Sujet Précédent Sujet Suivant

Infection des ports USB ?

Zephir45 Messages postés 20 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Depuis 2-3 jours je n'arrive plus à utiliser tout disque de stockage (Ipod, Clé USB) sur mon ordinateur (windows XP). Lorsque je veux ouvrir un disque du genre, windows m'indique que je dois formater le disque, et m'empêche d'y accéder, chose "inédite".
Le problème, c'est qu'il n'arrive pas non plus à formater. En effet la barre se remplit mais le formatage bug à la fin. J'ai essayé de le faire en passant par le gestionnaire des disques, mais cela échoue aussi à 100% : "l'assistant ne s'est pas fermé correctement".

J'ai cherché assez longuement des cas de ce genre sur le net, mais soit le problème est légèrement différent, soit il reste sans réponse. J'ai néanmoins trouvé un cas similaire à qui on avait demandé de faire un rapport avec usbfix.

Voilà ce que donne le mien :

############################## | UsbFix 7.058 | [Recherche]

Utilisateur: Proprietaire (Administrateur) # INTEL [ ]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 18:30:49 | 21/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
CPU 2: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: Anti-virus firewall 9.10 9.10 [Enabled | Updated]
Firewall: Anti-virus firewall 9.10 9.10 [Enabled]
RAM -> 2047 Mo
C:\ (%systemdrive%) -> Disque fixe # 298 Go (178 Go libre(s) - 60%) [Boot] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 298 Go (267 Go libre(s) - 90%) [Data] # NTFS
F:\ -> CD-ROM

################## | Éléments infectieux |

Présent! D:\ShippingPC-BmGame.exe
Présent! C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\setup.exe
Présent! C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\WinampPluginSetup_2.1.0.9.exe
Présent! C:\RECYCLER\S-1-5-21-220523388-1060284298-839522115-1004
Présent! D:\autorun.inf
Présent! D:\autorun.exe
Présent! E:\RECYCLER\S-1-5-21-220523388-1060284298-839522115-1004

################## | Registre |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{d77bec3b-94f1-11df-bcdc-806d6172696f}
Shell\AutoRun\Command = D:\autorun.exe

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

################## | E.O.F |

Voilà, n'y connaissant pas grand chose en informatique je m'en remets à vous ;(
Merci.

A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
désolé je viens de voir ta réponse

C'est toi qui a planifié un arrêt automatique ton pc ?

~~

▶ Télécharge Reload_TDSSKiller

▶ Lance le

choisis : lancer le nettoyage

l'outil va automatiquement télécharger la derniere version puis

TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image

Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

▶ Copie/Colle son contenu dans ta prochaine réponse.

~~

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt

~~

▶ Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
▶ Effectue la mise à jour et lance Malwarebytes' Anti-Malware

▶ ▶ Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le

▶ Clique dans l'onglet du haut "Recherche"
▶ Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
▶ Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

▶ Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

▶ Clique sur OK puis "Afficher les résultats"
▶ Choisis l'option "Supprimer la sélection"
▶ Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
▶ Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
▶ Sinon le rapport s'ouvre automatiquement après la suppression

Quelque soit le résultat, copie/colle le rapport dans le prochain message

A bientôt.
1
Réponse 2 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Bonjour,

Relance USBFix et clique sur Suppression
Poste le rapport.

~~

Nous allons effectuer un diagnostic de ton PC:
Télécharge ZHPDiag

▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et "Exécuter ZHPDiag"

▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)

▶ Une fois le scan aux 100%, ferme ZHPDiag. Héberge le rapport ZHPDiag.txt présent sur ton bureau :

Voici comment procéder

▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.

A bientôt.
0
Réponse 3 / 22
Zephir45 Messages postés 20 Statut Membre
 
Merci pour ta réponse et tes explications juju ;

Tout d'abord, le rapport USB Fix.

############################## | UsbFix 7.058 | [Suppression]

Utilisateur: Proprietaire (Administrateur) # INTEL [ ]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 20:39:02 | 21/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
CPU 2: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: Anti-virus firewall 9.10 9.10 [(!) Disabled | Updated]
Firewall: Anti-virus firewall 9.10 9.10 [(!) Disabled]
RAM -> 2047 Mo
C:\ (%systemdrive%) -> Disque fixe # 298 Go (176 Go libre(s) - 59%) [Boot] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 298 Go (270 Go libre(s) - 90%) [Data] # NTFS
F:\ -> CD-ROM

################## | Éléments infectieux |

Non supprimé ! D:\ShippingPC-BmGame.exe
Supprimé! C:\Recycler\S-1-5-21-220523388-1060284298-839522115-1004
Supprimé! E:\Recycler\S-1-5-21-220523388-1060284298-839522115-1004
Non supprimé ! D:\autorun.inf
Non supprimé ! D:\autorun.exe

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[21/07/2010 - 18:30:52 | N | 0] C:\AUTOEXEC.BAT
[21/09/2011 - 20:02:17 | RASHD ] C:\Autorun.inf
[21/07/2010 - 18:27:00 | N | 216] C:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin
[17/09/2011 - 17:08:16 | D ] C:\Config.Msi
[21/07/2010 - 18:30:52 | N | 0] C:\CONFIG.SYS
[02/07/2011 - 21:20:08 | D ] C:\Documents and Settings
[21/09/2011 - 16:09:58 | D ] C:\DriveKey
[21/07/2010 - 18:30:52 | N | 0] C:\IO.SYS
[06/05/2010 - 20:11:26 | N | 97] C:\LUO.bat
[23/07/2010 - 20:51:49 | D ] C:\Mon Pc
[21/07/2010 - 18:30:52 | N | 0] C:\MSDOS.SYS
[02/03/2006 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[21/07/2010 - 19:20:40 | N | 252240] C:\ntldr
[22/07/2010 - 18:19:48 | D ] C:\NVIDIA
[21/09/2011 - 12:18:22 | ASH | 2145386496] C:\pagefile.sys
[21/09/2011 - 20:30:37 | N | 512] C:\PhysicalDisk0_MBR.bin
[21/09/2011 - 20:26:36 | D ] C:\Program Files
[21/09/2011 - 20:41:47 | SHD ] C:\RECYCLER
[22/07/2010 - 18:25:09 | D ] C:\S
[29/08/2010 - 06:21:19 | D ] C:\save
[21/07/2010 - 18:36:50 | SHD ] C:\System Volume Information
[21/09/2011 - 20:41:47 | D ] C:\UsbFix
[21/09/2011 - 20:41:47 | A | 1221] C:\UsbFix.txt
[07/05/2011 - 22:06:12 | N | 1697] C:\WarRock.ini
[17/09/2011 - 17:15:32 | D ] C:\WINDOWS
[21/09/2011 - 20:30:39 | D ] C:\ZHP
[23/05/2009 - 23:35:01 | R | 4903208] D:\AMD_DCOptSetup.exe
[25/06/2009 - 15:12:52 | R | 1312008] D:\autorun.exe
[23/05/2009 - 23:12:16 | R | 47] D:\autorun.inf
[13/07/2009 - 09:54:46 | R | 65505792] D:\BmGame.u
[06/07/2009 - 17:39:18 | R | 3155256] D:\BmGDFBinary.dll
[09/08/2009 - 21:47:59 | R | 8574216] D:\BmLauncher.exe
[19/06/2009 - 00:17:50 | R | 6331536] D:\BmStartApp.exe
[15/06/2009 - 02:26:25 | R | 111880] D:\BmSysCheckDll.dll
[13/07/2009 - 09:54:23 | R | 49664] D:\Core.u
[06/07/2009 - 17:53:38 | R | 2140119040] D:\data2.cab
[06/07/2009 - 18:03:11 | R | 2147483648] D:\data3.cab
[06/07/2009 - 18:11:59 | R | 2147483648] D:\data4.cab
[06/07/2009 - 18:14:46 | R | 1439913734] D:\data5.cab
[27/07/2009 - 10:58:33 | RD ] D:\DEU
[23/05/2009 - 23:35:04 | R | 90435952] D:\directx_nov2008_redist.exe
[13/07/2009 - 09:54:19 | R | 1831424] D:\Engine.u
[27/07/2009 - 10:58:46 | RD ] D:\ESN
[13/07/2009 - 20:10:21 | R | 109549] D:\EULA.rtf
[13/07/2009 - 20:10:27 | R | 128875] D:\EULA_DEU.rtf
[13/07/2009 - 20:08:17 | R | 117379] D:\EULA_ESN.rtf
[13/07/2009 - 20:08:34 | R | 128094] D:\EULA_FRA.rtf
[13/07/2009 - 19:56:18 | R | 121035] D:\EULA_ITA.rtf
[23/05/2009 - 23:35:49 | R | 54280] D:\FirewallInstallHelper.dll
[27/07/2009 - 10:58:47 | RD ] D:\FRA
[23/05/2009 - 23:35:50 | R | 96776] D:\GameuxInstallHelper.dll
[31/07/2009 - 11:32:31 | R | 273649424] D:\gfwlivesetup.exe
[27/07/2009 - 10:59:11 | RD ] D:\INT
[27/07/2009 - 10:59:12 | RD ] D:\ITA
[27/07/2009 - 10:36:52 | R | 41212696] D:\PhysX_9.04.28_9.09.0428_SystemSoftware.exe
[07/08/2009 - 11:01:55 | RD ] D:\PhysXMaps
[11/08/2009 - 13:40:52 | R | 118574] D:\readme.rtf
[11/08/2009 - 13:42:09 | R | 255147] D:\readme_DEU.rtf
[11/08/2009 - 13:42:57 | R | 219529] D:\readme_ESN.rtf
[11/08/2009 - 13:43:39 | R | 240087] D:\readme_FRA.rtf
[11/08/2009 - 13:44:36 | R | 313527] D:\readme_ITA.rtf
[06/07/2009 - 13:45:51 | R | 40404232] D:\ShippingPC-BmGame.exe
[21/07/2009 - 11:45:04 | R | 244289] D:\ShippingPC-BmGame.exe.cat
[14/07/2009 - 10:32:11 | R | 391] D:\ShippingPC-BmGame.exe.cfg
[11/08/2009 - 13:45:48 | RD ] D:\Support
[13/07/2009 - 09:54:29 | R | 512] D:\UnrealX.u
[23/05/2009 - 23:35:17 | R | 2686232] D:\vcredist_x86.exe
[16/08/2011 - 17:01:55 | D ] E:\15598bb434c48b7d4ac336f53e0c
[07/11/2010 - 21:20:48 | N | 1440054] E:\1er mmq.bmp
[05/12/2009 - 03:03:25 | N | 4636] E:\2ae605570959a6b8c746fb34fd3dd082.jpg
[03/09/2004 - 18:48:48 | N | 0] E:\AUTOEXEC.BAT
[21/09/2011 - 20:02:17 | RASHD ] E:\Autorun.inf
[05/12/2009 - 01:53:56 | N | 38678] E:\avatar kira.png
[22/07/2010 - 18:24:28 | D ] E:\CD-CHAMP
[22/07/2010 - 18:24:35 | D ] E:\Claude SOUM
[10/03/2008 - 22:21:11 | N | 1027] E:\colorbox.log
[03/09/2004 - 18:48:48 | N | 0] E:\CONFIG.SYS
[27/09/2009 - 17:19:05 | N | 1440054] E:\Dm_maths_1.bmp
[23/01/2011 - 03:48:50 | AD ] E:\Documents and Settings
[05/12/2009 - 03:00:19 | N | 43078] E:\electhor.bmp
[05/12/2009 - 02:53:43 | N | 16359] E:\electhor.png
[22/07/2010 - 18:44:42 | D ] E:\emme
[08/06/2010 - 18:44:42 | N | 28238] E:\fouinette.png
[22/07/2010 - 18:44:42 | D ] E:\GEN5
[19/09/2011 - 12:40:09 | D ] E:\GESSY
[09/05/2011 - 23:25:41 | D ] E:\Johann
[19/12/2008 - 22:40:15 | N | 0] E:\log_lobby.txt
[19/12/2008 - 22:40:15 | N | 0] E:\log_lobby_dumper.txt
[22/07/2010 - 20:26:29 | D ] E:\NetBattle
[03/09/2010 - 00:41:15 | N | 228864] E:\P180810_05.12.jpg
[22/07/2010 - 20:26:29 | D ] E:\Plugins
[28/02/2011 - 23:28:49 | D ] E:\Program Files
[29/12/2009 - 17:45:08 | N | 1440054] E:\Précurseur.bmp
[24/07/2010 - 20:19:54 | N | 361] E:\Raccourci (2) vers Johann.lnk
[24/07/2010 - 05:43:27 | N | 361] E:\Raccourci vers Johann.lnk
[21/09/2011 - 20:41:47 | SHD ] E:\RECYCLER
[09/08/2010 - 18:41:28 | D ] E:\Save Carte mémoire R4
[23/07/2010 - 10:00:18 | D ] E:\ShoddyBattle
[21/07/2010 - 18:57:00 | SHD ] E:\System Volume Information
[20/05/2008 - 20:15:00 | N | 620544] E:\t1k8.i
[20/05/2008 - 20:15:00 | N | 927744] E:\t1k8.j
[20/05/2008 - 20:15:00 | N | 927744] E:\t1k8.k
[23/07/2010 - 09:24:55 | D ] E:\unzipped
[23/07/2010 - 09:33:13 | D ] E:\WINNT
[08/05/2009 - 17:47:16 | N | 104990] E:\wtge61fr.HST
[03/01/2010 - 06:35:21 | N | 5292054] E:\Zephir.bmp
[03/01/2010 - 06:47:56 | N | 5292054] E:\Zephir_actuel.bmp
[20/05/2010 - 18:22:52 | N | 3456054] E:\écran.bmp
[20/05/2010 - 18:27:02 | N | 121222] E:\écran.png

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par Panda USB Vaccine
E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | E.O.F |

-------------------------------------------

Quant au diagnostic ZHPDiag :

https://pjjoint.malekal.com/files.php?read=ZHPDiag_k13c116i12t6b9q5x6v12e11b7j14s11r7u14i12e6s5z7p6
0
Réponse 4 / 22
Zephir45 Messages postés 20 Statut Membre
 
Hum non, USBFix a en quelque sorte mobilisé l'ordi et l'a fait redémarrer ça doit être ça.

Rapport TDSSKiller (il a détecté "a malicious object" mais comme je l'ai pas vu dans la liste j'ai skip dans le doute) :

2011/09/22 20:42:03.0453 6000 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 20:42:03.0984 6000 ================================================================================
2011/09/22 20:42:03.0984 6000 SystemInfo:
2011/09/22 20:42:03.0984 6000
2011/09/22 20:42:03.0984 6000 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 20:42:03.0984 6000 Product type: Workstation
2011/09/22 20:42:03.0984 6000 ComputerName: INTEL
2011/09/22 20:42:03.0984 6000 UserName: Proprietaire
2011/09/22 20:42:03.0984 6000 Windows directory: C:\WINDOWS
2011/09/22 20:42:03.0984 6000 System windows directory: C:\WINDOWS
2011/09/22 20:42:03.0984 6000 Processor architecture: Intel x86
2011/09/22 20:42:03.0984 6000 Number of processors: 2
2011/09/22 20:42:03.0984 6000 Page size: 0x1000
2011/09/22 20:42:03.0984 6000 Boot type: Normal boot
2011/09/22 20:42:03.0984 6000 ================================================================================
2011/09/22 20:42:05.0140 6000 Initialize success
2011/09/22 20:42:19.0984 6072 ================================================================================
2011/09/22 20:42:19.0984 6072 Scan started
2011/09/22 20:42:19.0984 6072 Mode: Manual;
2011/09/22 20:42:19.0984 6072 ================================================================================
2011/09/22 20:42:21.0156 6072 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 20:42:21.0187 6072 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 20:42:21.0218 6072 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
2011/09/22 20:42:21.0375 6072 adiusbaw (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
2011/09/22 20:42:21.0531 6072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 20:42:21.0562 6072 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/22 20:42:21.0593 6072 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 20:42:21.0703 6072 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/22 20:42:21.0843 6072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 20:42:21.0859 6072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 20:42:21.0906 6072 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/09/22 20:42:21.0953 6072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 20:42:21.0984 6072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 20:42:22.0031 6072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 20:42:22.0062 6072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 20:42:22.0109 6072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 20:42:22.0156 6072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 20:42:22.0171 6072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 20:42:22.0281 6072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 20:42:22.0312 6072 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 20:42:22.0343 6072 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 20:42:22.0359 6072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 20:42:22.0406 6072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 20:42:22.0437 6072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 20:42:22.0484 6072 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/09/22 20:42:22.0609 6072 F-Secure Filter (38d33f9a2e4cbd75de70937cebef95cc) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys
2011/09/22 20:42:22.0656 6072 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys
2011/09/22 20:42:22.0703 6072 F-Secure HIPS (c6c0682a94f92664db550ec1c4207d62) C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys
2011/09/22 20:42:22.0718 6072 F-Secure Recognizer (1f6955931b193f14dff72dcb54fcd51d) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys
2011/09/22 20:42:22.0750 6072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 20:42:22.0781 6072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/22 20:42:22.0796 6072 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 20:42:22.0812 6072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/22 20:42:22.0843 6072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 20:42:22.0859 6072 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
2011/09/22 20:42:22.0875 6072 FSFW (b3872e46fa399f6a9a54e8fdeeeb4f1a) C:\WINDOWS\system32\drivers\fsdfw.sys
2011/09/22 20:42:22.0890 6072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 20:42:22.0906 6072 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 20:42:22.0921 6072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/22 20:42:22.0953 6072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 20:42:23.0015 6072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/22 20:42:23.0046 6072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 20:42:23.0093 6072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 20:42:23.0140 6072 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 20:42:23.0156 6072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 20:42:23.0281 6072 IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/22 20:42:23.0359 6072 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 20:42:23.0390 6072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 20:42:23.0406 6072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 20:42:23.0421 6072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 20:42:23.0453 6072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 20:42:23.0468 6072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 20:42:23.0484 6072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 20:42:23.0515 6072 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 20:42:23.0531 6072 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 20:42:23.0562 6072 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/22 20:42:23.0593 6072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 20:42:23.0625 6072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 20:42:23.0671 6072 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/09/22 20:42:23.0687 6072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 20:42:23.0718 6072 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 20:42:23.0750 6072 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/22 20:42:23.0828 6072 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 20:42:23.0843 6072 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 20:42:23.0859 6072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 20:42:23.0890 6072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 20:42:23.0906 6072 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 20:42:23.0937 6072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 20:42:24.0000 6072 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
2011/09/22 20:42:24.0156 6072 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
2011/09/22 20:42:24.0265 6072 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
2011/09/22 20:42:24.0406 6072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 20:42:24.0406 6072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 20:42:24.0437 6072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 20:42:24.0468 6072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 20:42:24.0484 6072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 20:42:24.0500 6072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 20:42:24.0515 6072 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 20:42:24.0546 6072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 20:42:24.0562 6072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 20:42:24.0609 6072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 20:42:24.0640 6072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 20:42:24.0687 6072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 20:42:24.0750 6072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 20:42:24.0781 6072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 20:42:24.0843 6072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 20:42:24.0968 6072 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/22 20:42:25.0109 6072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/22 20:42:25.0125 6072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/22 20:42:25.0140 6072 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/22 20:42:25.0156 6072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 20:42:25.0171 6072 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 20:42:25.0187 6072 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 20:42:25.0203 6072 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 20:42:25.0234 6072 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 20:42:25.0312 6072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 20:42:25.0343 6072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 20:42:25.0359 6072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 20:42:25.0375 6072 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/22 20:42:25.0421 6072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 20:42:25.0437 6072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 20:42:25.0453 6072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 20:42:25.0468 6072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 20:42:25.0500 6072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 20:42:25.0500 6072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 20:42:25.0546 6072 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 20:42:25.0562 6072 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 20:42:25.0625 6072 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/09/22 20:42:25.0687 6072 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/22 20:42:25.0828 6072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 20:42:25.0843 6072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 20:42:25.0843 6072 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/22 20:42:25.0875 6072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 20:42:25.0937 6072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 20:42:25.0953 6072 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 20:42:25.0984 6072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 20:42:26.0015 6072 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/09/22 20:42:26.0046 6072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 20:42:26.0078 6072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 20:42:26.0187 6072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 20:42:26.0218 6072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 20:42:26.0250 6072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 20:42:26.0265 6072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 20:42:26.0281 6072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 20:42:26.0328 6072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 20:42:26.0375 6072 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/09/22 20:42:26.0437 6072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 20:42:26.0468 6072 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/22 20:42:26.0531 6072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 20:42:26.0546 6072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 20:42:26.0578 6072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 20:42:26.0593 6072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 20:42:26.0593 6072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/22 20:42:26.0625 6072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 20:42:26.0656 6072 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 20:42:26.0671 6072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 20:42:26.0718 6072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 20:42:26.0796 6072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/22 20:42:26.0812 6072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/22 20:42:26.0859 6072 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
2011/09/22 20:42:26.0875 6072 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
2011/09/22 20:42:26.0875 6072 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk1\DR3
2011/09/22 20:42:27.0468 6072 Boot (0x1200) (d0a483ae6db61acfa2050ce2c015ebda) \Device\Harddisk0\DR0\Partition0
2011/09/22 20:42:27.0484 6072 Boot (0x1200) (9aae8383d93e8b4a68ec7076ddab9fc5) \Device\Harddisk0\DR0\Partition1
2011/09/22 20:42:27.0500 6072 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR3\Partition0
2011/09/22 20:42:27.0500 6072 ================================================================================
2011/09/22 20:42:27.0500 6072 Scan finished
2011/09/22 20:42:27.0500 6072 ================================================================================
2011/09/22 20:42:27.0500 6064 Detected object count: 1
2011/09/22 20:42:27.0500 6064 Actual detected object count: 1
2011/09/22 20:43:33.0812 6064 Trojan-Clicker.Win32.Wistler.c(\Device\Harddisk0\DR0) - User select action: Skip
2011/09/22 20:45:27.0046 5980 Deinitialize success

~~

Rapport AdwCleaner (court, j'espère que j'ai pas fait d'erreur)

# AdwCleaner v1.307 - Rapport créé le 22/09/2011 à 20:48:50
# Mis à jour le 19/09/11 à 09h par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Proprietaire - INTEL (Administrateur)
# Exécuté depuis : E:\Johann\Ma Musique\adwcleaner0.exe
# Option [Suppression]

***** [KillNav] *****

# firefox.exe [PID:3544] -> Tué

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

***** [Registre] *****

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v7.0 (fr)

Profil : 3mx2o02i.default
Fichier : C:\Documents and Settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\3mx2o02i.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v14.0.835.186

Fichier : C:\Documents and Settings\Proprietaire\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [21343 octets] - [22/09/2011 20:48:03]
AdwCleaner[S2].txt - [1183 octets] - [22/09/2011 20:48:50]

*************************

Par contre, Malwarebytes ne répond plus à partir de l'analyse de « HKCR\CLSID{nombre} ».
Cependant, en examen rapide le rapport est totalement clean (inutile de le copier coller).

Merci encore et désolé pour le retard !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
pas grave.

refais tdsskiller car le suspicious est néfaste :)
0
Réponse 6 / 22
Zephir45 Messages postés 20 Statut Membre
 
Formatage des clés réussi et Ipod réutilisable, merci beaucoup :)

Juste comme ça, ce genre de trojan s'attrape comment la plupart du temps ?
Il a un effet immédiat ou il se terre :d ?
Et est-ce qu'il peut passer les pare-feu "basiques" comme F-Secure d'orange ?
0
Réponse 7 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
J'ai demandé un nouveau TDSS Killer car il avait trouvé du Whistler et tu as fait skip ;)

bah ça peut provenir d'autres supports amovibles ... d'un téléchargement "pas net" comme des cracks ...

et oui, ça peut passer outre les systèmes de sécurité.
0
Réponse 8 / 22
Zephir45 Messages postés 20 Statut Membre
 
Bonjour, je ne sais pas si je dois recréer un sujet car il s'agit d'un problème différent, mais dans le doute je poste ici ;
J'ai depuis environ 1h un problème de redirection google, bref classique quoi.
Ca m'étonne quand même car j'ai rien téléchargé depuis 2-3 jours (même si l'antivirus ne voulait pas se mettre à jour), et même mes téléchargements semblaient clean. Donc c'est peut être un retour du malware qui m'a fait poster ce topic.

J'ai effectué un scan avec TDSSKiller, qui m'a trouvé un agent suspicieux et un malware :
- ca3daf3f (Hidden.File.Multi.Generic)
- redbook (Rootkit.Win32.ZAccess.h)

Par contre je ne vais pas aller plus loin sans conseil, merci d'avance pour vos réponses bénévoles ;(
0
Réponse 9 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Salut !

Rootkit ZAccess ... le pire du moment \o/

Supprime le TDSSKiller que tu as

~~

▶ Télécharge Reload_TDSSKiller

▶ Lance le

choisis : lancer le nettoyage

l'outil va automatiquement télécharger la derniere version puis

TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image

Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

▶ Copie/Colle son contenu dans ta prochaine réponse.

Bonne nuit !
0
Réponse 10 / 22
Zephir45 Messages postés 20 Statut Membre
 
Ah, merci Juju !

00:36:14.0937 5552 TDSS rootkit removing tool 2.6.3.0 Oct 1 2011 13:14:27
00:36:16.0796 5552 ============================================================
00:36:16.0796 5552 Current date / time: 2011/11/04 00:36:16.0796
00:36:16.0796 5552 SystemInfo:
00:36:16.0796 5552
00:36:16.0796 5552 OS Version: 5.1.2600 ServicePack: 3.0
00:36:16.0796 5552 Product type: Workstation
00:36:16.0796 5552 ComputerName: INTEL
00:36:16.0796 5552 UserName: Proprietaire
00:36:16.0796 5552 Windows directory: C:\WINDOWS
00:36:16.0796 5552 System windows directory: C:\WINDOWS
00:36:16.0796 5552 Processor architecture: Intel x86
00:36:16.0796 5552 Number of processors: 2
00:36:16.0796 5552 Page size: 0x1000
00:36:16.0796 5552 Boot type: Normal boot
00:36:16.0796 5552 ============================================================
00:37:21.0562 5552 Initialize success
00:37:36.0468 4604 ============================================================
00:37:36.0468 4604 Scan started
00:37:36.0468 4604 Mode: Manual;
00:37:36.0468 4604 ============================================================
00:37:36.0781 4604 Abiosdsk - ok
00:37:36.0796 4604 abp480n5 - ok
00:37:36.0843 4604 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:37:36.0843 4604 ACPI - ok
00:37:36.0875 4604 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:37:36.0875 4604 ACPIEC - ok
00:37:36.0906 4604 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
00:37:36.0906 4604 ADILOADER - ok
00:37:36.0921 4604 adiusbaw (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
00:37:36.0921 4604 adiusbaw - ok
00:37:36.0921 4604 adpu160m - ok
00:37:36.0968 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:37:36.0968 4604 aec - ok
00:37:37.0000 4604 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:37:37.0000 4604 AegisP - ok
00:37:37.0046 4604 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
00:37:37.0046 4604 AFD - ok
00:37:37.0046 4604 Aha154x - ok
00:37:37.0062 4604 aic78u2 - ok
00:37:37.0062 4604 aic78xx - ok
00:37:37.0078 4604 AliIde - ok
00:37:37.0140 4604 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:37:37.0140 4604 Ambfilt - ok
00:37:37.0156 4604 amsint - ok
00:37:37.0156 4604 asc - ok
00:37:37.0171 4604 asc3350p - ok
00:37:37.0187 4604 asc3550 - ok
00:37:37.0218 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:37:37.0218 4604 AsyncMac - ok
00:37:37.0218 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:37:37.0218 4604 atapi - ok
00:37:37.0234 4604 Atdisk - ok
00:37:37.0265 4604 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
00:37:37.0265 4604 atksgt - ok
00:37:37.0281 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:37:37.0281 4604 Atmarpc - ok
00:37:37.0312 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:37:37.0312 4604 audstub - ok
00:37:37.0343 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:37:37.0343 4604 Beep - ok
00:37:37.0375 4604 ca3daf3f (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1068449226:901927104.exe
00:37:37.0375 4604 Suspicious file (Hidden): C:\WINDOWS\1068449226:901927104.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
00:37:37.0375 4604 ca3daf3f ( HiddenFile.Multi.Generic ) - warning
00:37:37.0375 4604 ca3daf3f - detected HiddenFile.Multi.Generic (1)
00:37:37.0406 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:37:37.0406 4604 cbidf2k - ok
00:37:37.0406 4604 cd20xrnt - ok
00:37:37.0421 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:37:37.0421 4604 Cdaudio - ok
00:37:37.0437 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:37:37.0437 4604 Cdfs - ok
00:37:37.0453 4604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:37:37.0453 4604 Cdrom - ok
00:37:37.0468 4604 Changer - ok
00:37:37.0484 4604 CmdIde - ok
00:37:37.0500 4604 Cpqarray - ok
00:37:37.0500 4604 dac2w2k - ok
00:37:37.0515 4604 dac960nt - ok
00:37:37.0531 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:37:37.0531 4604 Disk - ok
00:37:37.0562 4604 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
00:37:37.0578 4604 dmboot - ok
00:37:37.0578 4604 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
00:37:37.0578 4604 dmio - ok
00:37:37.0609 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:37:37.0609 4604 dmload - ok
00:37:37.0625 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:37:37.0625 4604 DMusic - ok
00:37:37.0640 4604 dpti2o - ok
00:37:37.0640 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:37:37.0640 4604 drmkaud - ok
00:37:37.0687 4604 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
00:37:37.0687 4604 dtsoftbus01 - ok
00:37:37.0687 4604 EagleNT - ok
00:37:37.0703 4604 EagleXNt - ok
00:37:37.0828 4604 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys
00:37:37.0828 4604 F-Secure Gatekeeper - ok
00:37:37.0890 4604 F-Secure HIPS (c6c0682a94f92664db550ec1c4207d62) C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys
00:37:37.0890 4604 F-Secure HIPS - ok
00:37:37.0890 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:37:37.0906 4604 Fastfat - ok
00:37:37.0906 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:37:37.0906 4604 Fdc - ok
00:37:37.0921 4604 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
00:37:37.0921 4604 Fips - ok
00:37:37.0921 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:37:37.0921 4604 Flpydisk - ok
00:37:37.0953 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:37:37.0953 4604 FltMgr - ok
00:37:37.0968 4604 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
00:37:37.0968 4604 fsbts - ok
00:37:37.0984 4604 FSFW (b3872e46fa399f6a9a54e8fdeeeb4f1a) C:\WINDOWS\system32\drivers\fsdfw.sys
00:37:37.0984 4604 FSFW - ok
00:37:38.0000 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:37:38.0000 4604 Fs_Rec - ok
00:37:38.0015 4604 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:37:38.0015 4604 Ftdisk - ok
00:37:38.0046 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:37:38.0046 4604 GEARAspiWDM - ok
00:37:38.0046 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:37:38.0046 4604 Gpc - ok
00:37:38.0078 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:37:38.0078 4604 HDAudBus - ok
00:37:38.0125 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:37:38.0125 4604 HidUsb - ok
00:37:38.0125 4604 hpn - ok
00:37:38.0171 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:37:38.0171 4604 HTTP - ok
00:37:38.0171 4604 i2omgmt - ok
00:37:38.0187 4604 i2omp - ok
00:37:38.0187 4604 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:37:38.0187 4604 i8042prt - ok
00:37:38.0203 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:37:38.0203 4604 Imapi - ok
00:37:38.0218 4604 ini910u - ok
00:37:38.0312 4604 IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:37:38.0343 4604 IntcAzAudAddService - ok
00:37:38.0359 4604 IntelIde - ok
00:37:38.0375 4604 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:37:38.0375 4604 intelppm - ok
00:37:38.0390 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:37:38.0390 4604 Ip6Fw - ok
00:37:38.0406 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:37:38.0406 4604 IpFilterDriver - ok
00:37:38.0421 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:37:38.0421 4604 IpInIp - ok
00:37:38.0453 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:37:38.0453 4604 IpNat - ok
00:37:38.0468 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:37:38.0468 4604 IPSec - ok
00:37:38.0484 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:37:38.0484 4604 IRENUM - ok
00:37:38.0500 4604 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:37:38.0500 4604 isapnp - ok
00:37:38.0500 4604 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:37:38.0500 4604 Kbdclass - ok
00:37:38.0531 4604 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:37:38.0531 4604 kbdhid - ok
00:37:38.0578 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:37:38.0578 4604 kmixer - ok
00:37:38.0593 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:37:38.0593 4604 KSecDD - ok
00:37:38.0609 4604 lbrtfdc - ok
00:37:38.0640 4604 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
00:37:38.0640 4604 lirsgt - ok
00:37:38.0671 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:37:38.0671 4604 mnmdd - ok
00:37:38.0687 4604 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
00:37:38.0687 4604 Modem - ok
00:37:38.0734 4604 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:37:38.0734 4604 Monfilt - ok
00:37:38.0750 4604 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:37:38.0750 4604 Mouclass - ok
00:37:38.0781 4604 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:37:38.0781 4604 mouhid - ok
00:37:38.0796 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:37:38.0796 4604 MountMgr - ok
00:37:38.0796 4604 mraid35x - ok
00:37:38.0812 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:37:38.0812 4604 MRxDAV - ok
00:37:38.0843 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:37:38.0843 4604 MRxSmb - ok
00:37:38.0859 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:37:38.0859 4604 Msfs - ok
00:37:38.0921 4604 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
00:37:38.0921 4604 MSI_DVD_010507 - ok
00:37:38.0937 4604 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
00:37:38.0937 4604 MSI_MSIBIOS_010507 - ok
00:37:38.0937 4604 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
00:37:38.0937 4604 MSI_VGASYS_010507 - ok
00:37:38.0968 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:37:38.0968 4604 MSKSSRV - ok
00:37:38.0968 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:37:38.0968 4604 MSPCLOCK - ok
00:37:38.0984 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:37:38.0984 4604 MSPQM - ok
00:37:39.0000 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:37:39.0000 4604 mssmbios - ok
00:37:39.0015 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:37:39.0015 4604 Mup - ok
00:37:39.0031 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:37:39.0046 4604 NDIS - ok
00:37:39.0062 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:37:39.0062 4604 NdisTapi - ok
00:37:39.0078 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:37:39.0078 4604 Ndisuio - ok
00:37:39.0093 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:37:39.0093 4604 NdisWan - ok
00:37:39.0125 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:37:39.0125 4604 NDProxy - ok
00:37:39.0125 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:37:39.0125 4604 NetBIOS - ok
00:37:39.0171 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:37:39.0171 4604 NetBT - ok
00:37:39.0187 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:37:39.0187 4604 Npfs - ok
00:37:39.0203 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:37:39.0218 4604 Ntfs - ok
00:37:39.0250 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:37:39.0250 4604 Null - ok
00:37:39.0390 4604 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:37:39.0421 4604 nv - ok
00:37:39.0453 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:37:39.0453 4604 NwlnkFlt - ok
00:37:39.0453 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:37:39.0468 4604 NwlnkFwd - ok
00:37:39.0484 4604 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
00:37:39.0484 4604 Parport - ok
00:37:39.0484 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:37:39.0484 4604 PartMgr - ok
00:37:39.0500 4604 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
00:37:39.0500 4604 ParVdm - ok
00:37:39.0531 4604 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
00:37:39.0531 4604 PCI - ok
00:37:39.0531 4604 PCIDump - ok
00:37:39.0546 4604 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:37:39.0546 4604 PCIIde - ok
00:37:39.0562 4604 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:37:39.0562 4604 Pcmcia - ok
00:37:39.0562 4604 PDCOMP - ok
00:37:39.0562 4604 PDFRAME - ok
00:37:39.0578 4604 PDRELI - ok
00:37:39.0578 4604 PDRFRAME - ok
00:37:39.0593 4604 perc2 - ok
00:37:39.0593 4604 perc2hib - ok
00:37:39.0609 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:37:39.0625 4604 PptpMiniport - ok
00:37:39.0625 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:37:39.0625 4604 PSched - ok
00:37:39.0640 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:37:39.0640 4604 Ptilink - ok
00:37:39.0656 4604 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:37:39.0656 4604 PxHelp20 - ok
00:37:39.0671 4604 ql1080 - ok
00:37:39.0671 4604 Ql10wnt - ok
00:37:39.0687 4604 ql12160 - ok
00:37:39.0687 4604 ql1240 - ok
00:37:39.0703 4604 ql1280 - ok
00:37:39.0703 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:37:39.0703 4604 RasAcd - ok
00:37:39.0718 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:37:39.0718 4604 Rasl2tp - ok
00:37:39.0718 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:37:39.0718 4604 RasPppoe - ok
00:37:39.0734 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:37:39.0734 4604 Raspti - ok
00:37:39.0734 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:37:39.0750 4604 Rdbss - ok
00:37:39.0750 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:37:39.0750 4604 RDPCDD - ok
00:37:39.0781 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:37:39.0781 4604 RDPWD - ok
00:37:39.0796 4604 redbook (378c0484d15621cf12713ccb9af32387) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:37:39.0796 4604 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 378c0484d15621cf12713ccb9af32387, Fake md5: d8eb2a7904db6c916eb5361878ddcbae
00:37:39.0796 4604 redbook ( ForgedFile.Multi.Generic ) - warning
00:37:39.0796 4604 redbook - detected ForgedFile.Multi.Generic (1)
00:37:39.0828 4604 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERS\rt73.sys
00:37:39.0828 4604 RT73 - ok
00:37:39.0859 4604 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:37:39.0859 4604 RTLE8023xp - ok
00:37:39.0875 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:37:39.0875 4604 Secdrv - ok
00:37:39.0890 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:37:39.0890 4604 serenum - ok
00:37:39.0906 4604 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
00:37:39.0906 4604 Serial - ok
00:37:39.0937 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:37:39.0937 4604 Sfloppy - ok
00:37:39.0937 4604 Simbad - ok
00:37:39.0953 4604 Sparrow - ok
00:37:39.0984 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:37:39.0984 4604 splitter - ok
00:37:40.0000 4604 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
00:37:40.0000 4604 sr - ok
00:37:40.0031 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:37:40.0031 4604 Srv - ok
00:37:40.0078 4604 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
00:37:40.0078 4604 StarOpen - ok
00:37:40.0093 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:37:40.0093 4604 swenum - ok
00:37:40.0109 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:37:40.0109 4604 swmidi - ok
00:37:40.0125 4604 symc810 - ok
00:37:40.0140 4604 symc8xx - ok
00:37:40.0140 4604 sym_hi - ok
00:37:40.0140 4604 sym_u3 - ok
00:37:40.0171 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:37:40.0171 4604 sysaudio - ok
00:37:40.0218 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:37:40.0218 4604 Tcpip - ok
00:37:40.0250 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:37:40.0250 4604 TDPIPE - ok
00:37:40.0265 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:37:40.0265 4604 TDTCP - ok
00:37:40.0265 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:37:40.0265 4604 TermDD - ok
00:37:40.0281 4604 TosIde - ok
00:37:40.0312 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:37:40.0312 4604 Udfs - ok
00:37:40.0312 4604 ultra - ok
00:37:40.0390 4604 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
00:37:40.0390 4604 UnlockerDriver5 - ok
00:37:40.0406 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:37:40.0406 4604 Update - ok
00:37:40.0421 4604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:37:40.0421 4604 USBAAPL - ok
00:37:40.0453 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:37:40.0453 4604 usbccgp - ok
00:37:40.0468 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:37:40.0468 4604 usbehci - ok
00:37:40.0500 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:37:40.0500 4604 usbhub - ok
00:37:40.0515 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:37:40.0515 4604 USBSTOR - ok
00:37:40.0515 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:37:40.0515 4604 usbuhci - ok
00:37:40.0531 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:37:40.0531 4604 VgaSave - ok
00:37:40.0531 4604 ViaIde - ok
00:37:40.0546 4604 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
00:37:40.0546 4604 VolSnap - ok
00:37:40.0562 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:37:40.0562 4604 Wanarp - ok
00:37:40.0562 4604 WDICA - ok
00:37:40.0578 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:37:40.0578 4604 wdmaud - ok
00:37:40.0625 4604 WPRO_40_1340 - ok
00:37:40.0656 4604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:37:40.0656 4604 WudfPf - ok
00:37:40.0671 4604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:37:40.0671 4604 WudfRd - ok
00:37:40.0687 4604 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
00:37:40.0781 4604 \Device\Harddisk0\DR0 - ok
00:37:40.0781 4604 Boot (0x1200) (d0a483ae6db61acfa2050ce2c015ebda) \Device\Harddisk0\DR0\Partition0
00:37:40.0781 4604 \Device\Harddisk0\DR0\Partition0 - ok
00:37:40.0796 4604 Boot (0x1200) (9aae8383d93e8b4a68ec7076ddab9fc5) \Device\Harddisk0\DR0\Partition1
00:37:40.0796 4604 \Device\Harddisk0\DR0\Partition1 - ok
00:37:40.0796 4604 ============================================================
00:37:40.0796 4604 Scan finished
00:37:40.0796 4604 ============================================================
00:37:40.0812 5844 Detected object count: 2
00:37:40.0812 5844 Actual detected object count: 2
00:38:22.0531 5844 ca3daf3f ( HiddenFile.Multi.Generic ) - skipped by user
00:38:22.0531 5844 ca3daf3f ( HiddenFile.Multi.Generic ) - User select action: Skip
00:38:22.0531 5844 HKLM\SYSTEM\ControlSet001\services\redbook - will be deleted on reboot
00:38:22.0531 5844 HKLM\SYSTEM\ControlSet002\services\redbook - will be deleted on reboot
00:38:22.0546 5844 HKLM\SYSTEM\ControlSet003\services\redbook - will be deleted on reboot
00:38:22.0546 5844 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be deleted on reboot
00:38:22.0546 5844 redbook ( ForgedFile.Multi.Generic ) - User select action: Delete
00:38:30.0171 1980 Deinitialize success

Bon j'ai delete le redbook (le Rootkit donc ?), par contre j'ai pas vu cure.
Bonne nuit !
0
Réponse 11 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Et lui ?

00:38:22.0531 5844 ca3daf3f ( HiddenFile.Multi.Generic ) - skipped by user

Par contre t'aurais supprimé zacces avant ou il est coriace.

/!\ IMPORTANT /!\
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
Protections résidentes : https://forum.pcastuces.com/default.asp
et https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
~~
Pare feu Windows XP : http://support.microsoft.com/kb/283673/fr
Pare feu Windows Vista/7 : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
~~
Windows Defender : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
_______________________________________________________________

▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

▶ ▶ SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
▶ ▶ Ne touche à rien (souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

▶ En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s''afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\

Notes:
-> Le rapport se trouve également là : C:\ComboFix.txt
-> tutoriel combofix
0
Réponse 12 / 22
Zephir45 Messages postés 20 Statut Membre
 
En effet il a l'air d'être coriace, TDSSKiller continue de trouver les deux agents alors que j'ai cure / delete hier et aujourd'hui.
Je vais faire ta manip après avoir mis sur clé quelques fichiers, dans 1h quoi.

Edit : Bon j'ai fait la manip décrite pour Fsecure et désactivé le pare-feu mais Combofix me dit qu'il est toujours actif. Pas grave je lance...
0
Réponse 13 / 22
Zephir45 Messages postés 20 Statut Membre
 
Merci, je pense que ça a marché ;
Voici le rapport combofix :

ComboFix 11-10-04.04 - Proprietaire 04/11/2011 20:08:45.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1705 [GMT 1:00]
Lancé depuis: c:\documents and settings\Proprietaire\Bureau\Zephir.exe.exe
AV: Anti-virus firewall 9.10 *Enabled/Outdated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Anti-virus firewall 9.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Proprietaire\WINDOWS
c:\progra~1\Wanadoo\GestMaj.exe
c:\program files\Audiosurf\mybarnsp39.tmp\tbHElper.dll
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\War_Rock_20100722.exe
c:\windows\$NtUninstallKB39677$
c:\windows\$NtUninstallKB39677$\2179549020
c:\windows\$NtUninstallKB39677$\3393040191\@
c:\windows\$NtUninstallKB39677$\3393040191\click.tlb
c:\windows\$NtUninstallKB39677$\3393040191\L\ydsicngk
c:\windows\$NtUninstallKB39677$\3393040191\loader.tlb
c:\windows\$NtUninstallKB39677$\3393040191\U\@00000001
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000c0
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000cb
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000cf
c:\windows\$NtUninstallKB39677$\3393040191\U\@80000000
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000c0
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000cb
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\system32\
c:\windows\system32\c_29110.nls
.
Une copie infectée de c:\windows\system32\drivers\afd.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it :)
Une copie infectée de c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134839.exe
.
Une copie infectée de c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134847.exe
.
Une copie infectée de c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134840.EXE
.
Une copie infectée de c:\windows\System32\FTRTSVC.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134841.exe
.
Une copie infectée de c:\program files\iPod\bin\iPodService.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134848.exe
.
Une copie infectée de c:\program files\Java\jre6\bin\jqs.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134842.exe
.
Une copie infectée de c:\program files\CDBurnerXP\NMSAccessU.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134843.exe
.
c:\windows\system32\nvsvc32.exe . . . est infecté!!
c:\windows\system32\nvsvc32.exe . . . was deleted!! You should re-install the program it pertains to
.
Une copie infectée de c:\program files\TomTom HOME 2\TomTomHOMEService.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134846.exe
.
Une copie infectée de c:\windows\System32\FTRTSVC.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134841.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ca3daf3f
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-04 au 2011-11-04 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-04 19:06 . 2011-02-16 13:25 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-04 19:06 . 2011-02-16 13:25 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-04 18:52 . 2011-11-04 18:55 -------- d-----w- C:\Zephir.exe
2011-11-04 18:32 . 2011-11-04 18:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-03 23:39 . 2011-11-04 17:16 48016 --sha-w- c:\windows\system32\c_29110.nl_
2011-11-03 19:38 . 2011-11-03 19:38 -------- d-----w- c:\program files\Trend Micro
2011-11-02 15:01 . 2011-09-29 07:16 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-02 15:01 . 2011-09-29 07:16 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-02 15:01 . 2011-09-29 07:16 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-02 15:01 . 2011-09-29 07:16 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-11-02 15:01 . 2011-09-29 07:16 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-02 15:01 . 2011-09-29 07:16 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-02 15:01 . 2011-09-29 07:16 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-11-02 15:01 . 2011-09-29 07:16 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-02 15:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-02 15:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 17:15 . 2006-03-02 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-04 17:10 . 2006-03-02 12:00 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-04 17:06 . 2011-05-19 17:21 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-04 17:03 . 2006-03-02 12:00 66048 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-09 09:12 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 15:00 . 2011-09-22 18:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 15:38 . 2010-07-23 18:57 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-09-29 07:16 . 2011-11-02 15:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-08-23 53160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-10-28 199264]
"F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-10-28 1653344]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Proprietaire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-7-30 385024]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-7-23 962661]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56526:TCP"= 56526:TCP:Pando Media Booster
"56526:UDP"= 56526:UDP:Pando Media Booster
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [23/07/2010 19:57 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [23/07/2010 19:56 80000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19/05/2011 18:21 218688]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [23/07/2010 19:56 68064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [23/07/2010 19:56 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [23/07/2010 19:56 61088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/07/2010 18:47 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10/05/2010 09:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10/05/2010 09:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10/05/2010 09:44 16696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1060284298-839522115-1004Core.job
- c:\documents and settings\Proprietaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-22 12:16]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1060284298-839522115-1004UA.job
- c:\documents and settings\Proprietaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-22 12:16]
.
2011-11-02 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-03-02 17:34]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{D98D28DE-85E3-47AF-9A48-8D2B7444C99A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} -
LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
FF - ProfilePath - c:\documents and settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\3mx2o02i.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)
WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)
HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\GestMaj.exe
HKLM-Run-WOOTASKBARICON - c:\progra~1\Wanadoo\GestMaj.exe
HKLM-Run-adiras - adiras.exe
SafeBoot-27153512.sys
SafeBoot-32904844.sys
SafeBoot-38555438.sys
SafeBoot-44303599.sys
SafeBoot-66257842.sys
SafeBoot-78381703.sys
SafeBoot-80902774.sys
AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 20:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 2584 bytes
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,c8,ea,03,2a,10,51,4f,8e,8b,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,c8,ea,03,2a,10,51,4f,8e,8b,9f,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(3588)
c:\progra~1\Raptr\ltc_help32-54388.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'explorer.exe'(2436)
c:\progra~1\Raptr\ltc_help32-54388.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE
c:\windows\System32\FTRTSVC.exe
c:\program files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Raptr\raptr.exe
c:\progra~1\Raptr\raptr_im.exe
.
**************************************************************************
.
Heure de fin: 2011-11-04 20:24:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-11-04 19:24
.
Avant-CF: 191 639 683 072 octets libres
Après-CF: 191 909 060 608 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - E53BDDD4B4F8AB0F1A1A3D182C5D41BF
0
Réponse 14 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Analyse ces fichiers sur virustotal, clique sur reanlyse si nécessaire et colle les liens de ta barre d'adresse ici :

C:\Zephir.exe
c:\windows\system32\c_29110.nl_
0
Réponse 15 / 22
Zephir45 Messages postés 20 Statut Membre
 
Je ne sais pas si j'ai bien compris ; je suppose qu'il faut que j'upload ces fichiers sur le site VirusTotal mais alors :
-C:\Zephir.exe est en rapport avec Combofix (renommé). Et c'est un dossier, le seul fichier qu'il contient charge indéfiniment sur VirusTotal.
-l'autre est introuvable (via l'explorateur, au moins) - n'a t'il pas été supprimé ?

PS : Je suppose que mon anitvirus a été corrompu aussi ?

Bonne nuit en tous cas ;(
0
Réponse 16 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

▶ ▶ SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!!

▶ Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

KillAll::

Rootkit::
c:\windows\system32\c_29110.nls      

Driver::
ca3daf3f

Folder::
c:\program files\Vuze_Remote\
c:\program files\PokerStars.FR

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]   
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]  
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]   
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]    => Microsoft Security Center  
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56526:TCP"=-     
"56526:UDP"=-

File::
c:\windows\Tasks\shutdown.job      

DDS::
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe


▶ Enregistre ce fichier sous le nom CFScript

▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

▶ Combofix se lance, laisse toi guider..

▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 17 / 22
Zephir45 Messages postés 20 Statut Membre
 
ComboFix 11-10-04.04 - Proprietaire 05/10/2011 17:00:16.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1444 [GMT 2:00]
Lancé depuis: c:\documents and settings\Proprietaire\Bureau\Zephir.exe.exe
Commutateurs utilisés :: c:\documents and settings\Proprietaire\Bureau\CFScript.txt
AV: Anti-virus firewall 9.10 *Enabled/Outdated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Anti-virus firewall 9.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\windows\Tasks\shutdown.job"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PokerStars.FR
c:\program files\PokerStars.FR\_update2.dat
c:\program files\PokerStars.FR\_update2black.dat
c:\program files\PokerStars.FR\_update2default.dat
c:\program files\PokerStars.FR\_update2g.dat
c:\program files\PokerStars.FR\_update2gcd.dat
c:\program files\PokerStars.FR\_update2oldblack.dat
c:\program files\PokerStars.FR\_update2rare.dat
c:\program files\PokerStars.FR\_update2s.dat
c:\program files\PokerStars.FR\_update2simple.dat
c:\program files\PokerStars.FR\_update2skyrock.dat
c:\program files\PokerStars.FR\_update2xblack.dat
c:\program files\PokerStars.FR\_updcache.dat
c:\program files\PokerStars.FR\backup\gx\cashierpaysystem.jpg
c:\program files\PokerStars.FR\backup\gx\templates\browser.css
c:\program files\PokerStars.FR\backup\gx\templates\dialog.css
c:\program files\PokerStars.FR\backup\gx\templates\dialog.html
c:\program files\PokerStars.FR\backup\gx\templates\help.html
c:\program files\PokerStars.FR\backup\gx\templates\menu.xml
c:\program files\PokerStars.FR\backup\gx\tmp.jpg
c:\program files\PokerStars.FR\backup\i18n.msg_cli.txt
c:\program files\PokerStars.FR\backup\PokerStars.exe
c:\program files\PokerStars.FR\backup\PokerStars.ini
c:\program files\PokerStars.FR\backup\themes\&default\gx.ini
c:\program files\PokerStars.FR\backup\themes\black\gx.ini
c:\program files\PokerStars.FR\backup\themes\black\templates\dialog.html
c:\program files\PokerStars.FR\backup\themes\oldblack\gx.ini
c:\program files\PokerStars.FR\backup\update.ini
c:\program files\PokerStars.FR\fw.ini
c:\program files\PokerStars.FR\gx\arr.a.bmp
c:\program files\PokerStars.FR\gx\arr.bmp
c:\program files\PokerStars.FR\gx\bg.jpg
c:\program files\PokerStars.FR\gx\bg.png
c:\program files\PokerStars.FR\gx\blt.a.bmp
c:\program files\PokerStars.FR\gx\blt.bmp
c:\program files\PokerStars.FR\gx\cards.jpg
c:\program files\PokerStars.FR\gx\cashierpaysystem.a.bmp
c:\program files\PokerStars.FR\gx\cashierpaysystem.bmp
c:\program files\PokerStars.FR\gx\cashierpaysystem.jpg
c:\program files\PokerStars.FR\gx\cashierpaysystemfast.png
c:\program files\PokerStars.FR\gx\cheque.jpg
c:\program files\PokerStars.FR\gx\chequeCA.jpg
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chipone.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chipone.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\mini-dealer.png
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\mini-dealer2.png
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\back.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardfade.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardfade.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardnoshow.png
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardshow.png
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\smback.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\smback.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\back.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\back.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\cardfade.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\cardfade.bmp
c:\program files\PokerStars.FR\gx\close.a.bmp
c:\program files\PokerStars.FR\gx\close.bmp
c:\program files\PokerStars.FR\gx\ctep.bmp
c:\program files\PokerStars.FR\gx\ctrls\bb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\bb.bmp
c:\program files\PokerStars.FR\gx\ctrls\bracket-bg.jpg
c:\program files\PokerStars.FR\gx\ctrls\bracket-bg.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-bye.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header-curr.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header-final.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-logo.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-adv.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-in.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-out.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-won.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spacer.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-b.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-sm.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-t.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade.png
c:\program files\PokerStars.FR\gx\ctrls\btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb-fd.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb-fd.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierrb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierrb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb2.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb2.bmp
c:\program files\PokerStars.FR\gx\ctrls\cbtn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cbtn.bmp
c:\program files\PokerStars.FR\gx\ctrls\close.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\close.bmp
c:\program files\PokerStars.FR\gx\ctrls\collapse.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\collapse.bmp
c:\program files\PokerStars.FR\gx\ctrls\detach.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\detach.bmp
c:\program files\PokerStars.FR\gx\ctrls\disclose.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\disclose.bmp
c:\program files\PokerStars.FR\gx\ctrls\drag-btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\drag-btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\edited-icon.png
c:\program files\PokerStars.FR\gx\ctrls\gblk.bmp
c:\program files\PokerStars.FR\gx\ctrls\gear-icon.png
c:\program files\PokerStars.FR\gx\ctrls\gear-icon2.png
c:\program files\PokerStars.FR\gx\ctrls\helper-bar.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-bg.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-collapse.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-lock.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-refresh.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-reset.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-size.bmp
c:\program files\PokerStars.FR\gx\ctrls\lb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\lb.bmp
c:\program files\PokerStars.FR\gx\ctrls\lock.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\lock.bmp
c:\program files\PokerStars.FR\gx\ctrls\note-icon.png
c:\program files\PokerStars.FR\gx\ctrls\progress-b.png
c:\program files\PokerStars.FR\gx\ctrls\progress-red.png
c:\program files\PokerStars.FR\gx\ctrls\progress.png
c:\program files\PokerStars.FR\gx\ctrls\rblk.bmp
c:\program files\PokerStars.FR\gx\ctrls\rbtn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\rbtn.bmp
c:\program files\PokerStars.FR\gx\ctrls\refresh.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\refresh.bmp
c:\program files\PokerStars.FR\gx\ctrls\reset.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\reset.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-both.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-both.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-pause.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-pause.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-play.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-play.bmp
c:\program files\PokerStars.FR\gx\ctrls\share-on-boom.png
c:\program files\PokerStars.FR\gx\ctrls\sizebox.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\sizebox.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider-grip.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider-grip.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider.bmp
c:\program files\PokerStars.FR\gx\ctrls\ss-btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\ss-btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\stb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\stb.bmp
c:\program files\PokerStars.FR\gx\ctrls\stellar-bar.png
c:\program files\PokerStars.FR\gx\ctrls\tabs.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\tabs.bmp
c:\program files\PokerStars.FR\gx\ctrls\tourn-link.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\tourn-link.bmp
c:\program files\PokerStars.FR\gx\ctrls\tta-back.bmp
c:\program files\PokerStars.FR\gx\ctrls\tta-border.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\tta-border.bmp
c:\program files\PokerStars.FR\gx\ctrls\wb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\wb.bmp
c:\program files\PokerStars.FR\gx\cvn.jpg
c:\program files\PokerStars.FR\gx\cvn_astro.jpg
c:\program files\PokerStars.FR\gx\dialog.a.bmp
c:\program files\PokerStars.FR\gx\dialog.bmp
c:\program files\PokerStars.FR\gx\dl.jpg
c:\program files\PokerStars.FR\gx\fdicon-table.png
c:\program files\PokerStars.FR\gx\fdicon.png
c:\program files\PokerStars.FR\gx\fg-active.png
c:\program files\PokerStars.FR\gx\fg-inactive.png
c:\program files\PokerStars.FR\gx\fg-on.a.bmp
c:\program files\PokerStars.FR\gx\fg-on.bmp
c:\program files\PokerStars.FR\gx\fg.a.bmp
c:\program files\PokerStars.FR\gx\fg.b.bmp
c:\program files\PokerStars.FR\gx\fg.bmp
c:\program files\PokerStars.FR\gx\fg.png
c:\program files\PokerStars.FR\gx\fg10.png
c:\program files\PokerStars.FR\gx\fg2.png
c:\program files\PokerStars.FR\gx\fg4.png
c:\program files\PokerStars.FR\gx\fg6.png
c:\program files\PokerStars.FR\gx\fg7.png
c:\program files\PokerStars.FR\gx\fg8.png
c:\program files\PokerStars.FR\gx\fg9.png
c:\program files\PokerStars.FR\gx\filter-ico.a.bmp
c:\program files\PokerStars.FR\gx\filter-ico.bmp
c:\program files\PokerStars.FR\gx\filter.a.bmp
c:\program files\PokerStars.FR\gx\filter.bmp
c:\program files\PokerStars.FR\gx\filterb.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.pff
c:\program files\PokerStars.FR\gx\fonts\ar09.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.pff
c:\program files\PokerStars.FR\gx\fonts\ar10.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.pff
c:\program files\PokerStars.FR\gx\fonts\arb08.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.pff
c:\program files\PokerStars.FR\gx\fonts\arb09.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.pff
c:\program files\PokerStars.FR\gx\fonts\arb10.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.pff
c:\program files\PokerStars.FR\gx\fonts\arb11.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.pff
c:\program files\PokerStars.FR\gx\fonts\arb11i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.pff
c:\program files\PokerStars.FR\gx\fonts\arb12i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.pff
c:\program files\PokerStars.FR\gx\fonts\arb14i.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.pff
c:\program files\PokerStars.FR\gx\fonts\arbu10.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.pff
c:\program files\PokerStars.FR\gx\fonts\arbu12.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.pff
c:\program files\PokerStars.FR\gx\fonts\aru08.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.pff
c:\program files\PokerStars.FR\gx\fonts\gmb075.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.pff
c:\program files\PokerStars.FR\gx\fonts\gmb08.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.pff
c:\program files\PokerStars.FR\gx\fonts\gmb09.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.pff
c:\program files\PokerStars.FR\gx\fonts\gmb10.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.pff
c:\program files\PokerStars.FR\gx\fonts\gmb11.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.pff
c:\program files\PokerStars.FR\gx\fonts\gmb12.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.pff
c:\program files\PokerStars.FR\gx\fonts\gmb14.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.pff
c:\program files\PokerStars.FR\gx\fonts\gmb16.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.pff
c:\program files\PokerStars.FR\gx\fonts\gmb18.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.pff
c:\program files\PokerStars.FR\gx\fonts\gmb20.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.pff
c:\program files\PokerStars.FR\gx\fonts\lg08.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.pff
c:\program files\PokerStars.FR\gx\fonts\lg09.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.pff
c:\program files\PokerStars.FR\gx\fonts\lgb075.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.pff
c:\program files\PokerStars.FR\gx\fonts\lgb08.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.pff
c:\program files\PokerStars.FR\gx\fonts\lgb09.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.pff
c:\program files\PokerStars.FR\gx\fonts\lgb10.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.pff
c:\program files\PokerStars.FR\gx\fonts\lgb11.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.pff
c:\program files\PokerStars.FR\gx\fonts\lgb12.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.pff
c:\program files\PokerStars.FR\gx\fonts\lgb14.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.pff
c:\program files\PokerStars.FR\gx\fonts\lgb16.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.pff
c:\program files\PokerStars.FR\gx\fonts\lgb18.bmp
c:\progr
0
Réponse 18 / 22
Utilisateur anonyme
 
salut pour avancer :

héberge le rapport comme tu l'as fait pour zhpdiag :)
0
Réponse 19 / 22
Zephir45 Messages postés 20 Statut Membre
 
Ah exact le rapport était coupé.
https://pjjoint.malekal.com/files.php?id=n5g15y13l13l6s13s12138e10c14s13u7j10g1212q14p7m11l6
Bonne nuit :)
0
Réponse 20 / 22
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

▶ ▶ Désactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "exécuter en tant qu'administrateur"

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la présence d''un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

▶ ▶ Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
0

Discussions similaires

Que choisir pour boot sur clé usb ?
rolem -
Utilisateur anonyme -

1 réponse
Adaptateur USB pour le WIFI 7 ...
toinou90 -
brupala -

14 réponses