au secours aidez moi (advanced virus remover)Résolu/Fermé

Question

Bonjour,
je viens de me choper ce virus (advanced virus remover) il y a quelques jours, et je ne parviens pas a m'en debarrasser, j'ai essayé 2 3 trucs mais rien fonctionne pouvait vous m'aider s'il vous plait je suis perdu la.
merci d'avance pour vos reponses

Destrio5 · Answer

Bonjour,

As-tu essayé de le désinstaller tout simplement ?

biloute · Answer

Il n'y a rien pour le désinstaller, le dossier dans programmes files ne contient que le .exe et dans le programme il n'y a rien pour le desinstaller.
Je n'ai meme pas installer cet AdvanceVirusRemover de m****, il s'est installer tout seul quand j'ai telecharger un programme.
Il n'apparait pas dans ajout/suppr, j'ai essayé de l'effacer a sa racine dans programmes files, je l'ai retiré du demarrage, j'ai effacer tout les raccourcis, j'ai supprimer la clé de registre avec ccleaner mais rien a faire il revient toujours au demarrage.

Que puis je faire?

Destrio5 · Answer

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

biloute · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mélissa at 2009-06-12 20:20:23
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 4 GB (22%) free of 20 GB
Total RAM: 383 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:54, on 12/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Mélissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] svohost.exe
O4 - HKLM\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] svohost.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] svohost.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224322438772&h=b7a1afa4ee94a7f089909f6a12580e6e/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

biloute · Answer

le pc a redemarrer et je ne trouve plus le doc ou se trouve t'il?

biloute · Answer

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2267
Windows 5.1.2600 Service Pack 2

12/06/2009 21:22:11
mbam-log-2009-06-12 (21-22-11).txt

Type de recherche: Examen rapide
Eléments examinés: 159774
Temps écoulé: 47 minute(s), 36 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
C:\WINDOWS\SYSTEM32\svohost.exe (Trojan.Dropper) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\microsoft update machine (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft update machine (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft update machine (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\all users\application data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\jacques barbano\application data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\jacques barbano\application data\winantivirus pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oSN13 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Mélissa.BARBANO-AUD-MEL\Application Data\ptidl (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\svohost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\SYSDLL.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\yhafd78auhd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\grb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\yjbj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\bkngm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\oSN13\oSN131084.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mélissa.barbano-aud-mel\application data\ptidl\ptidl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\gsgaiiu_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\gsgaiiu_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\TASKS\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.
c:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Mélissa.BARBANO-AUD-MEL\Localdir\winlogo.exe (Worm.Archive) -> Quarantined and deleted successfully.
c:\documents and settings\Mélissa.BARBANO-AUD-MEL\Bureau\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
c:\documents and settings\Mélissa.BARBANO-AUD-MEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
c:\documents and settings\Mélissa.BARBANO-AUD-MEL\Menu Démarrer\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Destrio5 · Answer

- Relance MBAM, va dans Quarantaine et supprime tout.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Navilog1 et choisir Exécuter en tant qu'administrateur)

- Appuie sur F ou f  puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

biloute · Answer

je te remercie de prendre du temps pour t'occuper de mon probleme si sa te va on fera la suite demain.

Destrio5 · Answer

Bonne soirée ;)

biloute · Answer

merci passe une bonne soirée toi aussi et encore merci pour ton aide

biloute · Answer

Search Navipromo version 3.7.7 commencé le 13/06/2009 à 11:47:43,13

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
BIOS : Award Modular BIOS v6.00PG
USER : Mélissa ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 080329-0] 4.8.1296 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:6 Go)
F:\ (CD or DVD)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Audrey\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JACQUE~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Manuel\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Audrey\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Manuel\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Audrey\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Manuel\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

bqxfkh_navtmp.dat trouvé !
gsgaiiu.exe trouvé !
gsgaiiu.dat trouvé !

* Dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Audrey\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Manuel\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 13/06/2009 à 11:58:19,02 ***

biloute · Answer

je voulais te demander aussi je sais plus trop mais je crois que je l'ai eu a partir d'un programme qu'il y a sur ma clé usb. dois je faire quelque chose avec cette clé usb?? et j'ai branché mon hdd multimedia sur le pc alors que le virus etait present dois je egalement faire quelque chose avec ce hdd? ce peut il que le virus soit aller dessus??

Destrio5 · Answer

On regardera après.

--> Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

biloute · Answer

Clean Navipromo version 3.7.7 commencé le 13/06/2009 à 13:03:12,09

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
BIOS : Award Modular BIOS v6.00PG
USER : Mélissa ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 080329-0] 4.8.1296 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:6 Go)
F:\ (CD or DVD)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\Audrey\locals~1\applic~1" * 

* Suppression dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" * 

* Suppression dans "C:\DOCUME~1\Manuel\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\Audrey\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\JACQUE~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\Manuel\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\Audrey\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\Manuel\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\M‚lissa.BARBANO-AUD-MEL\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


bqxfkh_navtmp.dat trouvé ! 
Copie bqxfkh_navtmp.dat réalisée avec succès !
bqxfkh_navtmp.dat supprimé !

gsgaiiu.exe trouvé ! 
Copie gsgaiiu.exe réalisée avec succès !
gsgaiiu.exe supprimé !

gsgaiiu.dat trouvé ! 
Copie gsgaiiu.dat réalisée avec succès !
gsgaiiu.dat supprimé !


* Dans "C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\Audrey\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\JACQUE~1\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\Manuel\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 13/06/2009 à 13:12:12,66 ***

Destrio5 · Answer

--> Désinstalle Navilog1.

--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

biloute · Answer

############################## [ UsbFix V3.031 ]

# User : Mélissa (Administrateurs) # BARBANO-AUD-MEL
# Update on 13/06/09 by Chiquitine29
# Start at: 13:45:40 | 13/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# AMD Athlon(tm) Processor
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 080329-0] 4.8.1296 [ Enabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,08 Go (6,56 Go free) [JACQUES] # NTFS
# D:\ # Disque fixe local # 298,01 Go (139,31 Go free) # FAT32
# E:\ # Disque amovible # 995,58 Mo (429,06 Mo free) [ICE_CREAM®] # FAT
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,77 Go (3,73 Go free) # FAT
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main:   "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:   "Start Page"="www.google.fr/" 
HKLM_logon:  "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon:  "DefaultUserName"="M‚lissa" 
HKLM_logon:  "AltDefaultUserName"="M‚lissa" 
HKLM_logon:  "LegalNoticeCaption"="" 
HKLM_logon:  "LegalNoticeText"="" 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
HKLM_Run:    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime 
HKCU_Run:    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit  
HKCU_Run:    SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe  
HKCU_Run:    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    RamBoostXp=C:\Program Files\RamBoost XPambxpfr.exe  

################## [ Fichiers # Dossiers infectieux ]

E:\autorun.inf # -> fichier appelé  : "E:\Setup.exe" ( Absent ! )  
Présent ! E:\autorun.inf  
G:\autorun.inf # -> fichier appelé  : "G:\Setup.exe" ( Présent ! )  
Présent ! G:\Setup.exe  
Présent ! G:\autorun.inf  

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{88b38cc3-478d-11de-b0d5-0050da11775f}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{88b38cc3-478d-11de-b0d5-0050da11775f}\Shell\open\Command  
HKCU\...\Explorer\MountPoints2\{f27803a0-af2c-11dd-b030-0050da11775f}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{f27803a0-af2c-11dd-b030-0050da11775f}\Shell\open\Command  

################## [ ! Fin du rapport # UsbFix V3.031 ! ]

Destrio5 · Answer

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix présent sur ton Bureau.

--> Choisis l'option 2 (Suppression).

--> Ton Bureau disparaîtra et le PC redémarrera.

--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

biloute · Answer

j'ai coller le doc mais le post ne veut pas se mettre sur la page et si je le remet il me dit qu'il est deja envoyé,
dsl pour le temps d'attente c'est un tout vieux pc que je viens de recuperer chez des amis et il lag a mort avec tout les trucs qu'il y a d'installer dessus. est ce que le probleme pour le post viens du pc?

biloute · Answer

############################## [ UsbFix V3.031 ]

# User : Mélissa (Administrateurs) # BARBANO-AUD-MEL
# Update on 13/06/09 by Chiquitine29
# Start at: 14:09:19 | 13/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# AMD Athlon(tm) Processor
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 080329-0] 4.8.1296 [ Enabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,08 Go (6,56 Go free) [JACQUES] # NTFS
# D:\ # Disque fixe local # 298,01 Go (139,31 Go free) # FAT32
# E:\ # Disque amovible # 995,58 Mo (429,06 Mo free) [ICE_CREAM®] # FAT
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,77 Go (3,73 Go free) # FAT
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

E:\autorun.inf # -> fichier appelé : "E:\Setup.exe" ( absent ! )  
Deleted ! E:\autorun.inf    
G:\autorun.inf # -> fichier appelé : "G:\Setup.exe" ( présent ! )  
Deleted ! -> G:\Setup.exe 
Deleted ! G:\autorun.inf    

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[07/06/2009 00:08|--a------|2] - C:\873102919
[03/02/2003 18:32|--a------|0] - C:\AILog.txt
[04/11/2005 17:40|---hs----|194] - C:\AUTOEXEC.BAK
[04/11/2005 17:40|--ah-----|194] - C:\AUTOEXEC.BAT
[30/07/2002 17:12|--a------|1837] - C:\bink_log.txt
[09/06/2009 16:33|---hs----|216] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[27/06/2004 14:51|---hs----|36816] - C:\BOOTLOG.PRV
[28/06/2004 00:58|---hs----|92675] - C:\BOOTLOG.TXT
[04/11/2005 17:39|---hs----|512] - C:\BOOTSECT.DOS
[17/04/2002 18:49|-rah-----|245792] - C:\CLASSES.1ST
[13/06/2009 13:12|--a------|3898] - C:\cleannavi.txt
[08/06/2000 19:00|---hs----|95024] - C:\command.com
[02/06/2005 21:45|--a------|1146] - C:\COMPATID.TXT
[04/11/2005 17:40|--a------|0] - C:\CONFIG.BAK
[04/11/2005 17:40|--a------|0] - C:\CONFIG.SYS
[17/04/2002 19:05|--a------|16] - C:\CTJINI.INI
[14/09/2002 19:53|--a------|44161] - C:\desinstall_fr.exe
[07/12/2004 13:51|---hs----|50693] - C:\DETLOG.OLD
[02/11/2005 14:45|---hs----|50277] - C:\DETLOG.TXT
[03/11/2005 21:30|--a------|22449] - C:\devicetable.log
[13/06/2009 11:58|--a------|3616] - C:\fixnavi.txt
[?|?|?] - C:\hiberfil.sys
[01/10/2003 20:40|--a------|1717] - C:\INSTALL.LOG
[08/06/2000 19:00|-rahs----|110592] - C:\io.sys
[24/08/2004 23:36|--a------|17] - C:\log.txt
[10/05/2003 15:01|--a------|46425720] - C:\Manuel.cm4
[15/10/2003 13:02|--a------|1019] - C:\mp3cache.mex
[17/04/2002 18:57|-rahs----|1660] - C:\MSDOS.SYS
[17/04/2002 19:00|---hs----|9104] - C:\NETLOG.TXT
[02/11/2005 18:49|--a------|1011] - C:\nrunonce.log
[05/08/2004 14:00|-rahs----|47564] - C:\ntdetect.com
[05/08/2004 14:00|-rahs----|251712] - C:\ntldr
[07/06/2009 00:06|--a------|61440] - C:\ntyqciwl.exe
[15/05/2004 20:09|--a------|82] - C:\OUT1.TXT
[?|?|?] - C:\pagefile.sys
[07/12/2005 13:22|--a------|13030] - C:\PDOXUSRS.NET
[14/09/2002 19:40|--a------|9120] - C:\readme.txt
[17/04/2002 18:42|--a------|3418] - C:\RECOVERY.LOG
[04/11/2005 01:25|--a------|704] - C:\SCANDISK.LOG
[25/08/2006 12:06|--a------|90] - C:\Setup.log
[02/11/2005 16:58|---hs----|229573] - C:\SETUPLOG.TXT
[25/04/2002 20:43|--a------|4153] - C:\SETUPXLG.TXT
[30/07/2002 17:12|--a------|198] - C:\sound_bank_log.txt
[09/02/2008 12:39|--ah-----|268] - C:\sqmdata00.sqm
[08/11/2008 12:37|--ah-----|232] - C:\sqmdata01.sqm
[17/12/2008 20:50|--ah-----|232] - C:\sqmdata02.sqm
[21/12/2008 17:24|--ah-----|232] - C:\sqmdata03.sqm
[08/01/2009 20:17|--ah-----|232] - C:\sqmdata04.sqm
[02/02/2009 10:30|--ah-----|232] - C:\sqmdata05.sqm
[03/02/2009 10:13|--ah-----|232] - C:\sqmdata06.sqm
[03/02/2009 10:20|--ah-----|232] - C:\sqmdata07.sqm
[21/02/2009 11:23|--ah-----|232] - C:\sqmdata08.sqm
[21/02/2009 11:32|--ah-----|232] - C:\sqmdata09.sqm
[21/02/2009 11:32|--ah-----|232] - C:\sqmdata10.sqm
[21/02/2009 11:33|--ah-----|232] - C:\sqmdata11.sqm
[21/02/2009 11:33|--ah-----|232] - C:\sqmdata12.sqm
[21/02/2009 11:34|--ah-----|232] - C:\sqmdata13.sqm
[07/03/2009 12:27|--ah-----|232] - C:\sqmdata14.sqm
[15/03/2009 12:50|--ah-----|232] - C:\sqmdata15.sqm
[09/02/2008 10:57|--ah-----|268] - C:\sqmdata16.sqm
[09/02/2008 11:06|--ah-----|268] - C:\sqmdata17.sqm
[09/02/2008 12:28|--ah-----|268] - C:\sqmdata18.sqm
[09/02/2008 12:36|--ah-----|268] - C:\sqmdata19.sqm
[09/02/2008 12:39|--ah-----|244] - C:\sqmnoopt00.sqm
[08/11/2008 12:37|--ah-----|244] - C:\sqmnoopt01.sqm
[17/12/2008 20:50|--ah-----|244] - C:\sqmnoopt02.sqm
[21/12/2008 17:24|--ah-----|244] - C:\sqmnoopt03.sqm
[08/01/2009 20:17|--ah-----|244] - C:\sqmnoopt04.sqm
[02/02/2009 10:30|--ah-----|244] - C:\sqmnoopt05.sqm
[03/02/2009 10:13|--ah-----|244] - C:\sqmnoopt06.sqm
[03/02/2009 10:20|--ah-----|244] - C:\sqmnoopt07.sqm
[21/02/2009 11:23|--ah-----|244] - C:\sqmnoopt08.sqm
[21/02/2009 11:32|--ah-----|244] - C:\sqmnoopt09.sqm
[21/02/2009 11:32|--ah-----|244] - C:\sqmnoopt10.sqm
[21/02/2009 11:33|--ah-----|244] - C:\sqmnoopt11.sqm
[21/02/2009 11:33|--ah-----|244] - C:\sqmnoopt12.sqm
[21/02/2009 11:34|--ah-----|244] - C:\sqmnoopt13.sqm
[07/03/2009 12:27|--ah-----|244] - C:\sqmnoopt14.sqm
[15/03/2009 12:50|--ah-----|244] - C:\sqmnoopt15.sqm
[09/02/2008 10:57|--ah-----|244] - C:\sqmnoopt16.sqm
[09/02/2008 11:06|--ah-----|244] - C:\sqmnoopt17.sqm
[09/02/2008 12:28|--ah-----|244] - C:\sqmnoopt18.sqm
[09/02/2008 12:36|--ah-----|244] - C:\sqmnoopt19.sqm
[01/03/2006 22:52|--a------|230432] - C:\StiImg.dat
[17/04/2002 18:49|---hs----|5166] - C:\SUHDLOG.DAT
[17/04/2002 18:49|---hs----|483360] - C:\SYSTEM.1ST
[14/03/2005 20:21|--a------|0] - C:\temp.html
[18/08/2002 14:41|--a------|2843] - C:\TIPS.TXT
[24/05/2001 14:59|--a------|162304] - C:\UNWISE.EXE
[13/06/2009 14:12|--a------|6929] - C:\UsbFix.txt
[23/09/2002 00:52|--a------|3832] - C:\wa3frlicence.txt
[04/11/2005 17:45|--a------|10169] - C:\whatsnew.txt
[19/07/2002 15:10|--a------|63] - C:\WINDOWSWinHlp32.BMK
[27/03/2005 20:21|--a------|39135970] - C:\xscan.txt
[27/05/2009 14:41|--a------|225859190] - E:\Cluedo Multilangue (Us It Fr De Es Nl Su) Crack No Cd.rar
[28/05/2009 03:25|--a------|12869] - E:\Cluedo OK crack nocd v2.zip
[28/05/2009 01:00|--a------|225921623] - E:\[PC GAME] - Cluedo 2005 + Crack (New).rar
[06/06/2009 23:22|--a------|41405892] - E:\Easy Recovery Prof. v6.03 + Crack - MULTILLENGUATGE - ok.rar
[07/06/2009 00:09|--a------|100319342] - E:\Ontrack Easy Recovery 7.8 Professional Retail Multilenguaje.rar
[23/05/2009 13:59|--a------|31647053] - G:\Avast.Antivirus.Pro.v4.8.1335.FR.Incl-Keygen.[emule-island.com].rar
[01/10/2008 12:34|--a------|1299975] - G:\wrar380fr.exe
[12/08/2008 03:27|--a------|229] - G:\Bienvenue sur eMule-Island !.url
[25/05/2009 23:15|--a------|7626192] - G:\Firefox Setup 3.0.10.exe

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.031 ! ]

biloute · Answer

############################## [ UsbFix V3.031 ]

# User : Mélissa (Administrateurs) # BARBANO-AUD-MEL
# Update on 13/06/09 by Chiquitine29
# Start at: 14:09:19 | 13/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# AMD Athlon(tm) Processor
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 080329-0] 4.8.1296 [ Enabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,08 Go (6,56 Go free) [JACQUES] # NTFS
# D:\ # Disque fixe local # 298,01 Go (139,31 Go free) # FAT32
# E:\ # Disque amovible # 995,58 Mo (429,06 Mo free) [ICE_CREAM®] # FAT
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,77 Go (3,73 Go free) # FAT
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

E:\autorun.inf # -> fichier appelé : "E:\Setup.exe" ( absent ! )  
Deleted ! E:\autorun.inf    
G:\autorun.inf # -> fichier appelé : "G:\Setup.exe" ( présent ! )  
Deleted ! -> G:\Setup.exe 
Deleted ! G:\autorun.inf    

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[07/06/2009 00:08|--a------|2] - C:\873102919
[03/02/2003 18:32|--a------|0] - C:\AILog.txt
[04/11/2005 17:40|---hs----|194] - C:\AUTOEXEC.BAK
[04/11/2005 17:40|--ah-----|194] - C:\AUTOEXEC.BAT
[30/07/2002 17:12|--a------|1837] - C:\bink_log.txt
[09/06/2009 16:33|---hs----|216] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[27/06/2004 14:51|---hs----|36816] - C:\BOOTLOG.PRV
[28/06/2004 00:58|---hs----|92675] - C:\BOOTLOG.TXT
[04/11/2005 17:39|---hs----|512] - C:\BOOTSECT.DOS
[17/04/2002 18:49|-rah-----|245792] - C:\CLASSES.1ST
[13/06/2009 13:12|--a------|3898] - C:\cleannavi.txt
[08/06/2000 19:00|---hs----|95024] - C:\command.com
[02/06/2005 21:45|--a------|1146] - C:\COMPATID.TXT
[04/11/2005 17:40|--a------|0] - C:\CONFIG.BAK
[04/11/2005 17:40|--a------|0] - C:\CONFIG.SYS
[17/04/2002 19:05|--a------|16] - C:\CTJINI.INI
[14/09/2002 19:53|--a------|44161] - C:\desinstall_fr.exe
[07/12/2004 13:51|---hs----|50693] - C:\DETLOG.OLD
[02/11/2005 14:45|---hs----|50277] - C:\DETLOG.TXT
[03/11/2005 21:30|--a------|22449] - C:\devicetable.log
[13/06/2009 11:58|--a------|3616] - C:\fixnavi.txt
[?|?|?] - C:\hiberfil.sys
[01/10/2003 20:40|--a------|1717] - C:\INSTALL.LOG
[08/06/2000 19:00|-rahs----|110592] - C:\io.sys
[24/08/2004 23:36|--a------|17] - C:\log.txt
[10/05/2003 15:01|--a------|46425720] - C:\Manuel.cm4
[15/10/2003 13:02|--a------|1019] - C:\mp3cache.mex
[17/04/2002 18:57|-rahs----|1660] - C:\MSDOS.SYS
[17/04/2002 19:00|---hs----|9104] - C:\NETLOG.TXT
[02/11/2005 18:49|--a------|1011] - C:\nrunonce.log
[05/08/2004 14:00|-rahs----|47564] - C:\ntdetect.com
[05/08/2004 14:00|-rahs----|251712] - C:\ntldr
[07/06/2009 00:06|--a------|61440] - C:\ntyqciwl.exe
[15/05/2004 20:09|--a------|82] - C:\OUT1.TXT
[?|?|?] - C:\pagefile.sys
[07/12/2005 13:22|--a------|13030] - C:\PDOXUSRS.NET
[14/09/2002 19:40|--a------|9120] - C:\readme.txt
[17/04/2002 18:42|--a------|3418] - C:\RECOVERY.LOG
[04/11/2005 01:25|--a------|704] - C:\SCANDISK.LOG
[25/08/2006 12:06|--a------|90] - C:\Setup.log
[02/11/2005 16:58|---hs----|229573] - C:\SETUPLOG.TXT
[25/04/2002 20:43|--a------|4153] - C:\SETUPXLG.TXT
[30/07/2002 17:12|--a------|198] - C:\sound_bank_log.txt
[09/02/2008 12:39|--ah-----|268] - C:\sqmdata00.sqm
[08/11/2008 12:37|--ah-----|232] - C:\sqmdata01.sqm
[17/12/2008 20:50|--ah-----|232] - C:\sqmdata02.sqm
[21/12/2008 17:24|--ah-----|232] - C:\sqmdata03.sqm
[08/01/2009 20:17|--ah-----|232] - C:\sqmdata04.sqm
[02/02/2009 10:30|--ah-----|232] - C:\sqmdata05.sqm
[03/02/2009 10:13|--ah-----|232] - C:\sqmdata06.sqm
[03/02/2009 10:20|--ah-----|232] - C:\sqmdata07.sqm
[21/02/2009 11:23|--ah-----|232] - C:\sqmdata08.sqm
[21/02/2009 11:32|--ah-----|232] - C:\sqmdata09.sqm
[21/02/2009 11:32|--ah-----|232] - C:\sqmdata10.sqm
[21/02/2009 11:33|--ah-----|232] - C:\sqmdata11.sqm
[21/02/2009 11:33|--ah-----|232] - C:\sqmdata12.sqm
[21/02/2009 11:34|--ah-----|232] - C:\sqmdata13.sqm
[07/03/2009 12:27|--ah-----|232] - C:\sqmdata14.sqm
[15/03/2009 12:50|--ah-----|232] - C:\sqmdata15.sqm
[09/02/2008 10:57|--ah-----|268] - C:\sqmdata16.sqm
[09/02/2008 11:06|--ah-----|268] - C:\sqmdata17.sqm
[09/02/2008 12:28|--ah-----|268] - C:\sqmdata18.sqm
[09/02/2008 12:36|--ah-----|268] - C:\sqmdata19.sqm
[09/02/2008 12:39|--ah-----|244] - C:\sqmnoopt00.sqm
[08/11/2008 12:37|--ah-----|244] - C:\sqmnoopt01.sqm
[17/12/2008 20:50|--ah-----|244] - C:\sqmnoopt02.sqm
[21/12/2008 17:24|--ah-----|244] - C:\sqmnoopt03.sqm
[08/01/2009 20:17|--ah-----|244] - C:\sqmnoopt04.sqm
[02/02/2009 10:30|--ah-----|244] - C:\sqmnoopt05.sqm
[03/02/2009 10:13|--ah-----|244] - C:\sqmnoopt06.sqm
[03/02/2009 10:20|--ah-----|244] - C:\sqmnoopt07.sqm
[21/02/2009 11:23|--ah-----|244] - C:\sqmnoopt08.sqm
[21/02/2009 11:32|--ah-----|244] - C:\sqmnoopt09.sqm
[21/02/2009 11:32|--ah-----|244] - C:\sqmnoopt10.sqm
[21/02/2009 11:33|--ah-----|244] - C:\sqmnoopt11.sqm
[21/02/2009 11:33|--ah-----|244] - C:\sqmnoopt12.sqm
[21/02/2009 11:34|--ah-----|244] - C:\sqmnoopt13.sqm
[07/03/2009 12:27|--ah-----|244] - C:\sqmnoopt14.sqm
[15/03/2009 12:50|--ah-----|244] - C:\sqmnoopt15.sqm
[09/02/2008 10:57|--ah-----|244] - C:\sqmnoopt16.sqm
[09/02/2008 11:06|--ah-----|244] - C:\sqmnoopt17.sqm
[09/02/2008 12:28|--ah-----|244] - C:\sqmnoopt18.sqm
[09/02/2008 12:36|--ah-----|244] - C:\sqmnoopt19.sqm
[01/03/2006 22:52|--a------|230432] - C:\StiImg.dat
[17/04/2002 18:49|---hs----|5166] - C:\SUHDLOG.DAT
[17/04/2002 18:49|---hs----|483360] - C:\SYSTEM.1ST
[14/03/2005 20:21|--a------|0] - C:\temp.html
[18/08/2002 14:41|--a------|2843] - C:\TIPS.TXT
[24/05/2001 14:59|--a------|162304] - C:\UNWISE.EXE
[13/06/2009 14:12|--a------|6929] - C:\UsbFix.txt
[23/09/2002 00:52|--a------|3832] - C:\wa3frlicence.txt
[04/11/2005 17:45|--a------|10169] - C:\whatsnew.txt
[19/07/2002 15:10|--a------|63] - C:\WINDOWSWinHlp32.BMK
[27/03/2005 20:21|--a------|39135970] - C:\xscan.txt
[27/05/2009 14:41|--a------|225859190] - E:\Cluedo Multilangue (Us It Fr De Es Nl Su) Crack No Cd.rar
[28/05/2009 03:25|--a------|12869] - E:\Cluedo OK crack nocd v2.zip
[28/05/2009 01:00|--a------|225921623] - E:\[PC GAME] - Cluedo 2005 + Crack (New).rar
[06/06/2009 23:22|--a------|41405892] - E:\Easy Recovery Prof. v6.03 + Crack - MULTILLENGUATGE - ok.rar
[07/06/2009 00:09|--a------|100319342] - E:\Ontrack Easy Recovery 7.8 Professional Retail Multilenguaje.rar
[23/05/2009 13:59|--a------|31647053] - G:\Avast.Antivirus.Pro.v4.8.1335.FR.Incl-Keygen.[emule-island.com].rar
[01/10/2008 12:34|--a------|1299975] - G:\wrar380fr.exe
[12/08/2008 03:27|--a------|229] - G:\Bienvenue sur eMule-Island !.url
[25/05/2009 23:15|--a------|7626192] - G:\Firefox Setup 3.0.10.exe

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.031 ! ]

Destrio5 · Answer

--> Désinstalle UsbFix.

--> Refais un scan RSIT et poste le rapport log.

biloute · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mélissa at 2009-06-13 14:46:33
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 383 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:01, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Mélissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224322438772&h=b7a1afa4ee94a7f089909f6a12580e6e/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Destrio5 · Answer

&#9679; Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

&#9679; Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
&#9679; Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
&#9679; Au menu principal, choisis l'option L.
&#9679; Poste le rapport généré (C:\Ad-Report-(date).log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

biloute · Answer

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_H | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 11/06/2009 à 3:50 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:54:17, 13/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 2 v5.1.2600
Nom du PC: BARBANO-AUD-MEL | Utilisateur actuel: M‚lissa
.
Administrateur: Administrateur 
N'est pas administrateur: HelpAssistant *Desactive* 
N'est pas administrateur: Invité *Desactive* 
Administrateur: Mélissa 
N'est pas administrateur: SUPPORT_388945a0 *Desactive* 
. 
============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== 
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Poker 770
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
HKLM\Software\Poker 770
.
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770\Poker 770.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770\Uninstall Poker 770.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\cache 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\ConfMedia.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\ConfMedia.cyp.old 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoStats 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\host.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\user.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\db\cat.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\config.xml 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\userConfig.xml 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoStats\eoStats.txt 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_difficile_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_difficile_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_facile_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_facile_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_moyen_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_moyen_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\backgroundreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo 
C:\Program Files\Everest Poker\casino.exe 
C:\Program Files\Everest Poker\cstart-tmp.exe 
C:\Program Files\Everest Poker\cstart.exe 
C:\Program Files\Everest Poker\data 
C:\Program Files\Everest Poker\Everest Poker.exe 
C:\Program Files\Everest Poker\gvbase.dll 
C:\Program Files\Everest Poker\gvcrt.dll 
C:\Program Files\Everest Poker\gvgfx-dib.dll 
C:\Program Files\Everest Poker\gvgfx.dll 
C:\Program Files\Everest Poker\gvmain.dll 
C:\Program Files\Everest Poker\gvmain.exe 
C:\Program Files\Everest Poker\gvnetwork.dll 
C:\Program Files\Everest Poker\gvsound.dll 
C:\Program Files\Everest Poker\history 
C:\Program Files\Everest Poker\init.ini 
C:\Program Files\Everest Poker\log.dat 
C:\Program Files\Everest Poker
otes 
C:\Program Files\Everest Poker\settings.ini 
C:\Program Files\Everest Poker	oc_fr.ini 
C:\Program Files\Everest Poker\var 
C:\Program Files\Everest Poker\data\fonts 
C:\Program Files\Everest Poker\data\mp-lobby 
C:\Program Files\Everest Poker\data\mp-poker 
C:\Program Files\Everest Poker\data\shared 
C:\Program Files\Everest Poker\data\startup 
C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf 
C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt 
C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background 
C:\Program Files\Everest Poker\data\mp-poker\fr 
C:\Program Files\Everest Poker\data\mp-poker\shared.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background\med.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt 
C:\Program Files\Everest Poker\data\shared\fr 
C:\Program Files\Everest Poker\data\shared\shared 
C:\Program Files\Everest Poker\data\shared\fr\country.txt 
C:\Program Files\Everest Poker\data\shared\fr\language.txt 
C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps 
C:\Program Files\Everest Poker\data\shared\shared\sounds 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art 
C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg 
C:\Program Files\Everest Poker\data\startup\en 
C:\Program Files\Everest Poker\data\startup\fr 
C:\Program Files\Everest Poker\data\startup\shared 
C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\fr\cstart.txt 
C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps 
C:\Program Files\Everest Poker\data\startup\shared\icons 
C:\Program Files\Everest Poker\data\startup\shared\sounds 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art 
C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico 
C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg 
C:\Program Files\Everest Poker\history\10.txt 
C:\Program Files\Everest Poker\history\100.txt 
C:\Program Files\Everest Poker\history\101.txt 
C:\Program Files\Everest Poker\history\102.txt 
C:\Program Files\Everest Poker\history\103.txt 
C:\Program Files\Everest Poker\history\104.txt 
C:\Program Files\Everest Poker\history\105.txt 
C:\Program Files\Everest Poker\history\106.txt 
C:\Program Files\Everest Poker\history\107.txt 
C:\Program Files\Everest Poker\history\108.txt 
C:\Program Files\Everest Poker\history\109.txt 
C:\Program Files\Everest Poker\history\11.txt 
C:\Program Files\Everest Poker\history\110.txt 
C:\Program Files\Everest Poker\history\111.txt 
C:\Program Files\Everest Poker\history\112.txt 
C:\Program Files\Everest Poker\history\113.txt 
C:\Program Files\Everest Poker\history\114.txt 
C:\Program Files\Everest Poker\history\115.txt 
C:\Program Files\Everest Poker\history\116.txt 
C:\Program Files\Everest Poker\history\117.txt 
C:\Program Files\Everest Poker\history\118.txt 
C:\Program Files\Everest Poker\history\119.txt 
C:\Program Files\Everest Poker\history\12.txt 
C:\Program Files\Everest Poker\history\120.txt 
C:\Program Files\Everest Poker\history\121.txt 
C:\Program Files\Everest Poker\history\124.txt 
C:\Program Files\Everest Poker\history\125.txt 
C:\Program Files\Everest Poker\history\13.txt 
C:\Program Files\Everest Poker\history\14.txt 
C:\Program Files\Everest Poker\history\15.txt 
C:\Program Files\Everest Poker\history\16.txt 
C:\Program Files\Everest Poker\history\17.txt 
C:\Program Files\Everest Poker\history\18.txt 
C:\Program Files\Everest Poker\history\19.txt 
C:\Program Files\Everest Poker\history\20.txt 
C:\Program Files\Everest Poker\history\21.txt 
C:\Program Files\Everest Poker\history\22.txt 
C:\Program Files\Everest Poker\history\23.txt 
C:\Program Files\Everest Poker\history\24.txt 
C:\Program Files\Everest Poker\history\25.txt 
C:\Program Files\Everest Poker\history\26.txt 
C:\Program Files\Everest Poker\history\27.txt 
C:\Program Files\Everest Poker\history\28.txt 
C:\Program Files\Everest Poker\history\29.txt 
C:\Program Files\Everest Poker\history\3.txt 
C:\Program Files\Everest Poker\history\30.txt 
C:\Program Files\Everest Poker\history\31.txt 
C:\Program Files\Everest Poker\history\32.txt 
C:\Program Files\Everest Poker\history\33.txt 
C:\Program Files\Everest Poker\history\34.txt 
C:\Program Files\Everest Poker\history\35.txt 
C:\Program Files\Everest Poker\history\36.txt 
C:\Program Files\Everest Poker\history\37.txt 
C:\Program Files\Everest Poker\history\38.txt 
C:\Program Files\Everest Poker\history\39.txt 
C:\Program Files\Everest Poker\history\4.txt 
C:\Program Files\Everest Poker\history\40.txt 
C:\Program Files\Everest Poker\history\41.txt 
C:\Program Files\Everest Poker\history\42.txt 
C:\Program Files\Everest Poker\history\43.txt 
C:\Program Files\Everest Poker\history\44.txt 
C:\Program Files\Everest Poker\history\45.txt 
C:\Program Files\Everest Poker\history\46.txt 
C:\Program Files\Everest Poker\history\47.txt 
C:\Program Files\Everest Poker\history\48.txt 
C:\Program Files\Everest Poker\history\49.txt 
C:\Program Files\Everest Poker\history\5.txt 
C:\Program Files\Everest Poker\history\50.txt 
C:\Program Files\Everest Poker\history\51.txt 
C:\Program Files\Everest Poker\history\52.txt 
C:\Program Files\Everest Poker\history\53.txt 
C:\Program Files\Everest Poker\history\54.txt 
C:\Program Files\Everest Poker\history\55.txt 
C:\Program Files\Everest Poker\history\56.txt 
C:\Program Files\Everest Poker\history\57.txt 
C:\Program Files\Everest Poker\history\58.txt 
C:\Program Files\Everest Poker\history\6.txt 
C:\Program Files\Everest Poker\history\60.txt 
C:\Program Files\Everest Poker\history\61.txt 
C:\Program Files\Everest Poker\history\62.txt 
C:\Program Files\Everest Poker\history\64.txt 
C:\Program Files\Everest Poker\history\65.txt 
C:\Program Files\Everest Poker\history\66.txt 
C:\Program Files\Everest Poker\history\67.txt 
C:\Program Files\Everest Poker\history\68.txt 
C:\Program Files\Everest Poker\history\69.txt 
C:\Program Files\Everest Poker\history\7.txt 
C:\Program Files\Everest Poker\history\70.txt 
C:\Program Files\Everest Poker\history\71.txt 
C:\Program Files\Everest Poker\history\72.txt 
C:\Program Files\Everest Poker\history\73.txt 
C:\Program Files\Everest Poker\history\74.txt 
C:\Program Files\Everest Poker\history\75.txt 
C:\Program Files\Everest Poker\history\77.txt 
C:\Program Files\Everest Poker\history\78.txt 
C:\Program Files\Everest Poker\history\79.txt 
C:\Program Files\Everest Poker\history\8.txt 
C:\Program Files\Everest Poker\history\80.txt 
C:\Program Files\Everest Poker\history\81.txt 
C:\Program Files\Everest Poker\history\82.txt 
C:\Program Files\Everest Poker\history\83.txt 
C:\Program Files\Everest Poker\history\84.txt 
C:\Program Files\Everest Poker\history\85.txt 
C:\Program Files\Everest Poker\history\86.txt 
C:\Program Files\Everest Poker\history\87.txt 
C:\Program Files\Everest Poker\history\88.txt 
C:\Program Files\Everest Poker\history\89.txt 
C:\Program Files\Everest Poker\history\9.txt 
C:\Program Files\Everest Poker\history\90.txt 
C:\Program Files\Everest Poker\history\91.txt 
C:\Program Files\Everest Poker\history\93.txt 
C:\Program Files\Everest Poker\history\94.txt 
C:\Program Files\Everest Poker\history\96.txt 
C:\Program Files\Everest Poker\history\97.txt 
C:\Program Files\Everest Poker\history\98.txt 
C:\Program Files\Everest Poker\history\99.txt 
C:\Program Files\Everest Poker
otes\Player-ice_cream57 
C:\Program Files\Everest Poker
otes\Player-ice_cream57\Opponent-MG1950.xpn 
C:\Program Files\Everest Poker\var\content-fr.dat 
C:\Program Files\Everest Poker 
C:\Poker\Poker 770\cactivex.dll 
C:\Poker\Poker 770\casino.cli 
C:\Poker\Poker 770\casino.exe 
C:\Poker\Poker 770\casino.hlp 
C:\Poker\Poker 770\casino.ico 
C:\Poker\Poker 770\data 
C:\Poker\Poker 770\directsounddriver.dll 
C:\Poker\Poker 770\fileinfo.dat 
C:\Poker\Poker 770\fileinfo2.dat 
C:\Poker\Poker 770\fileinfo2r.dat 
C:\Poker\Poker 770\gdigraphdriver.dll 
C:\Poker\Poker 770\History 
C:\Poker\Poker 770\icecream57.pbn 
C:\Poker\Poker 770\ptsetup.lang 
C:\Poker\Poker 770\ptsetup.log 
C:\Poker\Poker 770eplace.exe 
C:\Poker\Poker 770\unicows.dll 
C:\Poker\Poker 770\_SetupCasino.exe 
C:\Poker\Poker 770\data\blackjack 
C:\Poker\Poker 770\data\blackjack.dll 
C:\Poker\Poker 770\data\blackjack.gam 
C:\Poker\Poker 770\data\cashier.dll 
C:\Poker\Poker 770\data\cashier.gam 
C:\Poker\Poker 770\data\casinowar 
C:\Poker\Poker 770\data\casinowar.dll 
C:\Poker\Poker 770\data\casinowar.gam 
C:\Poker\Poker 770\data\common.dll 
C:\Poker\Poker 770\data\common.gam 
C:\Poker\Poker 770\data\craps 
C:\Poker\Poker 770\data\craps.dll 
C:\Poker\Poker 770\data\craps.gam 
C:\Poker\Poker 770\data\keno 
C:\Poker\Poker 770\data\keno.dll 
C:\Poker\Poker 770\data\keno.gam 
C:\Poker\Poker 770\data\loader.dll 
C:\Poker\Poker 770\data\loader.gam 
C:\Poker\Poker 770\data\lobby 
C:\Poker\Poker 770\data\pokergames.dll 
C:\Poker\Poker 770\data\poker_caribbean 
C:\Poker\Poker 770\data\poker_caribbean.gam 
C:\Poker\Poker 770\data\poker_common.dll 
C:\Poker\Poker 770\data\poker_common.gam 
C:\Poker\Poker 770\data\poker_holdem 
C:\Poker\Poker 770\data\poker_holdem.gam 
C:\Poker\Poker 770\data\poker_lobby.dll 
C:\Poker\Poker 770\data\poker_lobby.gam 
C:\Poker\Poker 770\data\poker_table.dll 
C:\Poker\Poker 770\dataoulette 
C:\Poker\Poker 770\dataoulette.dll 
C:\Poker\Poker 770\dataoulette.gam 
C:\Poker\Poker 770\data\shared 
C:\Poker\Poker 770\data\slotmachines.dll 
C:\Poker\Poker 770\data\slots_bonusbears25line 
C:\Poker\Poker 770\data\slots_bonusbears25line.gam 
C:\Poker\Poker 770\data\slots_cinerama5reel 
C:\Poker\Poker 770\data\slots_cinerama5reel.gam 
C:\Poker\Poker 770\data\slots_desert20line 
C:\Poker\Poker 770\data\slots_desert20line.gam 
C:\Poker\Poker 770\data\slots_forestofwonders25line 
C:\Poker\Poker 770\data\slots_forestofwonders25line.gam 
C:\Poker\Poker 770\data\slots_gold8line 
C:\Poker\Poker 770\data\slots_gold8line.gam 
C:\Poker\Poker 770\data\slots_lotto20line 
C:\Poker\Poker 770\data\slots_lotto20line.gam 
C:\Poker\Poker 770\data\slots_lovemore20line 
C:\Poker\Poker 770\data\slots_lovemore20line.gam 
C:\Poker\Poker 770\data\slots_silentsamurai9line 
C:\Poker\Poker 770\data\slots_silentsamurai9line.gam 
C:\Poker\Poker 770\data\slots_wildspirit20line 
C:\Poker\Poker 770\data\slots_wildspirit20line.gam 
C:\Poker\Poker 770\data\smallview.gam 
C:\Poker\Poker 770\data	able 
C:\Poker\Poker 770\data	opview.gam 
C:\Poker\Poker 770\data\videopokers.dll 
C:\Poker\Poker 770\data\videopoker_4aces 
C:\Poker\Poker 770\data\videopoker_4aces.gam 
C:\Poker\Poker 770\data\videopoker_4jacks 
C:\Poker\Poker 770\data\videopoker_4jacks.gam 
C:\Poker\Poker 770\data\videopoker_jacks 
C:\Poker\Poker 770\data\videopoker_jacks.gam 
C:\Poker\Poker 770\data\videopoker_joker 
C:\Poker\Poker 770\data\videopoker_joker.gam 
C:\Poker\Poker 770\data\blackjack\back.jpg 
C:\Poker\Poker 770\data\blackjack\blackjack_winsign.jpg 
C:\Poker\Poker 770\data\blackjack	exture.jpg 
C:\Poker\Poker 770\data\casinowar\back.jpg 
C:\Poker\Poker 770\data\casinowar\casinowar.lws 
C:\Poker\Poker 770\data\casinowar	exture.jpg 
C:\Poker\Poker 770\data\craps\3d 
C:\Poker\Poker 770\data\craps\back.jpg 
C:\Poker\Poker 770\data\craps\coins.png 
C:\Poker\Poker 770\data\craps\3d\back.z 
C:\Poker\Poker 770\data\craps\3d\dice.lwo 
C:\Poker\Poker 770\data\craps\3d\dice.lws 
C:\Poker\Poker 770\data\craps\3d\dice.png 
C:\Poker\Poker 770\data\keno\3d 
C:\Poker\Poker 770\data\keno\back.jpg 
C:\Poker\Poker 770\data\keno\buttons 
C:\Poker\Poker 770\data\keno\selected.png 
C:\Poker\Poker 770\data\keno\sounds 
C:\Poker\Poker 770\data\keno\star-alpha.jpg 
C:\Poker\Poker 770\data\keno\star.jpg 
C:\Poker\Poker 770\data\keno\wheel_empty.jpg 
C:\Poker\Poker 770\data\keno\wheel_full.jpg 
C:\Poker\Poker 770\data\keno\3d\bet.sl2 
C:\Poker\Poker 770\data\keno\buttons\buttons-alpha.jpg 
C:\Poker\Poker 770\data\keno\buttons\buttons.jpg 
C:\Poker\Poker 770\data\keno\sounds\hitone.mp3 
C:\Poker\Poker 770\data\keno\sounds\selectsound.mp3 
C:\Poker\Poker 770\data\keno\sounds\wheel.mp3 
C:\Poker\Poker 770\data\lobby\asian_view_stakes_back.png 
C:\Poker\Poker 770\data\lobby\back.jpg 
C:\Poker\Poker 770\data\lobby\buttons 
C:\Poker\Poker 770\data\lobby\dialogs 
C:\Poker\Poker 770\data\lobby\filtering_tab-alpha.jpg 
C:\Poker\Poker 770\data\lobby\filtering_tab.jpg 
C:\Poker\Poker 770\data\lobby\filter_text.png 
C:\Poker\Poker 770\data\lobby\info_headers.png 
C:\Poker\Poker 770\data\lobby\loading_info.jpg 
C:\Poker\Poker 770\data\lobby\login 
C:\Poker\Poker 770\data\lobby\mc_text.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_back.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_buttons.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_close.jpg 
C:\Poker\Poker 770\data\lobby\sidegames 
C:\Poker\Poker 770\data\lobby	ables 
C:\Poker\Poker 770\data\lobby	reeview_down.bmp 
C:\Poker\Poker 770\data\lobby	reeview_minus.bmp 
C:\Poker\Poker 770\data\lobby	reeview_plus.bmp 
C:\Poker\Poker 770\data\lobby	reeview_right.bmp 
C:\Poker\Poker 770\data\lobby\waitinglist 
C:\Poker\Poker 770\data\lobby\buttons\cashier_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\cashier_buttons.jpg 
C:\Poker\Poker 770\data\lobby\buttons\contactus-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\contactus.jpg 
C:\Poker\Poker 770\data\lobby\buttons\goto_tournament-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\goto_tournament.jpg 
C:\Poker\Poker 770\data\lobby\buttons\jointable-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\jointable.jpg 
C:\Poker\Poker 770\data\lobby\buttons\players_waiting.jpg 
C:\Poker\Poker 770\data\lobby\buttons\search-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\search.jpg 
C:\Poker\Poker 770\data\lobby\buttons	reeview_menu.jpg 
C:\Poker\Poker 770\data\lobby\buttons\waitinglist_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\waitinglist_buttons.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\close.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_back.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_back3.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_big_headers.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_headers.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\gotothenexttournament-alpha.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\gotothenexttournament.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\header.jpg 
C:\Poker\Poker 770\data\lobby\dialogs
ickname.jpg 
C:\Poker\Poker 770\data\lobby\dialogs	ournament_registration.jpg 
C:\Poker\Poker 770\data\lobby\dialogs	our_details_row.jpg 
C:\Poker\Poker 770\data\lobby\login\back.jpg 
C:\Poker\Poker 770\data\lobby\login\checkbox.png 
C:\Poker\Poker 770\data\lobby\login\checkboxes.jpg 
C:\Poker\Poker 770\data\lobby\login\createaccount-alpha.jpg 
C:\Poker\Poker 770\data\lobby\login\createaccount.jpg 
C:\Poker\Poker 770\data\lobby\login\dont_have_an_account.jpg 
C:\Poker\Poker 770\data\lobby\login\login-alpha.jpg 
C:\Poker\Poker 770\data\lobby\login\login.jpg 
C:\Poker\Poker 770\data\lobby\login\logininfo.jpg 
C:\Poker\Poker 770\data\lobby\login
ickname.png 
C:\Poker\Poker 770\data\lobby\sidegames\sidegames-alpha.jpg 
C:\Poker\Poker 770\data\lobby\sidegames\sidegames.jpg 
C:\Poker\Poker 770\data\lobby	ables\hide_finished.jpg 
C:\Poker\Poker 770\data\lobby	ables\hide_finished_cover.jpg 
C:\Poker\Poker 770\data\lobby	ables\lobby_table_rows.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons_h.jpg 
C:\Poker\Poker 770\data\lobby	ables\scroll_indicator.jpg 
C:\Poker\Poker 770\data\lobby	ables\scroll_indicator_h.jpg 
C:\Poker\Poker 770\data\lobby	ables\searchtop.jpg 
C:\Poker\Poker 770\data\lobby	ables	ables_back-alpha.jpg 
C:\Poker\Poker 770\data\lobby	ables	ables_back.jpg 
C:\Poker\Poker 770\data\lobby	ables	op.jpg 
C:\Poker\Poker 770\data\lobby\waitinglist
um_chooser.jpg 
C:\Poker\Poker 770\data\poker_caribbean	exture.jpg 
C:\Poker\Poker 770\data\poker_holdem\arrows.png 
C:\Poker\Poker 770\data\poker_holdem\back.jpg 
C:\Poker\Poker 770\dataoulette\3d 
C:\Poker\Poker 770\dataoulette\back.jpg 
C:\Poker\Poker 770\dataoulette\ball.png 
C:\Poker\Poker 770\dataoulette\buttons 
C:\Poker\Poker 770\dataoulette\marker-alpha.jpg 
C:\Poker\Poker 770\dataoulette\marker.jpg 
C:\Poker\Poker 770\dataoulette\marker.png 
C:\Poker\Poker 770\dataoulette\sounds 
C:\Poker\Poker 770\dataoulette\zoom 
C:\Poker\Poker 770\dataoulette\3d\back.z 
C:\Poker\Poker 770\dataoulette\3d\ball.bmp 
C:\Poker\Poker 770\dataoulette\3d\ball.lwo 
C:\Poker\Poker 770\dataoulette\3d\disc.lwo 
C:\Poker\Poker 770\dataoulette\3d\disk.jpg 
C:\Poker\Poker 770\dataoulette\3doulette.lws 
C:\Poker\Poker 770\dataoulette\3d	urret.cfs 
C:\Poker\Poker 770\dataoulette\buttons\allcoins1_selected.png 
C:\Poker\Poker 770\dataoulette\soundsoulettespin.mp3 
C:\Poker\Poker 770\dataoulette\soundsoulettestop.mp3 
C:\Poker\Poker 770\dataoulette\zoom\zoomanim.jpg 
C:\Poker\Poker 770\dataoulette\zoom\zoomstill.jpg 
C:\Poker\Poker 770\data\shared\3d 
C:\Poker\Poker 770\data\shared\9line 
C:\Poker\Poker 770\data\shared\arrow_3d_down.png 
C:\Poker\Poker 770\data\shared\black100x100.png 
C:\Poker\Poker 770\data\shared\blackjack 
C:\Poker\Poker 770\data\shared\bubble.png 
C:\Poker\Poker 770\data\shared\bubble_lobby-alpha.jpg 
C:\Poker\Poker 770\data\shared\bubble_lobby.jpg 
C:\Poker\Poker 770\data\shared\buttons 
C:\Poker\Poker 770\data\shared\cards 
C:\Poker\Poker 770\data\shared\coins 
C:\Poker\Poker 770\data\shared\dollarball 
C:\Poker\Poker 770\data\shared\doublescreen 
C:\Poker\Poker 770\data\shared\fonts 
C:\Poker\Poker 770\data\shared\history 
C:\Poker\Poker 770\data\shared\html 
C:\Poker\Poker 770\data\shared\interface 
C:\Poker\Poker 770\data\shared\jackpot-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot.jpg 
C:\Poker\Poker 770\data\shared\jackpot_anim-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot_anim.jpg 
C:\Poker\Poker 770\data\shared\jackpot_txt-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot_txt.jpg 
C:\Poker\Poker 770\data\shared\loading.png 
C:\Poker\Poker 770\data\shared\loading_anim.png 
C:\Poker\Poker 770\data\shared\mobile_anim.png 
C:\Poker\Poker 770\data\shared
ametag.jpg 
C:\Poker\Poker 770\data\shared
ametag_long.jpg 
C:\Poker\Poker 770\data\shared\options 
C:\Poker\Poker 770\data\shared\progcover.png 
C:\Poker\Poker 770\data\shared\sides.jpg 
C:\Poker\Poker 770\data\shared\slots 
C:\Poker\Poker 770\data\shared\sounds 
C:\Poker\Poker 770\data\shared	ablegames 
C:\Poker\Poker 770\data\shared	ablesigns 
C:\Poker\Poker 770\data\shared\ui 
C:\Poker\Poker 770\data\shared\videopoker_4line 
C:\Poker\Poker 770\data\shared\videopoker_jacks 
C:\Poker\Poker 770\data\shared\3d\chrome.png 
C:\Poker\Poker 770\data\shared\9line\buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\9line\buttons.jpg 
C:\Poker\Poker 770\data\shared\9line\payline123.png 
C:\Poker\Poker 770\data\shared\9line\payline456789.png 
C:\Poker\Poker 770\data\shared\blackjack\blackjack.lws 
C:\Poker\Poker 770\data\shared\buttons\allbuttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\allbuttons-over.jpg 
C:\Poker\Poker 770\data\shared\buttons\allbuttons.jpg 
C:\Poker\Poker 770\data\shared\buttons\buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\buttons.jpg 
C:\Poker\Poker 770\data\shared\buttons\info_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\info_button.jpg 
C:\Poker\Poker 770\data\shared\cards\back.z 
C:\Poker\Poker 770\data\shared\cards\cardhq.lwo 
C:\Poker\Poker 770\data\shared\cards\cardlq.lwo 
C:\Poker\Poker 770\data\shared\cards\cards.lws 
C:\Poker\Poker 770\data\shared\cards\cards_small-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\cards_small.jpg 
C:\Poker\Poker 770\data\shared\cards\card_doubleup-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\card_doubleup.jpg 
C:\Poker\Poker 770\data\shared\cards\poker 
C:\Poker\Poker 770\data\shared\cards	extures 
C:\Poker\Poker 770\data\shared\cards\poker\allcards-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\poker\allcards.jpg 
C:\Poker\Poker 770\data\shared\cards\poker\back.bmp 
C:\Poker\Poker 770\data\shared\cards\poker\joker.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\allcards.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\allcards_xl.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\back.bmp 
C:\Poker\Poker 770\data\shared\cards	extures\joker.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_coins-alpha.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_coins.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_selected.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_coins-alpha.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_coins.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_selected.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins4_coins.jpg 
C:\Poker\Poker 770\data\shared\dollarball\activate.jpg 
C:\Poker\Poker 770\data\shared\dollarball\ball.png 
C:\Poker\Poker 770\data\shared\dollarball\button_disable-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_disable.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable_mid-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable_mid.jpg 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_big.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_big_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_mid.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_mid_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\enable_big_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\enable_big_button.jpg 
C:\Poker\Poker 770\data\shared\dollarballandom_pick1-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarballandom_pick1.jpg 
C:\Poker\Poker 770\data\shared\dollarballesult_win.png 
C:\Poker\Poker 770\data\shared\dollarballesult_win_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\selected_box.jpg 
C:\Poker\Poker 770\data\shared\dollarball\selection_win.png 
C:\Poker\Poker 770\data\shared\dollarball\sidebet_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\sidebet_button.jpg 
C:\Poker\Poker 770\data\shared\dollarball\sounds 
C:\Poker\Poker 770\data\shared\dollarball\win-over.jpg 
C:\Poker\Poker 770\data\shared\dollarball\soundseelstop_sidebet.mp3 
C:\Poker\Poker 770\data\shared\doublescreen\back.png 
C:\Poker\Poker 770\data\shared\doublescreen\buttons_screen-alpha.jpg 
C:\Poker\Poker 770\data\shared\doublescreen\buttons_screen.jpg 
C:\Poker\Poker 770\data\shared\fonts\arial10.fon 
C:\Poker\Poker 770\data\shared\fonts\blackchancery90.fon 
C:\Poker\Poker 770\data\shared\fonts\boink_let_23.fon 
C:\Poker\Poker 770\data\shared\fonts\boink_let_32.fon 
C:\Poker\Poker 770\data\shared\fonts\futurabdcnbt_24.fon 
C:\Poker\Poker 770\data\shared\fonts\helveticaneueboldcond_60.fon 
C:\Poker\Poker 770\data\shared\fonts\helvetica_nbc18.fon 
C:\Poker\Poker 770\data\shared\fonts\impact_19.fon 
C:\Poker\Poker 770\data\shared\fonts\kabelbd.fon 
C:\Poker\Poker 770\data\shared\fonts\kabelultbt.fon 
C:\Poker\Poker 770\data\shared\fonts\lcd2_17.fon 
C:\Poker\Poker 770\data\shared\fonts\serifabdcnbt.fon 
C:\Poker\Poker 770\data\shared\fonts\square721bdexbt.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt16.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt49.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721mdbt25.fon 
C:\Poker\Poker 770\data\shared\fonts\swiss911xcmbt.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma10b.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma7.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8b.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8_.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma_ap.fon 
C:\Poker\Poker 770\data\shared\fonts	imes32.fon 
C:\Poker\Poker 770\data\shared\history\cards 
C:\Poker\Poker 770\data\shared\history\cards\allcards.jpg 
C:\Poker\Poker 770\data\shared\history\cards\allcards7stud-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\allcards7stud.jpg 
C:\Poker\Poker 770\data\shared\history\cards\card-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\card7stud-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\joker.jpg 
C:\Poker\Poker 770\data\shared\history\cards\joker7stud.jpg 
C:\Poker\Poker 770\data\shared\html\bg.jpg 
C:\Poker\Poker 770\data\shared\html\button_left.gif 
C:\Poker\Poker 770\data\shared\html\button_middle.gif 
C:\Poker\Poker 770\data\shared\html\button_right.gif 
C:\Poker\Poker 770\data\shared\html\cashier_offline.css 
C:\Poker\Poker 770\data\shared\html\cashier_offline.js 
C:\Poker\Poker 770\data\shared\html\cashier_offline_functions.js 
C:\Poker\Poker 770\data\shared\html\cashier_offline_poker.html 
C:\Poker\Poker 770\data\shared\html\chat 
C:\Poker\Poker 770\data\shared\html\details_desc_back.jpg 
C:\Poker\Poker 770\data\shared\html\details_desc_back2.jpg 
C:\Poker\Poker 770\data\shared\html\icon_comps.gif 
C:\Poker\Poker 770\data\shared\html\icon_transactionhistory.gif 
C:\Poker\Poker 770\data\shared\html\icon_withdraw.gif 
C:\Poker\Poker 770\data\shared\html\logo_offline_cashier.gif 
C:\Poker\Poker 770\data\shared\html\spacer.gif 
C:\Poker\Poker 770\data\shared\html\chat\chat.html 
C:\Poker\Poker 770\data\shared\html\chat\colors.html 
C:\Poker\Poker 770\data\shared\html\chat\edit.html 
C:\Poker\Poker 770\data\shared\html\chat\emoticons 
C:\Poker\Poker 770\data\shared\html\chat\emoticons.html 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\01.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\02.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\03.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\04.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\05.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\06.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\07.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\08.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\09.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\10.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\11.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\12.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\13.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\14.gif 
C:\Poker\Poker 770\data\shared\interface\aplay_advanced.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_arrow-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_arrow.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_buttons.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_check-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_check.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_delay.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_mode.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_ribbon.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_simple.jpg 
C:\Poker\Poker 770\data\shared\interface\bottom_ribbon-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\bottom_ribbon.jpg 
C:\Poker\Poker 770\data\shared\interface\chat 
C:\Poker\Poker 770\data\shared\interface\chat-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\chat.jpg 
C:\Poker\Poker 770\data\shared\interface\empty-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\empty.jpg 
C:\Poker\Poker 770\data\shared\interface\ipoker-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\ipoker.jpg 
C:\Poker\Poker 770\data\shared\interface\logo-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\logo.jpg 
C:\Poker\Poker 770\data\shared\interface\logo_cover.jpg 
C:\Poker\Poker 770\data\shared\interface\menu-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\menu.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_back-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_back.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_book.png 
C:\Poker\Poker 770\data\shared\interface\mobile_check.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_close.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_txt-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_txt.jpg 
C:\Poker\Poker 770\data\shared\interface\onlinestatus.jpg 
C:\Poker\Poker 770\data\shared\interface\padlock.png 
C:\Poker\Poker 770\data\shared\interface\playtech-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\playtech.jpg 
C:\Poker\Poker 770\data\shared\interface\select_buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\select_buttons.jpg 
C:\Poker\Poker 770\data\shared\interface	imeout-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface	imeout.jpg 
C:\Poker\Poker 770\data\shared\interface\waiting_for_other_players.jpg 
C:\Poker\Poker 770\data\shared\interface\chat\chat_window.png 
C:\Poker\Poker 770\data\shared\interface\chat\close-over.jpg 
C:\Poker\Poker 770\data\shared\interface\chat\close.png 
C:\Poker\Poker 770\data\shared\interface\chat\font.png 
C:\Poker\Poker 770\data\shared\interface\chat\send.png 
C:\Poker\Poker 770\data\shared\options\arrows.png 
C:\Poker\Poker 770\data\shared\options\avatars-alpha.jpg 
C:\Poker\Poker 770\data\shared\options\avatars.jpg 
C:\Poker\Poker 770\data\shared\options\check.png 
C:\Poker\Poker 770\data\shared\options\disconnect_text.png 
C:\Poker\Poker 770\data\shared\options\options-back.jpg 
C:\Poker\Poker 770\data\shared\options\options_adjust-alpha.jpg 
C:\Poker\Poker 770\data\shared\options\options_adjust.jpg 
C:\Poker\Poker 770\data\shared\options\slider.jpg 
C:\Poker\Poker 770\data\shared\slots\lines 
C:\Poker\Poker 770\data\shared\slots\lines\20line-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\20line.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\9line-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\9line.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin_frame-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin_frame.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\symbol_anim-alpha.jpg 
C:\Poker\Poker 770\data\shared\sounds\02.mp3 
C:\Poker\Poker 770\data\shared\sounds\02s.mp3 
C:\Poker\Poker 770\data\shared\sounds\03.mp3 
C:\Poker\Poker 770\data\shared\sounds\03s.mp3 
C:\Poker\Poker 770\data\shared\sounds\04.mp3 
C:\Poker\Poker 770\data\shared\sounds\04s.mp3 
C:\Poker\Poker 770\data\shared\sounds\05.mp3 
C:\Poker\Poker 770\data\shared\sounds\05s.mp3 
C:\Poker\Poker 770\data\shared\sounds\06.mp3 
C:\Poker\Poker 770\data\shared\sounds\06s.mp3 
C:\Poker\Poker 770\data\shared\sounds\07.mp3 
C:\Poker\Poker 770\data\shared\sounds\07s.mp3 
C:\Poker\Poker 770\data\shared\sounds\08.mp3 
C:\Poker\Poker 770\data\shared\sounds\08s.mp3 
C:\Poker\Poker 770\data\shared\sounds\09.mp3 
C:\Poker\Poker 770\data\shared\sounds\09s.mp3 
C:\Poker\Poker 770\data\shared\sounds\10.mp3 
C:\Poker\Poker 770\data\shared\sounds\10s.mp3 
C:\Poker\Poker 770\data\shared\sounds\ace.mp3 
C:\Poker\Poker 770\data\shared\sounds\aces.mp3 
C:\Poker\Poker 770\data\shared\sounds\and.mp3 
C:\Poker\Poker 770\data\shared\sounds\bigwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\buzzer.mp3 
C:\Poker\Poker 770\data\shared\sounds\card.mp3 
C:\Poker\Poker 770\data\shared\sounds\card.wav 
C:\Poker\Poker 770\data\shared\sounds\cardturn.mp3 
C:\Poker\Poker 770\data\shared\sounds\chip.mp3 
C:\Poker\Poker 770\data\shared\sounds\click.mp3 
C:\Poker\Poker 770\data\shared\sounds\clubs.mp3 
C:\Poker\Poker 770\data\shared\sounds\coin.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices 
C:\Poker\Poker 770\data\shared\sounds\dealflop.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealriver.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealturn.mp3 
C:\Poker\Poker 770\data\shared\sounds\diamonds.mp3 
C:\Poker\Poker 770\data\shared\sounds\dicerolling1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dicerolling2.mp3 
C:\Poker\Poker 770\data\shared\sounds\empty.mp3 
C:\Poker\Poker 770\data\shared\sounds\flush.mp3 
C:\Poker\Poker 770\data\shared\sounds\fourofakind.mp3 
C:\Poker\Poker 770\data\shared\sounds\fullhouse.mp3 
C:\Poker\Poker 770\data\shared\sounds\fullof.mp3 
C:\Poker\Poker 770\data\shared\sounds\goodluck.mp3 
C:\Poker\Poker 770\data\shared\sounds\hearts.mp3 
C:\Poker\Poker 770\data\shared\sounds\high.mp3 
C:\Poker\Poker 770\data\shared\sounds\highcard.mp3 
C:\Poker\Poker 770\data\shared\sounds\itsyourbet.mp3 
C:\Poker\Poker 770\data\shared\sounds\jack.mp3 
C:\Poker\Poker 770\data\shared\sounds\jackpotwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\jacks.mp3 
C:\Poker\Poker 770\data\shared\sounds\kicker.mp3 
C:\Poker\Poker 770\data\shared\sounds\king.mp3 
C:\Poker\Poker 770\data\shared\sounds\kings.mp3 
C:\Poker\Poker 770\data\shared\sounds\lineselect.mp3 
C:\Poker\Poker 770\data\shared\sounds\mess5.mp3 
C:\Poker\Poker 770\data\shared\sounds\message.mp3 
C:\Poker\Poker 770\data\shared\sounds
ewplayer.mp3 
C:\Poker\Poker 770\data\shared\sounds\onepair.mp3 
C:\Poker\Poker 770\data\shared\sounds\onlinesupport.mp3 
C:\Poker\Poker 770\data\shared\sounds\placeyourbets.mp3 
C:\Poker\Poker 770\data\shared\sounds\playerin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds 
C:\Poker\Poker 770\data\shared\sounds\pokercard.mp3 
C:\Poker\Poker 770\data\shared\sounds\possible_win_icon.mp3 
C:\Poker\Poker 770\data\shared\sounds\queen.mp3 
C:\Poker\Poker 770\data\shared\sounds\queens.mp3 
C:\Poker\Poker 770\data\shared\soundsoyalflush.mp3 
C:\Poker\Poker 770\data\shared\sounds\slots_doubleup_shuffle.mp3 
C:\Poker\Poker 770\data\shared\sounds\slots_number_counting.mp3 
C:\Poker\Poker 770\data\shared\sounds\smallwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\spades.mp3 
C:\Poker\Poker 770\data\shared\sounds\starting.mp3 
C:\Poker\Poker 770\data\shared\sounds\straight.mp3 
C:\Poker\Poker 770\data\shared\sounds\straightflush.mp3 
C:\Poker\Poker 770\data\shared\sounds	hreekind.mp3 
C:\Poker\Poker 770\data\shared\sounds	wopair.mp3 
C:\Poker\Poker 770\data\shared\sounds\youwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\anteplease_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\betsplease_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\blackjack_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\black_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\bust_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\comingout_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\dealerdnq_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\dealerwins_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\insurance_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\playerwins_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\push_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoicesed_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\youwin_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\0_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\10_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\11_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\12_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\13_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\14_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\15_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\16_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\17_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\18_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\19_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\1_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\20_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\21_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\22_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\23_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\24_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\25_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\26_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\27_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\28_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\29_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\2_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\30_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\31_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\32_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\33_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\34_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\35_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\36_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\3_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\4_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\5_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\6_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\7_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\8_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\9_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchman 
C:\Poker\Poker 770\data\shared\sounds\playersounds\mafiaguy 
C:\Poker\Poker 770\data\shared\sounds\playersounds\olderbusinesswoman 
C:\Poker\Poker 770\data\shared\sounds\playersounds\oldtourist 
C:\Poker\Poker 770\data\shared\sounds\playersounds\valleygirl 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballereraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdudeaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdudeeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bondaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bonderaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboyaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboyeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl\allin.mp3 
C:\Poker\Poker 770\data\s

biloute · Answer

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_H | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 11/06/2009 à 3:50 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:54:17, 13/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 2 v5.1.2600
Nom du PC: BARBANO-AUD-MEL | Utilisateur actuel: M‚lissa
.
Administrateur: Administrateur 
N'est pas administrateur: HelpAssistant *Desactive* 
N'est pas administrateur: Invité *Desactive* 
Administrateur: Mélissa 
N'est pas administrateur: SUPPORT_388945a0 *Desactive* 
. 
============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== 
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Poker 770
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770
HKLM\Software\Poker 770
.
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Everest Poker 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770\Poker 770.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770\Uninstall Poker 770.lnk 
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Poker 770 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\cache 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\ConfMedia.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\ConfMedia.cyp.old 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoStats 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\host.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\user.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\db\cat.cyp 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\config.xml 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoDesktop\userConfig.xml 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\eoStats\eoStats.txt 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_difficile_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_difficile_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_facile_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_facile_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_moyen_20060701.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\grids_moyen_20060702.sud 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_mauve\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_noir\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\print.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_rouge\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\aide.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\aidePressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\autoverifno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\autoverifyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\back.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\background3.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\backgroundreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\backPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\blank21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\blank25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\correct21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\correct25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\ecran.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\ecranReflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\fermer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\fermerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\grey25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminated21_19.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminated25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminateno.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\iluminateyes.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\incorrect25.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\keypad.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\keypadreflet.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\masquer.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\masquerPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\minimise.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\minimisepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ew.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ewPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
ext.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert
extPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\save.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\savepressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\Thumbs.db 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\verificationcell.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo\EoSudoku\images_classic_vert\verificationcellPressed.png 
C:\DOCUME~1\MLISSA~1.BAR\APPLIC~1\EoRezo 
C:\Program Files\Everest Poker\casino.exe 
C:\Program Files\Everest Poker\cstart-tmp.exe 
C:\Program Files\Everest Poker\cstart.exe 
C:\Program Files\Everest Poker\data 
C:\Program Files\Everest Poker\Everest Poker.exe 
C:\Program Files\Everest Poker\gvbase.dll 
C:\Program Files\Everest Poker\gvcrt.dll 
C:\Program Files\Everest Poker\gvgfx-dib.dll 
C:\Program Files\Everest Poker\gvgfx.dll 
C:\Program Files\Everest Poker\gvmain.dll 
C:\Program Files\Everest Poker\gvmain.exe 
C:\Program Files\Everest Poker\gvnetwork.dll 
C:\Program Files\Everest Poker\gvsound.dll 
C:\Program Files\Everest Poker\history 
C:\Program Files\Everest Poker\init.ini 
C:\Program Files\Everest Poker\log.dat 
C:\Program Files\Everest Poker
otes 
C:\Program Files\Everest Poker\settings.ini 
C:\Program Files\Everest Poker	oc_fr.ini 
C:\Program Files\Everest Poker\var 
C:\Program Files\Everest Poker\data\fonts 
C:\Program Files\Everest Poker\data\mp-lobby 
C:\Program Files\Everest Poker\data\mp-poker 
C:\Program Files\Everest Poker\data\shared 
C:\Program Files\Everest Poker\data\startup 
C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf 
C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt 
C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background 
C:\Program Files\Everest Poker\data\mp-poker\fr 
C:\Program Files\Everest Poker\data\mp-poker\shared.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt 
C:\Program Files\Everest Poker\data\mp-poker\background\med.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt 
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt 
C:\Program Files\Everest Poker\data\shared\fr 
C:\Program Files\Everest Poker\data\shared\shared 
C:\Program Files\Everest Poker\data\shared\fr\country.txt 
C:\Program Files\Everest Poker\data\shared\fr\language.txt 
C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps 
C:\Program Files\Everest Poker\data\shared\shared\sounds 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art 
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art 
C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg 
C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg 
C:\Program Files\Everest Poker\data\startup\en 
C:\Program Files\Everest Poker\data\startup\fr 
C:\Program Files\Everest Poker\data\startup\shared 
C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\fr\cstart.txt 
C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps 
C:\Program Files\Everest Poker\data\startup\shared\icons 
C:\Program Files\Everest Poker\data\startup\shared\sounds 
C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art 
C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico 
C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg 
C:\Program Files\Everest Poker\history\10.txt 
C:\Program Files\Everest Poker\history\100.txt 
C:\Program Files\Everest Poker\history\101.txt 
C:\Program Files\Everest Poker\history\102.txt 
C:\Program Files\Everest Poker\history\103.txt 
C:\Program Files\Everest Poker\history\104.txt 
C:\Program Files\Everest Poker\history\105.txt 
C:\Program Files\Everest Poker\history\106.txt 
C:\Program Files\Everest Poker\history\107.txt 
C:\Program Files\Everest Poker\history\108.txt 
C:\Program Files\Everest Poker\history\109.txt 
C:\Program Files\Everest Poker\history\11.txt 
C:\Program Files\Everest Poker\history\110.txt 
C:\Program Files\Everest Poker\history\111.txt 
C:\Program Files\Everest Poker\history\112.txt 
C:\Program Files\Everest Poker\history\113.txt 
C:\Program Files\Everest Poker\history\114.txt 
C:\Program Files\Everest Poker\history\115.txt 
C:\Program Files\Everest Poker\history\116.txt 
C:\Program Files\Everest Poker\history\117.txt 
C:\Program Files\Everest Poker\history\118.txt 
C:\Program Files\Everest Poker\history\119.txt 
C:\Program Files\Everest Poker\history\12.txt 
C:\Program Files\Everest Poker\history\120.txt 
C:\Program Files\Everest Poker\history\121.txt 
C:\Program Files\Everest Poker\history\124.txt 
C:\Program Files\Everest Poker\history\125.txt 
C:\Program Files\Everest Poker\history\13.txt 
C:\Program Files\Everest Poker\history\14.txt 
C:\Program Files\Everest Poker\history\15.txt 
C:\Program Files\Everest Poker\history\16.txt 
C:\Program Files\Everest Poker\history\17.txt 
C:\Program Files\Everest Poker\history\18.txt 
C:\Program Files\Everest Poker\history\19.txt 
C:\Program Files\Everest Poker\history\20.txt 
C:\Program Files\Everest Poker\history\21.txt 
C:\Program Files\Everest Poker\history\22.txt 
C:\Program Files\Everest Poker\history\23.txt 
C:\Program Files\Everest Poker\history\24.txt 
C:\Program Files\Everest Poker\history\25.txt 
C:\Program Files\Everest Poker\history\26.txt 
C:\Program Files\Everest Poker\history\27.txt 
C:\Program Files\Everest Poker\history\28.txt 
C:\Program Files\Everest Poker\history\29.txt 
C:\Program Files\Everest Poker\history\3.txt 
C:\Program Files\Everest Poker\history\30.txt 
C:\Program Files\Everest Poker\history\31.txt 
C:\Program Files\Everest Poker\history\32.txt 
C:\Program Files\Everest Poker\history\33.txt 
C:\Program Files\Everest Poker\history\34.txt 
C:\Program Files\Everest Poker\history\35.txt 
C:\Program Files\Everest Poker\history\36.txt 
C:\Program Files\Everest Poker\history\37.txt 
C:\Program Files\Everest Poker\history\38.txt 
C:\Program Files\Everest Poker\history\39.txt 
C:\Program Files\Everest Poker\history\4.txt 
C:\Program Files\Everest Poker\history\40.txt 
C:\Program Files\Everest Poker\history\41.txt 
C:\Program Files\Everest Poker\history\42.txt 
C:\Program Files\Everest Poker\history\43.txt 
C:\Program Files\Everest Poker\history\44.txt 
C:\Program Files\Everest Poker\history\45.txt 
C:\Program Files\Everest Poker\history\46.txt 
C:\Program Files\Everest Poker\history\47.txt 
C:\Program Files\Everest Poker\history\48.txt 
C:\Program Files\Everest Poker\history\49.txt 
C:\Program Files\Everest Poker\history\5.txt 
C:\Program Files\Everest Poker\history\50.txt 
C:\Program Files\Everest Poker\history\51.txt 
C:\Program Files\Everest Poker\history\52.txt 
C:\Program Files\Everest Poker\history\53.txt 
C:\Program Files\Everest Poker\history\54.txt 
C:\Program Files\Everest Poker\history\55.txt 
C:\Program Files\Everest Poker\history\56.txt 
C:\Program Files\Everest Poker\history\57.txt 
C:\Program Files\Everest Poker\history\58.txt 
C:\Program Files\Everest Poker\history\6.txt 
C:\Program Files\Everest Poker\history\60.txt 
C:\Program Files\Everest Poker\history\61.txt 
C:\Program Files\Everest Poker\history\62.txt 
C:\Program Files\Everest Poker\history\64.txt 
C:\Program Files\Everest Poker\history\65.txt 
C:\Program Files\Everest Poker\history\66.txt 
C:\Program Files\Everest Poker\history\67.txt 
C:\Program Files\Everest Poker\history\68.txt 
C:\Program Files\Everest Poker\history\69.txt 
C:\Program Files\Everest Poker\history\7.txt 
C:\Program Files\Everest Poker\history\70.txt 
C:\Program Files\Everest Poker\history\71.txt 
C:\Program Files\Everest Poker\history\72.txt 
C:\Program Files\Everest Poker\history\73.txt 
C:\Program Files\Everest Poker\history\74.txt 
C:\Program Files\Everest Poker\history\75.txt 
C:\Program Files\Everest Poker\history\77.txt 
C:\Program Files\Everest Poker\history\78.txt 
C:\Program Files\Everest Poker\history\79.txt 
C:\Program Files\Everest Poker\history\8.txt 
C:\Program Files\Everest Poker\history\80.txt 
C:\Program Files\Everest Poker\history\81.txt 
C:\Program Files\Everest Poker\history\82.txt 
C:\Program Files\Everest Poker\history\83.txt 
C:\Program Files\Everest Poker\history\84.txt 
C:\Program Files\Everest Poker\history\85.txt 
C:\Program Files\Everest Poker\history\86.txt 
C:\Program Files\Everest Poker\history\87.txt 
C:\Program Files\Everest Poker\history\88.txt 
C:\Program Files\Everest Poker\history\89.txt 
C:\Program Files\Everest Poker\history\9.txt 
C:\Program Files\Everest Poker\history\90.txt 
C:\Program Files\Everest Poker\history\91.txt 
C:\Program Files\Everest Poker\history\93.txt 
C:\Program Files\Everest Poker\history\94.txt 
C:\Program Files\Everest Poker\history\96.txt 
C:\Program Files\Everest Poker\history\97.txt 
C:\Program Files\Everest Poker\history\98.txt 
C:\Program Files\Everest Poker\history\99.txt 
C:\Program Files\Everest Poker
otes\Player-ice_cream57 
C:\Program Files\Everest Poker
otes\Player-ice_cream57\Opponent-MG1950.xpn 
C:\Program Files\Everest Poker\var\content-fr.dat 
C:\Program Files\Everest Poker 
C:\Poker\Poker 770\cactivex.dll 
C:\Poker\Poker 770\casino.cli 
C:\Poker\Poker 770\casino.exe 
C:\Poker\Poker 770\casino.hlp 
C:\Poker\Poker 770\casino.ico 
C:\Poker\Poker 770\data 
C:\Poker\Poker 770\directsounddriver.dll 
C:\Poker\Poker 770\fileinfo.dat 
C:\Poker\Poker 770\fileinfo2.dat 
C:\Poker\Poker 770\fileinfo2r.dat 
C:\Poker\Poker 770\gdigraphdriver.dll 
C:\Poker\Poker 770\History 
C:\Poker\Poker 770\icecream57.pbn 
C:\Poker\Poker 770\ptsetup.lang 
C:\Poker\Poker 770\ptsetup.log 
C:\Poker\Poker 770eplace.exe 
C:\Poker\Poker 770\unicows.dll 
C:\Poker\Poker 770\_SetupCasino.exe 
C:\Poker\Poker 770\data\blackjack 
C:\Poker\Poker 770\data\blackjack.dll 
C:\Poker\Poker 770\data\blackjack.gam 
C:\Poker\Poker 770\data\cashier.dll 
C:\Poker\Poker 770\data\cashier.gam 
C:\Poker\Poker 770\data\casinowar 
C:\Poker\Poker 770\data\casinowar.dll 
C:\Poker\Poker 770\data\casinowar.gam 
C:\Poker\Poker 770\data\common.dll 
C:\Poker\Poker 770\data\common.gam 
C:\Poker\Poker 770\data\craps 
C:\Poker\Poker 770\data\craps.dll 
C:\Poker\Poker 770\data\craps.gam 
C:\Poker\Poker 770\data\keno 
C:\Poker\Poker 770\data\keno.dll 
C:\Poker\Poker 770\data\keno.gam 
C:\Poker\Poker 770\data\loader.dll 
C:\Poker\Poker 770\data\loader.gam 
C:\Poker\Poker 770\data\lobby 
C:\Poker\Poker 770\data\pokergames.dll 
C:\Poker\Poker 770\data\poker_caribbean 
C:\Poker\Poker 770\data\poker_caribbean.gam 
C:\Poker\Poker 770\data\poker_common.dll 
C:\Poker\Poker 770\data\poker_common.gam 
C:\Poker\Poker 770\data\poker_holdem 
C:\Poker\Poker 770\data\poker_holdem.gam 
C:\Poker\Poker 770\data\poker_lobby.dll 
C:\Poker\Poker 770\data\poker_lobby.gam 
C:\Poker\Poker 770\data\poker_table.dll 
C:\Poker\Poker 770\dataoulette 
C:\Poker\Poker 770\dataoulette.dll 
C:\Poker\Poker 770\dataoulette.gam 
C:\Poker\Poker 770\data\shared 
C:\Poker\Poker 770\data\slotmachines.dll 
C:\Poker\Poker 770\data\slots_bonusbears25line 
C:\Poker\Poker 770\data\slots_bonusbears25line.gam 
C:\Poker\Poker 770\data\slots_cinerama5reel 
C:\Poker\Poker 770\data\slots_cinerama5reel.gam 
C:\Poker\Poker 770\data\slots_desert20line 
C:\Poker\Poker 770\data\slots_desert20line.gam 
C:\Poker\Poker 770\data\slots_forestofwonders25line 
C:\Poker\Poker 770\data\slots_forestofwonders25line.gam 
C:\Poker\Poker 770\data\slots_gold8line 
C:\Poker\Poker 770\data\slots_gold8line.gam 
C:\Poker\Poker 770\data\slots_lotto20line 
C:\Poker\Poker 770\data\slots_lotto20line.gam 
C:\Poker\Poker 770\data\slots_lovemore20line 
C:\Poker\Poker 770\data\slots_lovemore20line.gam 
C:\Poker\Poker 770\data\slots_silentsamurai9line 
C:\Poker\Poker 770\data\slots_silentsamurai9line.gam 
C:\Poker\Poker 770\data\slots_wildspirit20line 
C:\Poker\Poker 770\data\slots_wildspirit20line.gam 
C:\Poker\Poker 770\data\smallview.gam 
C:\Poker\Poker 770\data	able 
C:\Poker\Poker 770\data	opview.gam 
C:\Poker\Poker 770\data\videopokers.dll 
C:\Poker\Poker 770\data\videopoker_4aces 
C:\Poker\Poker 770\data\videopoker_4aces.gam 
C:\Poker\Poker 770\data\videopoker_4jacks 
C:\Poker\Poker 770\data\videopoker_4jacks.gam 
C:\Poker\Poker 770\data\videopoker_jacks 
C:\Poker\Poker 770\data\videopoker_jacks.gam 
C:\Poker\Poker 770\data\videopoker_joker 
C:\Poker\Poker 770\data\videopoker_joker.gam 
C:\Poker\Poker 770\data\blackjack\back.jpg 
C:\Poker\Poker 770\data\blackjack\blackjack_winsign.jpg 
C:\Poker\Poker 770\data\blackjack	exture.jpg 
C:\Poker\Poker 770\data\casinowar\back.jpg 
C:\Poker\Poker 770\data\casinowar\casinowar.lws 
C:\Poker\Poker 770\data\casinowar	exture.jpg 
C:\Poker\Poker 770\data\craps\3d 
C:\Poker\Poker 770\data\craps\back.jpg 
C:\Poker\Poker 770\data\craps\coins.png 
C:\Poker\Poker 770\data\craps\3d\back.z 
C:\Poker\Poker 770\data\craps\3d\dice.lwo 
C:\Poker\Poker 770\data\craps\3d\dice.lws 
C:\Poker\Poker 770\data\craps\3d\dice.png 
C:\Poker\Poker 770\data\keno\3d 
C:\Poker\Poker 770\data\keno\back.jpg 
C:\Poker\Poker 770\data\keno\buttons 
C:\Poker\Poker 770\data\keno\selected.png 
C:\Poker\Poker 770\data\keno\sounds 
C:\Poker\Poker 770\data\keno\star-alpha.jpg 
C:\Poker\Poker 770\data\keno\star.jpg 
C:\Poker\Poker 770\data\keno\wheel_empty.jpg 
C:\Poker\Poker 770\data\keno\wheel_full.jpg 
C:\Poker\Poker 770\data\keno\3d\bet.sl2 
C:\Poker\Poker 770\data\keno\buttons\buttons-alpha.jpg 
C:\Poker\Poker 770\data\keno\buttons\buttons.jpg 
C:\Poker\Poker 770\data\keno\sounds\hitone.mp3 
C:\Poker\Poker 770\data\keno\sounds\selectsound.mp3 
C:\Poker\Poker 770\data\keno\sounds\wheel.mp3 
C:\Poker\Poker 770\data\lobby\asian_view_stakes_back.png 
C:\Poker\Poker 770\data\lobby\back.jpg 
C:\Poker\Poker 770\data\lobby\buttons 
C:\Poker\Poker 770\data\lobby\dialogs 
C:\Poker\Poker 770\data\lobby\filtering_tab-alpha.jpg 
C:\Poker\Poker 770\data\lobby\filtering_tab.jpg 
C:\Poker\Poker 770\data\lobby\filter_text.png 
C:\Poker\Poker 770\data\lobby\info_headers.png 
C:\Poker\Poker 770\data\lobby\loading_info.jpg 
C:\Poker\Poker 770\data\lobby\login 
C:\Poker\Poker 770\data\lobby\mc_text.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_back.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_buttons.jpg 
C:\Poker\Poker 770\data\lobby\quick_search_close.jpg 
C:\Poker\Poker 770\data\lobby\sidegames 
C:\Poker\Poker 770\data\lobby	ables 
C:\Poker\Poker 770\data\lobby	reeview_down.bmp 
C:\Poker\Poker 770\data\lobby	reeview_minus.bmp 
C:\Poker\Poker 770\data\lobby	reeview_plus.bmp 
C:\Poker\Poker 770\data\lobby	reeview_right.bmp 
C:\Poker\Poker 770\data\lobby\waitinglist 
C:\Poker\Poker 770\data\lobby\buttons\cashier_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\cashier_buttons.jpg 
C:\Poker\Poker 770\data\lobby\buttons\contactus-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\contactus.jpg 
C:\Poker\Poker 770\data\lobby\buttons\goto_tournament-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\goto_tournament.jpg 
C:\Poker\Poker 770\data\lobby\buttons\jointable-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\jointable.jpg 
C:\Poker\Poker 770\data\lobby\buttons\players_waiting.jpg 
C:\Poker\Poker 770\data\lobby\buttons\search-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\search.jpg 
C:\Poker\Poker 770\data\lobby\buttons	reeview_menu.jpg 
C:\Poker\Poker 770\data\lobby\buttons\waitinglist_buttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby\buttons\waitinglist_buttons.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\close.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_back.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_back3.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_big_headers.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\dialog_headers.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\gotothenexttournament-alpha.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\gotothenexttournament.jpg 
C:\Poker\Poker 770\data\lobby\dialogs\header.jpg 
C:\Poker\Poker 770\data\lobby\dialogs
ickname.jpg 
C:\Poker\Poker 770\data\lobby\dialogs	ournament_registration.jpg 
C:\Poker\Poker 770\data\lobby\dialogs	our_details_row.jpg 
C:\Poker\Poker 770\data\lobby\login\back.jpg 
C:\Poker\Poker 770\data\lobby\login\checkbox.png 
C:\Poker\Poker 770\data\lobby\login\checkboxes.jpg 
C:\Poker\Poker 770\data\lobby\login\createaccount-alpha.jpg 
C:\Poker\Poker 770\data\lobby\login\createaccount.jpg 
C:\Poker\Poker 770\data\lobby\login\dont_have_an_account.jpg 
C:\Poker\Poker 770\data\lobby\login\login-alpha.jpg 
C:\Poker\Poker 770\data\lobby\login\login.jpg 
C:\Poker\Poker 770\data\lobby\login\logininfo.jpg 
C:\Poker\Poker 770\data\lobby\login
ickname.png 
C:\Poker\Poker 770\data\lobby\sidegames\sidegames-alpha.jpg 
C:\Poker\Poker 770\data\lobby\sidegames\sidegames.jpg 
C:\Poker\Poker 770\data\lobby	ables\hide_finished.jpg 
C:\Poker\Poker 770\data\lobby	ables\hide_finished_cover.jpg 
C:\Poker\Poker 770\data\lobby	ables\lobby_table_rows.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons-alpha.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons.jpg 
C:\Poker\Poker 770\data\lobby	ables\scrollbuttons_h.jpg 
C:\Poker\Poker 770\data\lobby	ables\scroll_indicator.jpg 
C:\Poker\Poker 770\data\lobby	ables\scroll_indicator_h.jpg 
C:\Poker\Poker 770\data\lobby	ables\searchtop.jpg 
C:\Poker\Poker 770\data\lobby	ables	ables_back-alpha.jpg 
C:\Poker\Poker 770\data\lobby	ables	ables_back.jpg 
C:\Poker\Poker 770\data\lobby	ables	op.jpg 
C:\Poker\Poker 770\data\lobby\waitinglist
um_chooser.jpg 
C:\Poker\Poker 770\data\poker_caribbean	exture.jpg 
C:\Poker\Poker 770\data\poker_holdem\arrows.png 
C:\Poker\Poker 770\data\poker_holdem\back.jpg 
C:\Poker\Poker 770\dataoulette\3d 
C:\Poker\Poker 770\dataoulette\back.jpg 
C:\Poker\Poker 770\dataoulette\ball.png 
C:\Poker\Poker 770\dataoulette\buttons 
C:\Poker\Poker 770\dataoulette\marker-alpha.jpg 
C:\Poker\Poker 770\dataoulette\marker.jpg 
C:\Poker\Poker 770\dataoulette\marker.png 
C:\Poker\Poker 770\dataoulette\sounds 
C:\Poker\Poker 770\dataoulette\zoom 
C:\Poker\Poker 770\dataoulette\3d\back.z 
C:\Poker\Poker 770\dataoulette\3d\ball.bmp 
C:\Poker\Poker 770\dataoulette\3d\ball.lwo 
C:\Poker\Poker 770\dataoulette\3d\disc.lwo 
C:\Poker\Poker 770\dataoulette\3d\disk.jpg 
C:\Poker\Poker 770\dataoulette\3doulette.lws 
C:\Poker\Poker 770\dataoulette\3d	urret.cfs 
C:\Poker\Poker 770\dataoulette\buttons\allcoins1_selected.png 
C:\Poker\Poker 770\dataoulette\soundsoulettespin.mp3 
C:\Poker\Poker 770\dataoulette\soundsoulettestop.mp3 
C:\Poker\Poker 770\dataoulette\zoom\zoomanim.jpg 
C:\Poker\Poker 770\dataoulette\zoom\zoomstill.jpg 
C:\Poker\Poker 770\data\shared\3d 
C:\Poker\Poker 770\data\shared\9line 
C:\Poker\Poker 770\data\shared\arrow_3d_down.png 
C:\Poker\Poker 770\data\shared\black100x100.png 
C:\Poker\Poker 770\data\shared\blackjack 
C:\Poker\Poker 770\data\shared\bubble.png 
C:\Poker\Poker 770\data\shared\bubble_lobby-alpha.jpg 
C:\Poker\Poker 770\data\shared\bubble_lobby.jpg 
C:\Poker\Poker 770\data\shared\buttons 
C:\Poker\Poker 770\data\shared\cards 
C:\Poker\Poker 770\data\shared\coins 
C:\Poker\Poker 770\data\shared\dollarball 
C:\Poker\Poker 770\data\shared\doublescreen 
C:\Poker\Poker 770\data\shared\fonts 
C:\Poker\Poker 770\data\shared\history 
C:\Poker\Poker 770\data\shared\html 
C:\Poker\Poker 770\data\shared\interface 
C:\Poker\Poker 770\data\shared\jackpot-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot.jpg 
C:\Poker\Poker 770\data\shared\jackpot_anim-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot_anim.jpg 
C:\Poker\Poker 770\data\shared\jackpot_txt-alpha.jpg 
C:\Poker\Poker 770\data\shared\jackpot_txt.jpg 
C:\Poker\Poker 770\data\shared\loading.png 
C:\Poker\Poker 770\data\shared\loading_anim.png 
C:\Poker\Poker 770\data\shared\mobile_anim.png 
C:\Poker\Poker 770\data\shared
ametag.jpg 
C:\Poker\Poker 770\data\shared
ametag_long.jpg 
C:\Poker\Poker 770\data\shared\options 
C:\Poker\Poker 770\data\shared\progcover.png 
C:\Poker\Poker 770\data\shared\sides.jpg 
C:\Poker\Poker 770\data\shared\slots 
C:\Poker\Poker 770\data\shared\sounds 
C:\Poker\Poker 770\data\shared	ablegames 
C:\Poker\Poker 770\data\shared	ablesigns 
C:\Poker\Poker 770\data\shared\ui 
C:\Poker\Poker 770\data\shared\videopoker_4line 
C:\Poker\Poker 770\data\shared\videopoker_jacks 
C:\Poker\Poker 770\data\shared\3d\chrome.png 
C:\Poker\Poker 770\data\shared\9line\buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\9line\buttons.jpg 
C:\Poker\Poker 770\data\shared\9line\payline123.png 
C:\Poker\Poker 770\data\shared\9line\payline456789.png 
C:\Poker\Poker 770\data\shared\blackjack\blackjack.lws 
C:\Poker\Poker 770\data\shared\buttons\allbuttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\allbuttons-over.jpg 
C:\Poker\Poker 770\data\shared\buttons\allbuttons.jpg 
C:\Poker\Poker 770\data\shared\buttons\buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\buttons.jpg 
C:\Poker\Poker 770\data\shared\buttons\info_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\buttons\info_button.jpg 
C:\Poker\Poker 770\data\shared\cards\back.z 
C:\Poker\Poker 770\data\shared\cards\cardhq.lwo 
C:\Poker\Poker 770\data\shared\cards\cardlq.lwo 
C:\Poker\Poker 770\data\shared\cards\cards.lws 
C:\Poker\Poker 770\data\shared\cards\cards_small-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\cards_small.jpg 
C:\Poker\Poker 770\data\shared\cards\card_doubleup-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\card_doubleup.jpg 
C:\Poker\Poker 770\data\shared\cards\poker 
C:\Poker\Poker 770\data\shared\cards	extures 
C:\Poker\Poker 770\data\shared\cards\poker\allcards-alpha.jpg 
C:\Poker\Poker 770\data\shared\cards\poker\allcards.jpg 
C:\Poker\Poker 770\data\shared\cards\poker\back.bmp 
C:\Poker\Poker 770\data\shared\cards\poker\joker.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\allcards.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\allcards_xl.jpg 
C:\Poker\Poker 770\data\shared\cards	extures\back.bmp 
C:\Poker\Poker 770\data\shared\cards	extures\joker.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_coins-alpha.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_coins.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins1_selected.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_coins-alpha.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_coins.jpg 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins2_selected.png 
C:\Poker\Poker 770\data\shared\coins	ablecoins\allcoins4_coins.jpg 
C:\Poker\Poker 770\data\shared\dollarball\activate.jpg 
C:\Poker\Poker 770\data\shared\dollarball\ball.png 
C:\Poker\Poker 770\data\shared\dollarball\button_disable-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_disable.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable_mid-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\button_enable_mid.jpg 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_big.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_big_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_mid.png 
C:\Poker\Poker 770\data\shared\dollarball\dollar_ball_mid_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\enable_big_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\enable_big_button.jpg 
C:\Poker\Poker 770\data\shared\dollarballandom_pick1-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarballandom_pick1.jpg 
C:\Poker\Poker 770\data\shared\dollarballesult_win.png 
C:\Poker\Poker 770\data\shared\dollarballesult_win_disabled.png 
C:\Poker\Poker 770\data\shared\dollarball\selected_box.jpg 
C:\Poker\Poker 770\data\shared\dollarball\selection_win.png 
C:\Poker\Poker 770\data\shared\dollarball\sidebet_button-alpha.jpg 
C:\Poker\Poker 770\data\shared\dollarball\sidebet_button.jpg 
C:\Poker\Poker 770\data\shared\dollarball\sounds 
C:\Poker\Poker 770\data\shared\dollarball\win-over.jpg 
C:\Poker\Poker 770\data\shared\dollarball\soundseelstop_sidebet.mp3 
C:\Poker\Poker 770\data\shared\doublescreen\back.png 
C:\Poker\Poker 770\data\shared\doublescreen\buttons_screen-alpha.jpg 
C:\Poker\Poker 770\data\shared\doublescreen\buttons_screen.jpg 
C:\Poker\Poker 770\data\shared\fonts\arial10.fon 
C:\Poker\Poker 770\data\shared\fonts\blackchancery90.fon 
C:\Poker\Poker 770\data\shared\fonts\boink_let_23.fon 
C:\Poker\Poker 770\data\shared\fonts\boink_let_32.fon 
C:\Poker\Poker 770\data\shared\fonts\futurabdcnbt_24.fon 
C:\Poker\Poker 770\data\shared\fonts\helveticaneueboldcond_60.fon 
C:\Poker\Poker 770\data\shared\fonts\helvetica_nbc18.fon 
C:\Poker\Poker 770\data\shared\fonts\impact_19.fon 
C:\Poker\Poker 770\data\shared\fonts\kabelbd.fon 
C:\Poker\Poker 770\data\shared\fonts\kabelultbt.fon 
C:\Poker\Poker 770\data\shared\fonts\lcd2_17.fon 
C:\Poker\Poker 770\data\shared\fonts\serifabdcnbt.fon 
C:\Poker\Poker 770\data\shared\fonts\square721bdexbt.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt16.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721cnbt49.fon 
C:\Poker\Poker 770\data\shared\fonts\swis721mdbt25.fon 
C:\Poker\Poker 770\data\shared\fonts\swiss911xcmbt.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma10b.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma7.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8b.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma8_.fon 
C:\Poker\Poker 770\data\shared\fonts	ahoma_ap.fon 
C:\Poker\Poker 770\data\shared\fonts	imes32.fon 
C:\Poker\Poker 770\data\shared\history\cards 
C:\Poker\Poker 770\data\shared\history\cards\allcards.jpg 
C:\Poker\Poker 770\data\shared\history\cards\allcards7stud-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\allcards7stud.jpg 
C:\Poker\Poker 770\data\shared\history\cards\card-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\card7stud-alpha.jpg 
C:\Poker\Poker 770\data\shared\history\cards\joker.jpg 
C:\Poker\Poker 770\data\shared\history\cards\joker7stud.jpg 
C:\Poker\Poker 770\data\shared\html\bg.jpg 
C:\Poker\Poker 770\data\shared\html\button_left.gif 
C:\Poker\Poker 770\data\shared\html\button_middle.gif 
C:\Poker\Poker 770\data\shared\html\button_right.gif 
C:\Poker\Poker 770\data\shared\html\cashier_offline.css 
C:\Poker\Poker 770\data\shared\html\cashier_offline.js 
C:\Poker\Poker 770\data\shared\html\cashier_offline_functions.js 
C:\Poker\Poker 770\data\shared\html\cashier_offline_poker.html 
C:\Poker\Poker 770\data\shared\html\chat 
C:\Poker\Poker 770\data\shared\html\details_desc_back.jpg 
C:\Poker\Poker 770\data\shared\html\details_desc_back2.jpg 
C:\Poker\Poker 770\data\shared\html\icon_comps.gif 
C:\Poker\Poker 770\data\shared\html\icon_transactionhistory.gif 
C:\Poker\Poker 770\data\shared\html\icon_withdraw.gif 
C:\Poker\Poker 770\data\shared\html\logo_offline_cashier.gif 
C:\Poker\Poker 770\data\shared\html\spacer.gif 
C:\Poker\Poker 770\data\shared\html\chat\chat.html 
C:\Poker\Poker 770\data\shared\html\chat\colors.html 
C:\Poker\Poker 770\data\shared\html\chat\edit.html 
C:\Poker\Poker 770\data\shared\html\chat\emoticons 
C:\Poker\Poker 770\data\shared\html\chat\emoticons.html 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\01.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\02.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\03.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\04.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\05.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\06.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\07.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\08.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\09.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\10.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\11.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\12.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\13.gif 
C:\Poker\Poker 770\data\shared\html\chat\emoticons\14.gif 
C:\Poker\Poker 770\data\shared\interface\aplay_advanced.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_arrow-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_arrow.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_buttons.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_check-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_check.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_delay.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_mode.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_ribbon.jpg 
C:\Poker\Poker 770\data\shared\interface\aplay_simple.jpg 
C:\Poker\Poker 770\data\shared\interface\bottom_ribbon-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\bottom_ribbon.jpg 
C:\Poker\Poker 770\data\shared\interface\chat 
C:\Poker\Poker 770\data\shared\interface\chat-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\chat.jpg 
C:\Poker\Poker 770\data\shared\interface\empty-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\empty.jpg 
C:\Poker\Poker 770\data\shared\interface\ipoker-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\ipoker.jpg 
C:\Poker\Poker 770\data\shared\interface\logo-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\logo.jpg 
C:\Poker\Poker 770\data\shared\interface\logo_cover.jpg 
C:\Poker\Poker 770\data\shared\interface\menu-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\menu.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_back-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_back.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_book.png 
C:\Poker\Poker 770\data\shared\interface\mobile_check.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_close.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_txt-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\mobile_txt.jpg 
C:\Poker\Poker 770\data\shared\interface\onlinestatus.jpg 
C:\Poker\Poker 770\data\shared\interface\padlock.png 
C:\Poker\Poker 770\data\shared\interface\playtech-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\playtech.jpg 
C:\Poker\Poker 770\data\shared\interface\select_buttons-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface\select_buttons.jpg 
C:\Poker\Poker 770\data\shared\interface	imeout-alpha.jpg 
C:\Poker\Poker 770\data\shared\interface	imeout.jpg 
C:\Poker\Poker 770\data\shared\interface\waiting_for_other_players.jpg 
C:\Poker\Poker 770\data\shared\interface\chat\chat_window.png 
C:\Poker\Poker 770\data\shared\interface\chat\close-over.jpg 
C:\Poker\Poker 770\data\shared\interface\chat\close.png 
C:\Poker\Poker 770\data\shared\interface\chat\font.png 
C:\Poker\Poker 770\data\shared\interface\chat\send.png 
C:\Poker\Poker 770\data\shared\options\arrows.png 
C:\Poker\Poker 770\data\shared\options\avatars-alpha.jpg 
C:\Poker\Poker 770\data\shared\options\avatars.jpg 
C:\Poker\Poker 770\data\shared\options\check.png 
C:\Poker\Poker 770\data\shared\options\disconnect_text.png 
C:\Poker\Poker 770\data\shared\options\options-back.jpg 
C:\Poker\Poker 770\data\shared\options\options_adjust-alpha.jpg 
C:\Poker\Poker 770\data\shared\options\options_adjust.jpg 
C:\Poker\Poker 770\data\shared\options\slider.jpg 
C:\Poker\Poker 770\data\shared\slots\lines 
C:\Poker\Poker 770\data\shared\slots\lines\20line-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\20line.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\9line-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\9line.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin_frame-alpha.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\linewin_frame.jpg 
C:\Poker\Poker 770\data\shared\slots\lines\symbol_anim-alpha.jpg 
C:\Poker\Poker 770\data\shared\sounds\02.mp3 
C:\Poker\Poker 770\data\shared\sounds\02s.mp3 
C:\Poker\Poker 770\data\shared\sounds\03.mp3 
C:\Poker\Poker 770\data\shared\sounds\03s.mp3 
C:\Poker\Poker 770\data\shared\sounds\04.mp3 
C:\Poker\Poker 770\data\shared\sounds\04s.mp3 
C:\Poker\Poker 770\data\shared\sounds\05.mp3 
C:\Poker\Poker 770\data\shared\sounds\05s.mp3 
C:\Poker\Poker 770\data\shared\sounds\06.mp3 
C:\Poker\Poker 770\data\shared\sounds\06s.mp3 
C:\Poker\Poker 770\data\shared\sounds\07.mp3 
C:\Poker\Poker 770\data\shared\sounds\07s.mp3 
C:\Poker\Poker 770\data\shared\sounds\08.mp3 
C:\Poker\Poker 770\data\shared\sounds\08s.mp3 
C:\Poker\Poker 770\data\shared\sounds\09.mp3 
C:\Poker\Poker 770\data\shared\sounds\09s.mp3 
C:\Poker\Poker 770\data\shared\sounds\10.mp3 
C:\Poker\Poker 770\data\shared\sounds\10s.mp3 
C:\Poker\Poker 770\data\shared\sounds\ace.mp3 
C:\Poker\Poker 770\data\shared\sounds\aces.mp3 
C:\Poker\Poker 770\data\shared\sounds\and.mp3 
C:\Poker\Poker 770\data\shared\sounds\bigwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\buzzer.mp3 
C:\Poker\Poker 770\data\shared\sounds\card.mp3 
C:\Poker\Poker 770\data\shared\sounds\card.wav 
C:\Poker\Poker 770\data\shared\sounds\cardturn.mp3 
C:\Poker\Poker 770\data\shared\sounds\chip.mp3 
C:\Poker\Poker 770\data\shared\sounds\click.mp3 
C:\Poker\Poker 770\data\shared\sounds\clubs.mp3 
C:\Poker\Poker 770\data\shared\sounds\coin.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices 
C:\Poker\Poker 770\data\shared\sounds\dealflop.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealriver.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealturn.mp3 
C:\Poker\Poker 770\data\shared\sounds\diamonds.mp3 
C:\Poker\Poker 770\data\shared\sounds\dicerolling1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dicerolling2.mp3 
C:\Poker\Poker 770\data\shared\sounds\empty.mp3 
C:\Poker\Poker 770\data\shared\sounds\flush.mp3 
C:\Poker\Poker 770\data\shared\sounds\fourofakind.mp3 
C:\Poker\Poker 770\data\shared\sounds\fullhouse.mp3 
C:\Poker\Poker 770\data\shared\sounds\fullof.mp3 
C:\Poker\Poker 770\data\shared\sounds\goodluck.mp3 
C:\Poker\Poker 770\data\shared\sounds\hearts.mp3 
C:\Poker\Poker 770\data\shared\sounds\high.mp3 
C:\Poker\Poker 770\data\shared\sounds\highcard.mp3 
C:\Poker\Poker 770\data\shared\sounds\itsyourbet.mp3 
C:\Poker\Poker 770\data\shared\sounds\jack.mp3 
C:\Poker\Poker 770\data\shared\sounds\jackpotwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\jacks.mp3 
C:\Poker\Poker 770\data\shared\sounds\kicker.mp3 
C:\Poker\Poker 770\data\shared\sounds\king.mp3 
C:\Poker\Poker 770\data\shared\sounds\kings.mp3 
C:\Poker\Poker 770\data\shared\sounds\lineselect.mp3 
C:\Poker\Poker 770\data\shared\sounds\mess5.mp3 
C:\Poker\Poker 770\data\shared\sounds\message.mp3 
C:\Poker\Poker 770\data\shared\sounds
ewplayer.mp3 
C:\Poker\Poker 770\data\shared\sounds\onepair.mp3 
C:\Poker\Poker 770\data\shared\sounds\onlinesupport.mp3 
C:\Poker\Poker 770\data\shared\sounds\placeyourbets.mp3 
C:\Poker\Poker 770\data\shared\sounds\playerin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds 
C:\Poker\Poker 770\data\shared\sounds\pokercard.mp3 
C:\Poker\Poker 770\data\shared\sounds\possible_win_icon.mp3 
C:\Poker\Poker 770\data\shared\sounds\queen.mp3 
C:\Poker\Poker 770\data\shared\sounds\queens.mp3 
C:\Poker\Poker 770\data\shared\soundsoyalflush.mp3 
C:\Poker\Poker 770\data\shared\sounds\slots_doubleup_shuffle.mp3 
C:\Poker\Poker 770\data\shared\sounds\slots_number_counting.mp3 
C:\Poker\Poker 770\data\shared\sounds\smallwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\spades.mp3 
C:\Poker\Poker 770\data\shared\sounds\starting.mp3 
C:\Poker\Poker 770\data\shared\sounds\straight.mp3 
C:\Poker\Poker 770\data\shared\sounds\straightflush.mp3 
C:\Poker\Poker 770\data\shared\sounds	hreekind.mp3 
C:\Poker\Poker 770\data\shared\sounds	wopair.mp3 
C:\Poker\Poker 770\data\shared\sounds\youwin.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\anteplease_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\betsplease_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\blackjack_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\black_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\bust_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\comingout_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\dealerdnq_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\dealerwins_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\insurance_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\playerwins_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\push_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoicesed_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices\youwin_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\0_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\10_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\11_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\12_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\13_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\14_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\15_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\16_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\17_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\18_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\19_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\1_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\20_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\21_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\22_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\23_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\24_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\25_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\26_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\27_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\28_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\29_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\2_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\30_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\31_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\32_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\33_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\34_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\35_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\36_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\3_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\4_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\5_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\6_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\7_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\8_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\dealervoices
umbers\9_male1.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchman 
C:\Poker\Poker 770\data\shared\sounds\playersounds\mafiaguy 
C:\Poker\Poker 770\data\shared\sounds\playersounds\olderbusinesswoman 
C:\Poker\Poker 770\data\shared\sounds\playersounds\oldtourist 
C:\Poker\Poker 770\data\shared\sounds\playersounds\valleygirl 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballer\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\baseballereraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdude\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdudeaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\blackdudeeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bond\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bondaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\bonderaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\allin.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\bet.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\call.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\check.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboy\fold.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboyaise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\cowboyeraise.mp3 
C:\Poker\Poker 770\data\shared\sounds\playersounds\frenchgirl\allin.mp3 
C:\Poker\Poker 770\data\s

Destrio5 · Answer

--> Désinstalle Ad-Remover.

--> Refais un scan RSIT et poste le rapport log.

biloute · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mélissa at 2009-06-13 19:11:22
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (36%) free of 20 GB
Total RAM: 383 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:55, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Mélissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224322438772&h=b7a1afa4ee94a7f089909f6a12580e6e/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

biloute · Answer

-
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mélissa at 2009-06-13 19:11:22
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (36%) free of 20 GB
Total RAM: 383 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:55, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Mélissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224322438772&h=b7a1afa4ee94a7f089909f6a12580e6e/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

biloute · Answer

c'est terminé?
ou tu n'est pas encore revenu pour la suite?
en tout cas je te remercie pour tout l'aide que tu ma fourni et de m'avoir aidé pas a pas.
je voulais aussi te demandé, ma question sera peut etre stupide desolé si c'est le cas mais je ne mis connai pas trop en informatique. un ami ma conseillé de formater le pc je crois, comme je te l'ai expliqué je viens de recupere ce pc a des amis, pense tu que je dois le formater pour commencer sur de nouvelle base?
je vois qu'ils utilisaient avast comme antivirus est-il performant?
m'en conseille tu un autre?
suffirais t'il ou devrais je ajouter des anti spam ou anti spyware comme je crois avoir lu quelques part?
et enfin les quels me conseillerais tu?

encore merci pour ton aide.

biloute · Answer

tu ne veut plus me repondre destrio5?

Destrio5 · Answer

Tu peux reformater pour repartir sur une bonne base.

Comme antivirus gratuit, je te conseille AntiVir.

biloute · Answer

ben merci beaucoup pour tout cela et pour des anti spyware tout ca tu crois que je dois en mettre?
en ce qui concerne Malwarebytes' Anti-Malware je peut continuer a l'utilisé sansd risque c'est un bon programme?
voila je te laisse tranquille et encore merci pour tout

Destrio5 · Answer

La version 9 d'AntiVir Personal intègre apparemment un anti-spyware. 

Pour Malwarebytes' Anti-Malware, tu peux l'utiliser sans risque. La version gratuite n'a pas de scan résident mais tu peux l'utiliser pour faire des scans de temps en temps.

Tu comptes formater ou on continue à désinfecter ?

biloute · Answer

on continue

Destrio5 · Answer

--> Désinstalle Avast.

--> Installe Antivir et mets-le à jour.

--> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

--> Dans Antivir, choisis Outils puis Configuration.

--> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

--> Fais un scan complet et poste le rapport.

Tutoriel sur Antivir

biloute · Answer

quand je l'installe je laisse tous par default, ou je dois tous cocher pour ce que l'antivirus controle?

biloute · Answer

quand je l'installe je laisse tous par default, ou je dois tous cocher pour ce que l'antivirus controle?

Destrio5 · Answer

Laisse par défaut à part pour le scan rapide.

biloute · Answer

le programme me dit "lors de la recherche des virus ou programmes indesirables ont été trouvé" je dois faire tout reparer?
et apres je pourrais voir le rapport?

biloute · Answer

j'ai fait tout reparé j'espere que ce n'est pas grave.
voila le rapport:

Avira AntiVir Personal
Date de création du fichier de rapport : lundi 15 juin 2009  17:01

La recherche porte sur 1466313 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série         : 0000149996-ADJIE-0000001
Plateforme              : Windows XP
Version de Windows      : (Service Pack 2)  [5.1.2600]
Mode Boot               : Démarré normalement
Identifiant             : SYSTEM
Nom de l'ordinateur     : BARBANO-AUD-MEL

Informations de version :
BUILD.DAT               : 9.0.0.65      17959 Bytes  22/04/2009 12:06:00
AVSCAN.EXE              : 9.0.3.6      466689 Bytes  21/04/2009 12:20:54
AVSCAN.DLL              : 9.0.3.0       49409 Bytes  03/03/2009 09:21:02
LUKE.DLL                : 9.0.3.2      209665 Bytes  20/02/2009 10:35:11
LUKERES.DLL             : 9.0.2.0       13569 Bytes  03/03/2009 09:21:31
ANTIVIR0.VDF            : 7.1.0.0    15603712 Bytes  27/10/2008 11:30:36
ANTIVIR1.VDF            : 7.1.2.12    3336192 Bytes  11/02/2009 19:33:26
ANTIVIR2.VDF            : 7.1.4.87    2982912 Bytes  12/06/2009 14:57:58
ANTIVIR3.VDF            : 7.1.4.94      38400 Bytes  15/06/2009 14:57:58
Version du moteur       : 8.2.0.187
AEVDF.DLL               : 8.1.1.1      106868 Bytes  15/06/2009 14:58:09
AESCRIPT.DLL            : 8.1.2.6      409978 Bytes  15/06/2009 14:58:08
AESCN.DLL               : 8.1.2.3      127347 Bytes  15/06/2009 14:58:07
AERDL.DLL               : 8.1.1.3      438645 Bytes  29/10/2008 17:24:41
AEPACK.DLL              : 8.1.3.18     401783 Bytes  15/06/2009 14:58:06
AEOFFICE.DLL            : 8.1.0.36     196987 Bytes  26/02/2009 19:01:56
AEHEUR.DLL              : 8.1.0.131   1786232 Bytes  15/06/2009 14:58:05
AEHELP.DLL              : 8.1.3.6      205174 Bytes  15/06/2009 14:58:00
AEGEN.DLL               : 8.1.1.45     348532 Bytes  15/06/2009 14:57:59
AEEMU.DLL               : 8.1.0.9      393588 Bytes  09/10/2008 13:32:40
AECORE.DLL              : 8.1.6.12     180599 Bytes  15/06/2009 14:57:58
AEBB.DLL                : 8.1.0.3       53618 Bytes  09/10/2008 13:32:40
AVWINLL.DLL             : 9.0.0.3       18177 Bytes  12/12/2008 07:47:30
AVPREF.DLL              : 9.0.0.1       43777 Bytes  03/12/2008 10:39:26
AVREP.DLL               : 8.0.0.3      155905 Bytes  20/01/2009 13:34:28
AVREG.DLL               : 9.0.0.0       36609 Bytes  07/11/2008 14:24:42
AVARKT.DLL              : 9.0.0.3      292609 Bytes  24/03/2009 14:05:22
AVEVTLOG.DLL            : 9.0.0.7      167169 Bytes  30/01/2009 09:36:37
SQLITE3.DLL             : 3.6.1.0      326401 Bytes  28/01/2009 14:03:49
SMTPLIB.DLL             : 9.2.0.25      28417 Bytes  02/02/2009 07:20:57
NETNT.DLL               : 9.0.0.0       11521 Bytes  07/11/2008 14:40:59
RCIMAGE.DLL             : 9.0.0.21    2438401 Bytes  17/02/2009 12:49:32
RCTEXT.DLL              : 9.0.37.0      88321 Bytes  15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, 
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : lundi 15 juin 2009  17:01

La recherche d'objets cachés commence.
'73854' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLLoginProxy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rambxpfr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SuperCopier2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'28' processus ont été contrôlés avec '28' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '50' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <JACQUES>
C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE]  Ce fichier est un fichier système Windows.
    [REMARQUE]  Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:
tyqciwl.exe
    [RESULTAT]  Contient le cheval de Troie TR/Spy.Gen
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE]  Ce fichier est un fichier système Windows.
    [REMARQUE]  Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner.zip
    [RESULTAT]  Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SyswebTelecom.zip
    [RESULTAT]  Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\Jacques Barbano\Local Settings\Temp\T$app2.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Jacques Barbano\Local Settings\Temp\T$app4.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Jacques Barbano\Local Settings\Temp\T$app5.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Jacques Barbano\Local Settings\Temp\T$app7.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Jacques Barbano\Local Settings\Temporary Internet Files\Content.IE5\ODY30DEV\fdjeux[1].cab
  [0] Type d'archive: CAB (Microsoft)
    --> fdjeux\access\applet\AP_Applet.class
      [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Manuel\Local Settings\Temp\T$app12.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Manuel\Local Settings\Temp\T$app4.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Manuel\Local Settings\Temp\T$app5.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Manuel\Local Settings\Temp\T$app6.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Manuel\Local Settings\Temp\T$app7.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> EGDACCESS.inf
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Mélissa\Local Settings\Temp\T$app4.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> Flash8.ocx
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Mélissa\Local Settings\Temp\T$app6.$tm
  [0] Type d'archive: MIME
    --> file0.txt
      [1] Type d'archive: CAB (Microsoft)
      --> Flash8.ocx
        [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Mélissa\Local Settings\Temporary Internet Files\Content.IE5\0X6FKPEN\LegitCheckControl[1].cab
  [0] Type d'archive: CAB (Microsoft)
    --> LegitCheckControl.inf
      [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Mélissa\Local Settings\Temporary Internet Files\Content.IE5\X3JB5XOE\3001-2204_4-10432298[1].htm
    [RESULTAT]  Contient le modèle de détection du virus de script HTML HTML/Infected.WebPage.Gen
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EVERES~1\cstart-tmp.exe.vir
    [RESULTAT]  Contient le modèle de détection du ver WORM/SdBot.146432.4
C:\Program Files\Navilog1\Backupnavi\gsgaiiu.exe
    [RESULTAT]  Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen
C:\Program Files\WindowsUpdate\buckets.cab.0000.aut
  [0] Type d'archive: CAB (Microsoft)
    --> 10028.bkf
      [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP468\A0165766.exe
    [RESULTAT]  Contient le cheval de Troie TR/FakePavrem.A.1
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP470\A0165811.exe
    [RESULTAT]  Contient le cheval de Troie TR/FakePavrem.A.1
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167044.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167046.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167047.dll
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167048.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167049.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167050.exe
    [RESULTAT]  Contient le cheval de Troie TR/Spy.Agent.sca
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167051.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167052.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167053.dll
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167054.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167055.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167056.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167112.exe
    [RESULTAT]  Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167190.exe
    [RESULTAT]  Contient le modèle de détection du ver WORM/SdBot.146432.4
C:\WINDOWS\SYSTEM32\gra.exe
    [RESULTAT]  Contient le cheval de Troie TR/Dldr.FraudLoad.eoz.2
C:\WINDOWS\SYSTEM32n.tmp
    [RESULTAT]  Contient le cheval de Troie TR/Agent.xcw
C:\WINDOWS\SYSTEM32\windupdates.exe
    [RESULTAT]  Contient le cheval de Troie TR/Dldr.FraudLoad.eoz.2
C:\WINDOWS\SYSTEM32\DRIVERS\59d999a6.sys
    [RESULTAT]  Contient le modèle de détection du programme backdoor (dangereux) BDS/NewRest.Z.73

Début de la désinfection :
C:
tyqciwl.exe
    [RESULTAT]  Contient le cheval de Troie TR/Spy.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aaf7ee7.qua' !
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner.zip
    [RESULTAT]  Contient le code suspect GEN/PwdZIP
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a9f7ee5.qua' !
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SyswebTelecom.zip
    [RESULTAT]  Contient le code suspect GEN/PwdZIP
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aa97eed.qua' !
C:\Documents and Settings\Mélissa\Local Settings\Temporary Internet Files\Content.IE5\X3JB5XOE\3001-2204_4-10432298[1].htm
    [RESULTAT]  Contient le modèle de détection du virus de script HTML HTML/Infected.WebPage.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a667ea4.qua' !
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EVERES~1\cstart-tmp.exe.vir
    [RESULTAT]  Contient le modèle de détection du ver WORM/SdBot.146432.4
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aaa7ee8.qua' !
C:\Program Files\Navilog1\Backupnavi\gsgaiiu.exe
    [RESULTAT]  Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a9d7ee8.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP468\A0165766.exe
    [RESULTAT]  Contient le cheval de Troie TR/FakePavrem.A.1
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a677ea5.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP470\A0165811.exe
    [RESULTAT]  Contient le cheval de Troie TR/FakePavrem.A.1
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a677ea6.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167044.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a677ea7.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167046.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be534d8.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167047.dll
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49750040.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167048.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4972e8e8.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167049.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be63c00.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167050.exe
    [RESULTAT]  Contient le cheval de Troie TR/Spy.Agent.sca
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4973f0d0.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167051.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b1a5d20.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167052.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4971e0a0.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167053.dll
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4970db78.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167054.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497fd330.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167055.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497ecbc8.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167056.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497dc380.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167112.exe
    [RESULTAT]  Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '497cba58.qua' !
C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP473\A0167190.exe
    [RESULTAT]  Contient le modèle de détection du ver WORM/SdBot.146432.4
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a677ea8.qua' !
C:\WINDOWS\SYSTEM32\gra.exe
    [RESULTAT]  Contient le cheval de Troie TR/Dldr.FraudLoad.eoz.2
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a977eea.qua' !
C:\WINDOWS\SYSTEM32n.tmp
    [RESULTAT]  Contient le cheval de Troie TR/Agent.xcw
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a647ee6.qua' !
C:\WINDOWS\SYSTEM32\windupdates.exe
    [RESULTAT]  Contient le cheval de Troie TR/Dldr.FraudLoad.eoz.2
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aa47ee1.qua' !
C:\WINDOWS\SYSTEM32\DRIVERS\59d999a6.sys
    [RESULTAT]  Contient le modèle de détection du programme backdoor (dangereux) BDS/NewRest.Z.73
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a9a7eb1.qua' !


Fin de la recherche : lundi 15 juin 2009  19:01
Temps nécessaire:  1:43:39 Heure(s)

La recherche a été effectuée intégralement

   6881 Les répertoires ont été contrôlés
 197178 Des fichiers ont été contrôlés
     24 Des virus ou programmes indésirables ont été trouvés
      2 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
     26 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      2 Impossible de contrôler des fichiers
 197150 Fichiers non infectés
   4554 Les archives ont été contrôlées
     29 Avertissements
     28 Consignes
  73854 Des objets ont été contrôlés lors du Rootkitscan
      0 Des objets cachés ont été trouvés

biloute · Answer

c'est tout?

Destrio5 · Answer

Le PC va mieux ?

--> Refais un scan RSIT et poste le rapport log.

biloute · Answer

oui le pc va mieux plus de nouvelle de advanced virus remover ce qui est une tres bonne chose


Logfile of random's system information tool 1.06 (written by random/random)
Run by Mélissa at 2009-06-16 20:41:56
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 383 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:21, on 16/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RamBoost XPambxpfr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Mélissa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XPambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224322438772&h=b7a1afa4ee94a7f089909f6a12580e6e/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Destrio5 · Answer

--> Télécharge SystemLook sur ton Bureau.
--> Double-clique sur SystemLook.exe pour le lancer.
--> Copie-colle le texte qui se trouve entre les deux espaces ci-dessous dans la zone texte de SystemLook :




:dir
C:\WINDOWS\system32\R1       




--> Clique sur le bouton Look pour démarrer l'examen.
--> A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
Note : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt

biloute · Answer

ca fait 6 fois depuis cette apres midi que antivir me trouve un virus mais il ne me laisse pas le temps de cliquer pour decidé de ce que l'on en fait.

"Dans le fichier 'C:\System Volume Information\_restore{E78CE38B-5A20-48F1-9A2A-E3F0581DF3AE}\RP476\A0167451.exe'
un virus ou un programme indésirable 'TR/Spy.Gen' [trojan] a été détecté.
Action exécutée : Refuser l'accès"

je vais installé systeme look

biloute · Answer

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 23:19 on 16/06/2009 by Mélissa (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\system32\R1 - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-

Destrio5 · Answer

--> Fais analyser ce fichier : C:\WINDOWS\system32\vbzip10.dll 

--> Sur VirusTotal et poste le lien de l'analyse.

biloute · Answer

Antivirus Version Dernière mise à jour Résultat 
a-squared 4.5.0.18 2009.06.15 - 
AhnLab-V3 5.0.0.2 2009.06.15 - 
AntiVir 7.9.0.187 2009.06.15 - 
Antiy-AVL 2.0.3.1 2009.06.15 - 
Authentium 5.1.2.4 2009.06.14 - 
Avast 4.8.1335.0 2009.06.14 - 
AVG 8.5.0.339 2009.06.15 - 
BitDefender 7.2 2009.06.15 - 
CAT-QuickHeal 10.00 2009.06.15 - 
ClamAV 0.94.1 2009.06.15 - 
Comodo 1335 2009.06.15 - 
DrWeb 5.0.0.12182 2009.06.15 - 
eSafe 7.0.17.0 2009.06.11 - 
eTrust-Vet 31.6.6556 2009.06.12 - 
F-Prot 4.4.4.56 2009.06.14 - 
F-Secure 8.0.14470.0 2009.06.15 - 
Fortinet 3.117.0.0 2009.06.15 - 
GData 19 2009.06.15 - 
Ikarus T3.1.1.59.0 2009.06.15 - 
K7AntiVirus 7.10.762 2009.06.12 - 
Kaspersky 7.0.0.125 2009.06.15 - 
McAfee 5646 2009.06.14 - 
McAfee+Artemis 5646 2009.06.14 - 
McAfee-GW-Edition 6.7.6 2009.06.15 - 
Microsoft 1.4701 2009.06.15 - 
NOD32 4154 2009.06.15 - 
Norman 6.01.09 2009.06.12 - 
nProtect 2009.1.8.0 2009.06.15 - 
Panda 10.0.0.14 2009.06.14 - 
PCTools 4.4.2.0 2009.06.12 - 
Prevx 3.0 2009.06.15 - 
Rising 21.34.03.00 2009.06.15 - 
Sophos 4.42.0 2009.06.15 - 
Sunbelt 3.2.1858.2 2009.06.14 - 
Symantec 1.4.4.12 2009.06.15 - 
TheHacker 6.3.4.3.345 2009.06.13 - 
TrendMicro 8.950.0.1092 2009.06.15 - 
VBA32 3.12.10.7 2009.06.14 - 
ViRobot 2009.6.15.1787 2009.06.15 - 
Information additionnelle 
File size: 147456 bytes 
MD5   : 5b25690cc2e55a6d4bc965068a7ba1ef 
SHA1  : 58a5f2613df475b69e60b691215d5c60462cedb3 
SHA256: cbe2e53f8602fe9b24583f366edf0f29f888efaef6ca9c03ed7c89b2c2bce263 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xF08D
timedatestamp.....: 0x385000D4 (Thu Dec 9 20:19:48 1999)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17BC6 0x18000 6.73 527ccf320593249f45c2f7acfcb48c6e
.rdata 0x19000 0x1DB9 0x2000 5.77 779fea4b52ea6bf50843d0bdc9029fa1
.data 0x1B000 0x51F44 0x5000 2.95 fe1d6117848b8fca559641c84752fd27
.rsrc 0x6D000 0x300 0x1000 0.80 3f101170a01589dbd4e3decd120a1513
.reloc 0x6E000 0x21F0 0x3000 4.86 8d866947d15fb9fac5b2e3e0cb16cd75

( 3 imports )

> advapi32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, GetSecurityDescriptorLength, GetKernelObjectSecurity, OpenProcessToken
> kernel32.dll: GetDriveTypeA, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseMutex, WaitForSingleObject, CloseHandle, InterlockedExchange, CreateMutexA, HeapFree, HeapAlloc, GetProcessHeap, GetLastError, CreateFileA, GetVolumeInformationA, lstrcmpiA, FindClose, FindFirstFileA, GetVersion, GetFileType, GetFileTime, GetFullPathNameA, FileTimeToSystemTime, FileTimeToLocalFileTime, FindNextFileA, GlobalLock, GlobalAlloc, GlobalFree, GlobalUnlock, lstrcpynA, lstrcpyA, lstrcatA, GetFileAttributesA, GetCurrentProcess, GetStringTypeA, ReadFile, MultiByteToWideChar, GetTimeZoneInformation, GetSystemTime, GetLocalTime, MoveFileA, SetStdHandle, HeapReAlloc, Sleep, GetCommandLineA, SetHandleCount, GetStdHandle, GetStartupInfoA, DeleteCriticalSection, ExitProcess, TerminateProcess, lstrlenA, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, RtlUnwind, WideCharToMultiByte, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, WriteFile, PeekNamedPipe, RemoveDirectoryA, GetStringTypeW, SetFilePointer, FlushFileBuffers, GetCPInfo, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, SetEndOfFile, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, CompareStringA, CompareStringW, GetACP, GetOEMCP, SetEnvironmentVariableA, InterlockedDecrement, InterlockedIncrement, GetProcAddress, LoadLibraryA, LCMapStringA, LCMapStringW, GetLocaleInfoW, GetCurrentDirectoryA, SetCurrentDirectoryA, DeleteFileA, SetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, GetFileInformationByHandle
> user32.dll: wvsprintfA

( 1 exports )

> ZpArchive, ZpGetOptions, ZpInit, ZpSetOptions, ZpVersion 
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
ThreatExpert: https://www.symantec.com?md5=5b25690cc2e55a6d4bc965068a7ba1ef 
ssdeep: 3072:Hrp6swgjFDzLfu/m7UtaEC+3axH2R94ymG8ZRoLrOMjo:HV/f37Uta/ua8cTs 
PEiD  : Armadillo v1.xx - v2.xx 
CWSandbox: http://research.sunbelt-software.com/... 
RDS   : NSRL Reference Data Set

( Next Step Publishing )

Network Tools: zip32.dll

Destrio5 · Answer

Pour les alertes d'AntiVir, c'est normal, ce sont des points de restauration infectés. On s'en occupera bientôt (à la fin).

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

---> Télécharge OTM (OldTimer) sur ton Bureau.

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:services
rwia3
mchInjDrv

:files 
C:\Program Files\AdvancedVirusRemover
C:\Program Files\ErrorSafe Free
C:\WINDOWS\system32\vbzip10.dll  
C:\WINDOWS\system32\R1 

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]   
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Virus Remover]   
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe Free]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree]    

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

biloute · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver rwia3 stopped successfully.
Service\Driver rwia3 deleted successfully.
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\AdvancedVirusRemover not found.
File/Folder C:\Program Files\ErrorSafe Free not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbzip10.dll NOT unregistered.
C:\WINDOWS\system32\vbzip10.dll moved successfully.
C:\WINDOWS\system32\R1 moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Virus Remover\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe Free\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MLISSA~1.BAR\LOCALS~1\Temp\Perflib_Perfdata_704.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\ZICYIMJO\gamesaf929f81[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\ZICYIMJO\gamesd0d29f7e[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\Z0SP4T4T\affich-12849714-au-secours-aidez-moi-advanced-virus-remover[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\N99FV5F6\lightbox.3.9.2-rc1[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\L1E09WJ9\musique2[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\L1E09WJ9\musique[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\GN3A1G5I\ads.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\GN3A1G5I\ads[11].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\EZHIO6OB\gamesaed29f7e[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
 
OTM by OldTimer - Version 2.1.0.1 log created on 06172009_121446

Files moved on Reboot...
File C:\DOCUME~1\MLISSA~1.BAR\LOCALS~1\Temp\Perflib_Perfdata_704.dat not found!
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\ZICYIMJO\gamesaf929f81[1].htm moved successfully.
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\ZICYIMJO\gamesd0d29f7e[1].htm moved successfully.
File C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\Z0SP4T4T\affich-12849714-au-secours-aidez-moi-advanced-virus-remover[1].htm not found!
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\N99FV5F6\lightbox.3.9.2-rc1[1].htm moved successfully.
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\L1E09WJ9\musique2[1].htm moved successfully.
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\L1E09WJ9\musique[1].htm moved successfully.
File C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\GN3A1G5I\ads.htm not found!
File C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\GN3A1G5I\ads[11].htm not found!
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\Content.IE5\EZHIO6OB\gamesaed29f7e[1].htm moved successfully.
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...

Destrio5 · Answer

1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Supprimer les popups d'Antivir : Lien

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


Sois plus vigilant(e) sur Internet ;)

biloute · Answer

[ Rapport ToolsCleaner version 2.3.6 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Recent\UsbFix.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\OTM.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\Mélissa.BARBANO-AUD-MEL\Recent\UsbFix.lnk: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Ad-remover: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

Destrio5 · Answer

Tu peux supprimer ToolsCleaner.

biloute · Answer

en ce qui concerne les points de restauration infectés que mon antivirus trouvait environ toute les heures, c'est reglé?
je peut supprimer systemelook?
ccleaner slim qu'a t'il de moins que la version basique?
puis je utiliser le nettoyeur et reparer les erreurs de registre sans risque? je n'ai rien a decoché ou a cocher en +?

je te remercie vraiment pour toute l'aide que tu ma fourni je n'aurais jamais reussie a m'en debarrasser.
merci pour tout
big up pour Destrio5

Destrio5 · Answer

"En ce qui concerne les points de restauration infectés que mon antivirus trouvait environ toute les heures, c'est reglé?"
--> Si tu as désactivé/réactivé la restauration système, oui.

"je peut supprimer systemelook?"
--> Oui.

"ccleaner slim qu'a t'il de moins que la version basique?"
--> La toolbar Yahoo.

"puis je utiliser le nettoyeur et reparer les erreurs de registre sans risque?"
--> Pour les erreurs de registre, sauvegarde bien la base de registre comme demandé.

"je n'ai rien a decoché ou a cocher en +?"
--> Je ne crois pas.

biloute · Answer

eh bien encore merci pour toute l'aide que tu ma fourni et toute les information que tu ma apporté
a bientot Destrio5

Au secours aidez moi (advanced virus remover)

57 réponses

Discussions similaires

Newsletters