundoFix Backups\wkmgragn.dll.bad
    C:\VundoFix Backups\wnrliqqd.exe.bad
    C:\VundoFix Backups\wygkailo.dll.bad
    C:\VundoFix Backups\xsmgxohx.dll.bad
    C:\VundoFix Backups\xvgsleea.exe.bad
    C:\WINDOWS\quit.exe
    C:\WINDOWS\system32\aybeg.tmp
    C:\WINDOWS\system32\daayuqqh.tmp
    C:\WINDOWS\system32\daSgo01
    C:\WINDOWS\system32\daSgo01\daSgo011065.exe
    C:\WINDOWS\system32\DefLib.sys
    C:\WINDOWS\system32\dgfautiq.tmp
    C:\WINDOWS\system32\ditdufgu.tmp
    C:\WINDOWS\system32\drgguptt.tmp
    C:\WINDOWS\system32\eu1
    C:\WINDOWS\system32\eu1\monidnpr3.exe
    C:\windows\system32\explorer.exe
    C:\WINDOWS\system32\fgqiitaf.tmp
    C:\WINDOWS\system32\iexplorer.dll .dbt
    C:\WINDOWS\system32\ilrpwrdk.ini
    C:\WINDOWS\system32\is-D6E53.tmp
    C:\WINDOWS\system32\kmjaoovv.ini
    C:\WINDOWS\system32\pi3
    C:\WINDOWS\system32\pi3\mmildot83122.exe
    C:\WINDOWS\system32\tdm2
    C:\WINDOWS\system32\tdm2\viodrivr3.exe
    C:\WINDOWS\system32\tephwbcr.dll
    C:\WINDOWS\system32\wtgosgte.tmp
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\yahooo.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 16:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-25 16:38 . 2007-12-25 16:38 <REP> d-------- C:\Program Files\Avira
    2007-12-25 16:38 . 2007-12-25 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-24 17:37 . 2007-12-24 17:37 <REP> d-------- C:\Documents and Settings\FREDERIK\Application Data\teamspeak2
    2007-12-24 17:32 . 2007-12-24 17:37 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-12-24 17:32 . 2007-12-24 17:32 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2007-12-20 11:23 . 2007-12-20 11:23 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-12-20 11:22 . 2001-08-28 13:00 2,044,928 --a------ C:\WINDOWS\system32\msi.dll
    2007-12-20 11:22 . 2001-08-28 13:00 2,044,928 --a------ C:\WINDOWS\system32\dllcache\msi.dll
    2007-12-20 11:22 . 2001-08-28 13:00 847,872 --a------ C:\WINDOWS\system32\msimsg.dll
    2007-12-20 11:22 . 2001-08-28 13:00 847,872 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
    2007-12-20 11:22 . 2001-08-28 13:00 304,640 --a------ C:\WINDOWS\system32\msihnd.dll
    2007-12-20 11:22 . 2001-08-28 13:00 304,640 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
    2007-12-20 11:22 . 2001-08-28 13:00 63,488 --a------ C:\WINDOWS\system32\msiexec.exe
    2007-12-20 11:22 . 2001-08-28 13:00 63,488 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
    2007-12-20 11:22 . 2001-08-28 13:00 39,936 --a------ C:\WINDOWS\system32\msisip.dll
    2007-12-20 11:22 . 2001-08-28 13:00 39,936 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
    2007-12-20 11:20 . 2007-12-27 23:02 <REP> d-------- C:\Program Files\Google
    2007-12-20 07:15 . 2007-12-20 07:15 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2007-12-20 05:48 . 2007-12-20 05:48 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
    2007-12-20 05:48 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-12-19 10:55 . 2007-12-19 10:55 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-12-19 04:10 . 2007-12-19 05:08 <REP> d-------- C:\WINDOWS\system32\bits
    2007-12-19 04:10 . 2002-05-23 09:34 310,272 --a------ C:\WINDOWS\system32\winhttp.dll
    2007-12-19 04:10 . 2001-08-28 13:00 180,736 --a------ C:\WINDOWS\system32\qmgr.dll
    2007-12-19 04:10 . 2001-08-28 13:00 180,736 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
    2007-12-19 04:10 . 2001-08-28 13:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2007-12-19 04:10 . 2001-08-28 13:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
    2007-12-19 03:53 . 2007-12-21 20:00 <REP> d-------- C:\Documents and Settings\FREDERIK\Incomplete
    2007-12-19 03:53 . 2007-12-27 22:23 <REP> d-------- C:\Documents and Settings\FREDERIK\Application Data\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-17 14:54 --------- d-----w C:\Program Files\Steam
    2007-12-28 16:56 --------- d-----w C:\Program Files\Ventrilo
    2007-12-28 16:56 --------- d-----w C:\Program Files\Services en ligne
    2007-12-28 16:56 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-28 16:56 --------- d-----w C:\Program Files\Guild Wars
    2007-12-23 21:43 --------- d-----w C:\Documents and Settings\FREDERIK\Application Data\Ventrilo
    2007-12-19 02:52 --------- d-----w C:\Program Files\LimeWire
    2007-12-16 22:22 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
    2007-12-14 00:08 --------- d-----w C:\Program Files\Electronic Arts
    2007-12-12 18:05 --------- d-----w C:\Program Files\Java
    2007-12-12 17:59 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-12-06 15:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-06 15:07 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 15:04 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-06 11:02 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 11:02 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-28_17.59.30.82 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2008-01-17 15:02:09 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-17 15:02:09 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-17 15:02:09 544,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-17 15:02:09 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-17 15:02:10 3,756,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    + 2008-01-17 15:02:10 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    - 2007-12-28 16:53:11 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-01-17 14:54:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-12-28 16:53:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-01-17 14:54:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-12-28 16:53:11 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-17 14:54:59 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-12-28 16:54:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-01-17 15:02:17 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Steam"="c:\program files\steam\steam.exe" [2007-12-06 17:10 1266936]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-12 05:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-12 05:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-12 05:43 86016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
    S4 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 16:05:40
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 16:06:17
    ComboFix-quarantined-files.txt 2008-01-17 15:06:08
    ComboFix2.txt 2007-12-28 17:00:34
    .
    2007-12-19 03:11:11 --- E O F ---
    21 Janvier 2008 22:40:52

    tu es en Allemagne?
    23 Janvier 2008 21:53:25

    non mais es ce que mon PC est correct ??
    23 Janvier 2008 23:13:55

    bonsoir
    quel est ton FAI?

    1

    supprime:
    C:\qoobox

    2

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS