Infection des ports USB ?

Question

Bonjour, 
Depuis 2-3 jours je n'arrive plus à utiliser tout disque de stockage (Ipod, Clé USB) sur mon ordinateur (windows XP). Lorsque je veux ouvrir un disque du genre, windows m'indique que je dois formater le disque, et m'empêche d'y accéder, chose "inédite".
Le problème, c'est qu'il n'arrive pas non plus à formater. En effet la barre se remplit mais le formatage bug à la fin. J'ai essayé de le faire en passant par le gestionnaire des disques, mais cela échoue aussi à 100% : "l'assistant ne s'est pas fermé correctement".

J'ai cherché assez longuement des cas de ce genre sur le net, mais soit le problème est légèrement différent, soit il reste sans réponse. J'ai néanmoins trouvé un cas similaire à qui on avait demandé de faire un rapport avec usbfix.

Voilà ce que donne le mien : 

############################## | UsbFix 7.058 | [Recherche]

Utilisateur: Proprietaire (Administrateur) # INTEL [ ]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 18:30:49 | 21/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
CPU 2: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: Anti-virus firewall 9.10 9.10 [Enabled | Updated]
Firewall: Anti-virus firewall 9.10 9.10 [Enabled]
RAM -> 2047 Mo 
C:\ (%systemdrive%) -> Disque fixe # 298 Go (178 Go libre(s) - 60%) [Boot] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 298 Go (267 Go libre(s) - 90%) [Data] # NTFS
F:\ -> CD-ROM

################## | Éléments infectieux |

Présent! D:\ShippingPC-BmGame.exe
Présent! C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\setup.exe
Présent! C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\WinampPluginSetup_2.1.0.9.exe
Présent! C:\RECYCLER\S-1-5-21-220523388-1060284298-839522115-1004
Présent! D:\autorun.inf
Présent! D:\autorun.exe
Présent! E:\RECYCLER\S-1-5-21-220523388-1060284298-839522115-1004

################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{d77bec3b-94f1-11df-bcdc-806d6172696f}
Shell\AutoRun\Command = D:\autorun.exe


################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

################## | E.O.F |

Voilà, n'y connaissant pas grand chose en informatique je m'en remets à vous ;(
Merci.


Configuration: Windows XP / Firefox 7.0

juju666 · Answer

Bonjour,

Relance USBFix et clique sur Suppression 
Poste le rapport.

~~

Nous allons effectuer un diagnostic de ton PC: 
&#9654 Télécharge ZHPDiag 

&#9654 Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et  "Exécuter ZHPDiag" 

&#9654 Clique sur l''icône représentant une loupe (« Lancer le diagnostic ») 

&#9654 Une fois le scan aux 100%, ferme ZHPDiag. Héberge le rapport ZHPDiag.txt présent sur ton bureau :

Voici comment procéder

&#9654 Rends toi sur pjjoint.malekal.com 
&#9654 Clique sur le bouton Parcourir 
&#9654 Sélectionne le fichier que tu veux heberger et clique sur Ouvrir 
&#9654 Clique sur le bouton Envoyer 
&#9654 Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse. 

A bientôt.

Zephir45 · Answer

juju666 · Answer

désolé je viens de voir ta réponse

C'est toi qui a planifié un arrêt automatique ton pc ?

~~

&#9654 Télécharge Reload_TDSSKiller  

&#9654 Lance le   

choisis : lancer le nettoyage  

l'outil va automatiquement télécharger la derniere version puis   

TDSSKiller va s'ouvrir , clique sur "Start Scan"  Clique ici pour l'aide en image  

Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.   
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.   
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.   
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas  
Si Suspicious file est indiqué, laisse l''option cochée sur Skip    
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer  

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau  

&#9654 Copie/Colle son contenu dans ta prochaine réponse.

~~

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt

~~

&#9654 Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
&#9654 Effectue la mise à jour et lance Malwarebytes' Anti-Malware

&#9654 &#9654 Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le

&#9654 Clique dans l'onglet du haut "Recherche"
&#9654 Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
&#9654 Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

&#9654 Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

&#9654 Clique sur OK puis "Afficher les résultats"
&#9654 Choisis l'option "Supprimer la sélection"
&#9654 Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
&#9654 Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
&#9654 Sinon le rapport s'ouvre automatiquement après la suppression

Quelque soit le résultat, copie/colle le rapport dans le prochain message

A bientôt.

Zephir45 · Answer

Hum non, USBFix a en quelque sorte mobilisé l'ordi et l'a fait redémarrer ça doit être ça.

Rapport TDSSKiller (il a détecté "a malicious object" mais comme je l'ai pas vu dans la liste j'ai skip dans le doute) : 

2011/09/22 20:42:03.0453 6000	TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 20:42:03.0984 6000	================================================================================
2011/09/22 20:42:03.0984 6000	SystemInfo:
2011/09/22 20:42:03.0984 6000	
2011/09/22 20:42:03.0984 6000	OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 20:42:03.0984 6000	Product type: Workstation
2011/09/22 20:42:03.0984 6000	ComputerName: INTEL
2011/09/22 20:42:03.0984 6000	UserName: Proprietaire
2011/09/22 20:42:03.0984 6000	Windows directory: C:\WINDOWS
2011/09/22 20:42:03.0984 6000	System windows directory: C:\WINDOWS
2011/09/22 20:42:03.0984 6000	Processor architecture: Intel x86
2011/09/22 20:42:03.0984 6000	Number of processors: 2
2011/09/22 20:42:03.0984 6000	Page size: 0x1000
2011/09/22 20:42:03.0984 6000	Boot type: Normal boot
2011/09/22 20:42:03.0984 6000	================================================================================
2011/09/22 20:42:05.0140 6000	Initialize success
2011/09/22 20:42:19.0984 6072	================================================================================
2011/09/22 20:42:19.0984 6072	Scan started
2011/09/22 20:42:19.0984 6072	Mode: Manual; 
2011/09/22 20:42:19.0984 6072	================================================================================
2011/09/22 20:42:21.0156 6072	ACPI            (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 20:42:21.0187 6072	ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 20:42:21.0218 6072	ADILOADER       (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
2011/09/22 20:42:21.0375 6072	adiusbaw        (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
2011/09/22 20:42:21.0531 6072	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 20:42:21.0562 6072	AegisP          (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/22 20:42:21.0593 6072	AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 20:42:21.0703 6072	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/22 20:42:21.0843 6072	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 20:42:21.0859 6072	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 20:42:21.0906 6072	atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/09/22 20:42:21.0953 6072	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 20:42:21.0984 6072	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 20:42:22.0031 6072	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 20:42:22.0062 6072	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 20:42:22.0109 6072	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 20:42:22.0156 6072	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 20:42:22.0171 6072	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 20:42:22.0281 6072	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 20:42:22.0312 6072	dmboot          (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 20:42:22.0343 6072	dmio            (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 20:42:22.0359 6072	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 20:42:22.0406 6072	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 20:42:22.0437 6072	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 20:42:22.0484 6072	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/09/22 20:42:22.0609 6072	F-Secure Filter (38d33f9a2e4cbd75de70937cebef95cc) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys
2011/09/22 20:42:22.0656 6072	F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys
2011/09/22 20:42:22.0703 6072	F-Secure HIPS   (c6c0682a94f92664db550ec1c4207d62) C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys
2011/09/22 20:42:22.0718 6072	F-Secure Recognizer (1f6955931b193f14dff72dcb54fcd51d) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys
2011/09/22 20:42:22.0750 6072	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 20:42:22.0781 6072	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/22 20:42:22.0796 6072	Fips            (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 20:42:22.0812 6072	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/22 20:42:22.0843 6072	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 20:42:22.0859 6072	fsbts           (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
2011/09/22 20:42:22.0875 6072	FSFW            (b3872e46fa399f6a9a54e8fdeeeb4f1a) C:\WINDOWS\system32\drivers\fsdfw.sys
2011/09/22 20:42:22.0890 6072	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 20:42:22.0906 6072	Ftdisk          (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 20:42:22.0921 6072	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/22 20:42:22.0953 6072	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 20:42:23.0015 6072	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/22 20:42:23.0046 6072	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 20:42:23.0093 6072	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 20:42:23.0140 6072	i8042prt        (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 20:42:23.0156 6072	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 20:42:23.0281 6072	IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/22 20:42:23.0359 6072	intelppm        (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 20:42:23.0390 6072	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 20:42:23.0406 6072	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 20:42:23.0421 6072	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 20:42:23.0453 6072	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 20:42:23.0468 6072	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 20:42:23.0484 6072	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 20:42:23.0515 6072	isapnp          (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 20:42:23.0531 6072	Kbdclass        (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 20:42:23.0562 6072	kbdhid          (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/22 20:42:23.0593 6072	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 20:42:23.0625 6072	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 20:42:23.0671 6072	lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/09/22 20:42:23.0687 6072	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 20:42:23.0718 6072	Modem           (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 20:42:23.0750 6072	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/22 20:42:23.0828 6072	Mouclass        (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 20:42:23.0843 6072	mouhid          (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 20:42:23.0859 6072	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 20:42:23.0890 6072	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 20:42:23.0906 6072	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 20:42:23.0937 6072	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 20:42:24.0000 6072	MSI_DVD_010507  (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
2011/09/22 20:42:24.0156 6072	MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
2011/09/22 20:42:24.0265 6072	MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
2011/09/22 20:42:24.0406 6072	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 20:42:24.0406 6072	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 20:42:24.0437 6072	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 20:42:24.0468 6072	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 20:42:24.0484 6072	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 20:42:24.0500 6072	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 20:42:24.0515 6072	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
distapi.sys
2011/09/22 20:42:24.0546 6072	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
disuio.sys
2011/09/22 20:42:24.0562 6072	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
diswan.sys
2011/09/22 20:42:24.0609 6072	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 20:42:24.0640 6072	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
etbios.sys
2011/09/22 20:42:24.0687 6072	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
etbt.sys
2011/09/22 20:42:24.0750 6072	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 20:42:24.0781 6072	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 20:42:24.0843 6072	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 20:42:24.0968 6072	nv              (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS
v4_mini.sys
2011/09/22 20:42:25.0109 6072	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
2011/09/22 20:42:25.0125 6072	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
2011/09/22 20:42:25.0140 6072	Parport         (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/22 20:42:25.0156 6072	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 20:42:25.0171 6072	ParVdm          (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 20:42:25.0187 6072	PCI             (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 20:42:25.0203 6072	PCIIde          (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 20:42:25.0234 6072	Pcmcia          (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 20:42:25.0312 6072	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERSaspptp.sys
2011/09/22 20:42:25.0343 6072	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 20:42:25.0359 6072	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 20:42:25.0375 6072	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/22 20:42:25.0421 6072	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERSasacd.sys
2011/09/22 20:42:25.0437 6072	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERSasl2tp.sys
2011/09/22 20:42:25.0453 6072	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERSaspppoe.sys
2011/09/22 20:42:25.0468 6072	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERSaspti.sys
2011/09/22 20:42:25.0500 6072	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERSdbss.sys
2011/09/22 20:42:25.0500 6072	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 20:42:25.0546 6072	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 20:42:25.0562 6072	redbook         (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERSedbook.sys
2011/09/22 20:42:25.0625 6072	RT73            (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERSt73.sys
2011/09/22 20:42:25.0687 6072	RTLE8023xp      (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/22 20:42:25.0828 6072	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 20:42:25.0843 6072	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 20:42:25.0843 6072	Serial          (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/22 20:42:25.0875 6072	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 20:42:25.0937 6072	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 20:42:25.0953 6072	sr              (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 20:42:25.0984 6072	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 20:42:26.0015 6072	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/09/22 20:42:26.0046 6072	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 20:42:26.0078 6072	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 20:42:26.0187 6072	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 20:42:26.0218 6072	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS	cpip.sys
2011/09/22 20:42:26.0250 6072	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 20:42:26.0265 6072	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 20:42:26.0281 6072	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS	ermdd.sys
2011/09/22 20:42:26.0328 6072	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 20:42:26.0375 6072	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/09/22 20:42:26.0437 6072	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 20:42:26.0468 6072	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/22 20:42:26.0531 6072	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 20:42:26.0546 6072	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 20:42:26.0578 6072	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 20:42:26.0593 6072	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 20:42:26.0593 6072	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/22 20:42:26.0625 6072	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 20:42:26.0656 6072	VolSnap         (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 20:42:26.0671 6072	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 20:42:26.0718 6072	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 20:42:26.0796 6072	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/22 20:42:26.0812 6072	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/22 20:42:26.0859 6072	MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
2011/09/22 20:42:26.0875 6072	\Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
2011/09/22 20:42:26.0875 6072	MBR (0x1B8)     (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk1\DR3
2011/09/22 20:42:27.0468 6072	Boot (0x1200)   (d0a483ae6db61acfa2050ce2c015ebda) \Device\Harddisk0\DR0\Partition0
2011/09/22 20:42:27.0484 6072	Boot (0x1200)   (9aae8383d93e8b4a68ec7076ddab9fc5) \Device\Harddisk0\DR0\Partition1
2011/09/22 20:42:27.0500 6072	Boot (0x1200)   (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR3\Partition0
2011/09/22 20:42:27.0500 6072	================================================================================
2011/09/22 20:42:27.0500 6072	Scan finished
2011/09/22 20:42:27.0500 6072	================================================================================
2011/09/22 20:42:27.0500 6064	Detected object count: 1
2011/09/22 20:42:27.0500 6064	Actual detected object count: 1
2011/09/22 20:43:33.0812 6064	Trojan-Clicker.Win32.Wistler.c(\Device\Harddisk0\DR0) - User select action: Skip 
2011/09/22 20:45:27.0046 5980	Deinitialize success

~~

Rapport AdwCleaner (court, j'espère que j'ai pas fait d'erreur)

# AdwCleaner v1.307 - Rapport créé le 22/09/2011 à 20:48:50
# Mis à jour le 19/09/11 à 09h par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Proprietaire - INTEL (Administrateur)
# Exécuté depuis : E:\Johann\Ma Musique\adwcleaner0.exe
# Option [Suppression]


***** [KillNav] *****

# firefox.exe [PID:3544] -> Tué

***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\ Mozilla Firefox v7.0 (fr)

Profil : 3mx2o02i.default
Fichier : C:\Documents and Settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\3mx2o02i.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\ Google Chrome v14.0.835.186

Fichier : C:\Documents and Settings\Proprietaire\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [21343 octets] - [22/09/2011 20:48:03]
AdwCleaner[S2].txt - [1183 octets] - [22/09/2011 20:48:50]

*************************

Par contre, Malwarebytes ne répond plus à partir de l'analyse de « HKCR\CLSID{nombre} ».
Cependant, en examen rapide le rapport est totalement clean (inutile de le copier coller).

Merci encore et désolé pour le retard !

juju666 · Answer

pas grave.

refais tdsskiller car le suspicious est néfaste :)

Zephir45 · Answer

Formatage des clés réussi et Ipod réutilisable, merci beaucoup :)

Juste comme ça, ce genre de trojan s'attrape comment la plupart du temps ?
Il a un effet immédiat ou il se terre :d ? 
Et est-ce qu'il peut passer les pare-feu "basiques" comme F-Secure d'orange ?

juju666 · Answer

J'ai demandé un nouveau TDSS Killer car il avait trouvé du Whistler et tu as fait skip ;)

bah ça peut provenir d'autres supports amovibles ... d'un téléchargement "pas net" comme des cracks ... 

et oui, ça peut passer outre les systèmes de sécurité.

Zephir45 · Answer

Bonjour, je ne sais pas si je dois recréer un sujet car il s'agit d'un problème différent, mais dans le doute je poste ici ;
J'ai depuis environ 1h un problème de redirection google, bref classique quoi.
Ca m'étonne quand même car j'ai rien téléchargé depuis 2-3 jours (même si l'antivirus ne voulait pas se mettre à jour), et même mes téléchargements semblaient clean. Donc c'est peut être un retour du malware qui m'a fait poster ce topic.

J'ai effectué un scan avec TDSSKiller, qui m'a trouvé un agent suspicieux et un malware :
- ca3daf3f (Hidden.File.Multi.Generic)
- redbook (Rootkit.Win32.ZAccess.h)

Par contre je ne vais pas aller plus loin sans conseil, merci d'avance pour vos réponses bénévoles ;(

juju666 · Answer

Salut !

Rootkit ZAccess ... le pire du moment \o/

Supprime le TDSSKiller que tu as

~~

&#9654 Télécharge Reload_TDSSKiller  

&#9654 Lance le   

choisis : lancer le nettoyage  

l'outil va automatiquement télécharger la derniere version puis   

TDSSKiller va s'ouvrir , clique sur "Start Scan"  Clique ici pour l'aide en image  

Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.   
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.   
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.   
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas  
Si Suspicious file est indiqué, laisse l''option cochée sur Skip    
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer  

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau  

&#9654 Copie/Colle son contenu dans ta prochaine réponse.

Bonne nuit !

Zephir45 · Answer

Ah, merci Juju !

00:36:14.0937 5552	TDSS rootkit removing tool 2.6.3.0 Oct  1 2011 13:14:27
00:36:16.0796 5552	============================================================
00:36:16.0796 5552	Current date / time: 2011/11/04 00:36:16.0796
00:36:16.0796 5552	SystemInfo:
00:36:16.0796 5552	
00:36:16.0796 5552	OS Version: 5.1.2600 ServicePack: 3.0
00:36:16.0796 5552	Product type: Workstation
00:36:16.0796 5552	ComputerName: INTEL
00:36:16.0796 5552	UserName: Proprietaire
00:36:16.0796 5552	Windows directory: C:\WINDOWS
00:36:16.0796 5552	System windows directory: C:\WINDOWS
00:36:16.0796 5552	Processor architecture: Intel x86
00:36:16.0796 5552	Number of processors: 2
00:36:16.0796 5552	Page size: 0x1000
00:36:16.0796 5552	Boot type: Normal boot
00:36:16.0796 5552	============================================================
00:37:21.0562 5552	Initialize success
00:37:36.0468 4604	============================================================
00:37:36.0468 4604	Scan started
00:37:36.0468 4604	Mode: Manual; 
00:37:36.0468 4604	============================================================
00:37:36.0781 4604	Abiosdsk - ok
00:37:36.0796 4604	abp480n5 - ok
00:37:36.0843 4604	ACPI            (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:37:36.0843 4604	ACPI - ok
00:37:36.0875 4604	ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:37:36.0875 4604	ACPIEC - ok
00:37:36.0906 4604	ADILOADER       (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
00:37:36.0906 4604	ADILOADER - ok
00:37:36.0921 4604	adiusbaw        (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
00:37:36.0921 4604	adiusbaw - ok
00:37:36.0921 4604	adpu160m - ok
00:37:36.0968 4604	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:37:36.0968 4604	aec - ok
00:37:37.0000 4604	AegisP          (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:37:37.0000 4604	AegisP - ok
00:37:37.0046 4604	AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
00:37:37.0046 4604	AFD - ok
00:37:37.0046 4604	Aha154x - ok
00:37:37.0062 4604	aic78u2 - ok
00:37:37.0062 4604	aic78xx - ok
00:37:37.0078 4604	AliIde - ok
00:37:37.0140 4604	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:37:37.0140 4604	Ambfilt - ok
00:37:37.0156 4604	amsint - ok
00:37:37.0156 4604	asc - ok
00:37:37.0171 4604	asc3350p - ok
00:37:37.0187 4604	asc3550 - ok
00:37:37.0218 4604	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:37:37.0218 4604	AsyncMac - ok
00:37:37.0218 4604	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:37:37.0218 4604	atapi - ok
00:37:37.0234 4604	Atdisk - ok
00:37:37.0265 4604	atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
00:37:37.0265 4604	atksgt - ok
00:37:37.0281 4604	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:37:37.0281 4604	Atmarpc - ok
00:37:37.0312 4604	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:37:37.0312 4604	audstub - ok
00:37:37.0343 4604	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:37:37.0343 4604	Beep - ok
00:37:37.0375 4604	ca3daf3f        (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1068449226:901927104.exe
00:37:37.0375 4604	Suspicious file (Hidden): C:\WINDOWS\1068449226:901927104.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
00:37:37.0375 4604	ca3daf3f ( HiddenFile.Multi.Generic ) - warning
00:37:37.0375 4604	ca3daf3f - detected HiddenFile.Multi.Generic (1)
00:37:37.0406 4604	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:37:37.0406 4604	cbidf2k - ok
00:37:37.0406 4604	cd20xrnt - ok
00:37:37.0421 4604	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:37:37.0421 4604	Cdaudio - ok
00:37:37.0437 4604	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:37:37.0437 4604	Cdfs - ok
00:37:37.0453 4604	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:37:37.0453 4604	Cdrom - ok
00:37:37.0468 4604	Changer - ok
00:37:37.0484 4604	CmdIde - ok
00:37:37.0500 4604	Cpqarray - ok
00:37:37.0500 4604	dac2w2k - ok
00:37:37.0515 4604	dac960nt - ok
00:37:37.0531 4604	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:37:37.0531 4604	Disk - ok
00:37:37.0562 4604	dmboot          (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
00:37:37.0578 4604	dmboot - ok
00:37:37.0578 4604	dmio            (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
00:37:37.0578 4604	dmio - ok
00:37:37.0609 4604	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:37:37.0609 4604	dmload - ok
00:37:37.0625 4604	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:37:37.0625 4604	DMusic - ok
00:37:37.0640 4604	dpti2o - ok
00:37:37.0640 4604	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:37:37.0640 4604	drmkaud - ok
00:37:37.0687 4604	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
00:37:37.0687 4604	dtsoftbus01 - ok
00:37:37.0687 4604	EagleNT - ok
00:37:37.0703 4604	EagleXNt - ok
00:37:37.0828 4604	F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys
00:37:37.0828 4604	F-Secure Gatekeeper - ok
00:37:37.0890 4604	F-Secure HIPS   (c6c0682a94f92664db550ec1c4207d62) C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys
00:37:37.0890 4604	F-Secure HIPS - ok
00:37:37.0890 4604	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:37:37.0906 4604	Fastfat - ok
00:37:37.0906 4604	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:37:37.0906 4604	Fdc - ok
00:37:37.0921 4604	Fips            (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
00:37:37.0921 4604	Fips - ok
00:37:37.0921 4604	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:37:37.0921 4604	Flpydisk - ok
00:37:37.0953 4604	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:37:37.0953 4604	FltMgr - ok
00:37:37.0968 4604	fsbts           (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
00:37:37.0968 4604	fsbts - ok
00:37:37.0984 4604	FSFW            (b3872e46fa399f6a9a54e8fdeeeb4f1a) C:\WINDOWS\system32\drivers\fsdfw.sys
00:37:37.0984 4604	FSFW - ok
00:37:38.0000 4604	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:37:38.0000 4604	Fs_Rec - ok
00:37:38.0015 4604	Ftdisk          (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:37:38.0015 4604	Ftdisk - ok
00:37:38.0046 4604	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:37:38.0046 4604	GEARAspiWDM - ok
00:37:38.0046 4604	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:37:38.0046 4604	Gpc - ok
00:37:38.0078 4604	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:37:38.0078 4604	HDAudBus - ok
00:37:38.0125 4604	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:37:38.0125 4604	HidUsb - ok
00:37:38.0125 4604	hpn - ok
00:37:38.0171 4604	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:37:38.0171 4604	HTTP - ok
00:37:38.0171 4604	i2omgmt - ok
00:37:38.0187 4604	i2omp - ok
00:37:38.0187 4604	i8042prt        (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:37:38.0187 4604	i8042prt - ok
00:37:38.0203 4604	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:37:38.0203 4604	Imapi - ok
00:37:38.0218 4604	ini910u - ok
00:37:38.0312 4604	IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:37:38.0343 4604	IntcAzAudAddService - ok
00:37:38.0359 4604	IntelIde - ok
00:37:38.0375 4604	intelppm        (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:37:38.0375 4604	intelppm - ok
00:37:38.0390 4604	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:37:38.0390 4604	Ip6Fw - ok
00:37:38.0406 4604	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:37:38.0406 4604	IpFilterDriver - ok
00:37:38.0421 4604	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:37:38.0421 4604	IpInIp - ok
00:37:38.0453 4604	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:37:38.0453 4604	IpNat - ok
00:37:38.0468 4604	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:37:38.0468 4604	IPSec - ok
00:37:38.0484 4604	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:37:38.0484 4604	IRENUM - ok
00:37:38.0500 4604	isapnp          (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:37:38.0500 4604	isapnp - ok
00:37:38.0500 4604	Kbdclass        (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:37:38.0500 4604	Kbdclass - ok
00:37:38.0531 4604	kbdhid          (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:37:38.0531 4604	kbdhid - ok
00:37:38.0578 4604	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:37:38.0578 4604	kmixer - ok
00:37:38.0593 4604	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:37:38.0593 4604	KSecDD - ok
00:37:38.0609 4604	lbrtfdc - ok
00:37:38.0640 4604	lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
00:37:38.0640 4604	lirsgt - ok
00:37:38.0671 4604	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:37:38.0671 4604	mnmdd - ok
00:37:38.0687 4604	Modem           (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
00:37:38.0687 4604	Modem - ok
00:37:38.0734 4604	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:37:38.0734 4604	Monfilt - ok
00:37:38.0750 4604	Mouclass        (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:37:38.0750 4604	Mouclass - ok
00:37:38.0781 4604	mouhid          (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:37:38.0781 4604	mouhid - ok
00:37:38.0796 4604	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:37:38.0796 4604	MountMgr - ok
00:37:38.0796 4604	mraid35x - ok
00:37:38.0812 4604	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:37:38.0812 4604	MRxDAV - ok
00:37:38.0843 4604	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:37:38.0843 4604	MRxSmb - ok
00:37:38.0859 4604	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:37:38.0859 4604	Msfs - ok
00:37:38.0921 4604	MSI_DVD_010507  (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
00:37:38.0921 4604	MSI_DVD_010507 - ok
00:37:38.0937 4604	MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
00:37:38.0937 4604	MSI_MSIBIOS_010507 - ok
00:37:38.0937 4604	MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
00:37:38.0937 4604	MSI_VGASYS_010507 - ok
00:37:38.0968 4604	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:37:38.0968 4604	MSKSSRV - ok
00:37:38.0968 4604	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:37:38.0968 4604	MSPCLOCK - ok
00:37:38.0984 4604	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:37:38.0984 4604	MSPQM - ok
00:37:39.0000 4604	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:37:39.0000 4604	mssmbios - ok
00:37:39.0015 4604	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:37:39.0015 4604	Mup - ok
00:37:39.0031 4604	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:37:39.0046 4604	NDIS - ok
00:37:39.0062 4604	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
distapi.sys
00:37:39.0062 4604	NdisTapi - ok
00:37:39.0078 4604	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
disuio.sys
00:37:39.0078 4604	Ndisuio - ok
00:37:39.0093 4604	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
diswan.sys
00:37:39.0093 4604	NdisWan - ok
00:37:39.0125 4604	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:37:39.0125 4604	NDProxy - ok
00:37:39.0125 4604	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
etbios.sys
00:37:39.0125 4604	NetBIOS - ok
00:37:39.0171 4604	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
etbt.sys
00:37:39.0171 4604	NetBT - ok
00:37:39.0187 4604	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:37:39.0187 4604	Npfs - ok
00:37:39.0203 4604	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:37:39.0218 4604	Ntfs - ok
00:37:39.0250 4604	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:37:39.0250 4604	Null - ok
00:37:39.0390 4604	nv              (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS
v4_mini.sys
00:37:39.0421 4604	nv - ok
00:37:39.0453 4604	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
00:37:39.0453 4604	NwlnkFlt - ok
00:37:39.0453 4604	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
00:37:39.0468 4604	NwlnkFwd - ok
00:37:39.0484 4604	Parport         (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
00:37:39.0484 4604	Parport - ok
00:37:39.0484 4604	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:37:39.0484 4604	PartMgr - ok
00:37:39.0500 4604	ParVdm          (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
00:37:39.0500 4604	ParVdm - ok
00:37:39.0531 4604	PCI             (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
00:37:39.0531 4604	PCI - ok
00:37:39.0531 4604	PCIDump - ok
00:37:39.0546 4604	PCIIde          (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:37:39.0546 4604	PCIIde - ok
00:37:39.0562 4604	Pcmcia          (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:37:39.0562 4604	Pcmcia - ok
00:37:39.0562 4604	PDCOMP - ok
00:37:39.0562 4604	PDFRAME - ok
00:37:39.0578 4604	PDRELI - ok
00:37:39.0578 4604	PDRFRAME - ok
00:37:39.0593 4604	perc2 - ok
00:37:39.0593 4604	perc2hib - ok
00:37:39.0609 4604	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERSaspptp.sys
00:37:39.0625 4604	PptpMiniport - ok
00:37:39.0625 4604	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:37:39.0625 4604	PSched - ok
00:37:39.0640 4604	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:37:39.0640 4604	Ptilink - ok
00:37:39.0656 4604	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:37:39.0656 4604	PxHelp20 - ok
00:37:39.0671 4604	ql1080 - ok
00:37:39.0671 4604	Ql10wnt - ok
00:37:39.0687 4604	ql12160 - ok
00:37:39.0687 4604	ql1240 - ok
00:37:39.0703 4604	ql1280 - ok
00:37:39.0703 4604	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERSasacd.sys
00:37:39.0703 4604	RasAcd - ok
00:37:39.0718 4604	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERSasl2tp.sys
00:37:39.0718 4604	Rasl2tp - ok
00:37:39.0718 4604	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERSaspppoe.sys
00:37:39.0718 4604	RasPppoe - ok
00:37:39.0734 4604	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERSaspti.sys
00:37:39.0734 4604	Raspti - ok
00:37:39.0734 4604	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERSdbss.sys
00:37:39.0750 4604	Rdbss - ok
00:37:39.0750 4604	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:37:39.0750 4604	RDPCDD - ok
00:37:39.0781 4604	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:37:39.0781 4604	RDPWD - ok
00:37:39.0796 4604	redbook         (378c0484d15621cf12713ccb9af32387) C:\WINDOWS\system32\DRIVERSedbook.sys
00:37:39.0796 4604	Suspicious file (Forged): C:\WINDOWS\system32\DRIVERSedbook.sys. Real md5: 378c0484d15621cf12713ccb9af32387, Fake md5: d8eb2a7904db6c916eb5361878ddcbae
00:37:39.0796 4604	redbook ( ForgedFile.Multi.Generic ) - warning
00:37:39.0796 4604	redbook - detected ForgedFile.Multi.Generic (1)
00:37:39.0828 4604	RT73            (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERSt73.sys
00:37:39.0828 4604	RT73 - ok
00:37:39.0859 4604	RTLE8023xp      (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:37:39.0859 4604	RTLE8023xp - ok
00:37:39.0875 4604	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:37:39.0875 4604	Secdrv - ok
00:37:39.0890 4604	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:37:39.0890 4604	serenum - ok
00:37:39.0906 4604	Serial          (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
00:37:39.0906 4604	Serial - ok
00:37:39.0937 4604	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:37:39.0937 4604	Sfloppy - ok
00:37:39.0937 4604	Simbad - ok
00:37:39.0953 4604	Sparrow - ok
00:37:39.0984 4604	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:37:39.0984 4604	splitter - ok
00:37:40.0000 4604	sr              (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
00:37:40.0000 4604	sr - ok
00:37:40.0031 4604	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:37:40.0031 4604	Srv - ok
00:37:40.0078 4604	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
00:37:40.0078 4604	StarOpen - ok
00:37:40.0093 4604	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:37:40.0093 4604	swenum - ok
00:37:40.0109 4604	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:37:40.0109 4604	swmidi - ok
00:37:40.0125 4604	symc810 - ok
00:37:40.0140 4604	symc8xx - ok
00:37:40.0140 4604	sym_hi - ok
00:37:40.0140 4604	sym_u3 - ok
00:37:40.0171 4604	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:37:40.0171 4604	sysaudio - ok
00:37:40.0218 4604	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS	cpip.sys
00:37:40.0218 4604	Tcpip - ok
00:37:40.0250 4604	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:37:40.0250 4604	TDPIPE - ok
00:37:40.0265 4604	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:37:40.0265 4604	TDTCP - ok
00:37:40.0265 4604	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS	ermdd.sys
00:37:40.0265 4604	TermDD - ok
00:37:40.0281 4604	TosIde - ok
00:37:40.0312 4604	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:37:40.0312 4604	Udfs - ok
00:37:40.0312 4604	ultra - ok
00:37:40.0390 4604	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
00:37:40.0390 4604	UnlockerDriver5 - ok
00:37:40.0406 4604	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:37:40.0406 4604	Update - ok
00:37:40.0421 4604	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:37:40.0421 4604	USBAAPL - ok
00:37:40.0453 4604	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:37:40.0453 4604	usbccgp - ok
00:37:40.0468 4604	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:37:40.0468 4604	usbehci - ok
00:37:40.0500 4604	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:37:40.0500 4604	usbhub - ok
00:37:40.0515 4604	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:37:40.0515 4604	USBSTOR - ok
00:37:40.0515 4604	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:37:40.0515 4604	usbuhci - ok
00:37:40.0531 4604	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:37:40.0531 4604	VgaSave - ok
00:37:40.0531 4604	ViaIde - ok
00:37:40.0546 4604	VolSnap         (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
00:37:40.0546 4604	VolSnap - ok
00:37:40.0562 4604	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:37:40.0562 4604	Wanarp - ok
00:37:40.0562 4604	WDICA - ok
00:37:40.0578 4604	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:37:40.0578 4604	wdmaud - ok
00:37:40.0625 4604	WPRO_40_1340 - ok
00:37:40.0656 4604	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:37:40.0656 4604	WudfPf - ok
00:37:40.0671 4604	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:37:40.0671 4604	WudfRd - ok
00:37:40.0687 4604	MBR (0x1B8)     (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
00:37:40.0781 4604	\Device\Harddisk0\DR0 - ok
00:37:40.0781 4604	Boot (0x1200)   (d0a483ae6db61acfa2050ce2c015ebda) \Device\Harddisk0\DR0\Partition0
00:37:40.0781 4604	\Device\Harddisk0\DR0\Partition0 - ok
00:37:40.0796 4604	Boot (0x1200)   (9aae8383d93e8b4a68ec7076ddab9fc5) \Device\Harddisk0\DR0\Partition1
00:37:40.0796 4604	\Device\Harddisk0\DR0\Partition1 - ok
00:37:40.0796 4604	============================================================
00:37:40.0796 4604	Scan finished
00:37:40.0796 4604	============================================================
00:37:40.0812 5844	Detected object count: 2
00:37:40.0812 5844	Actual detected object count: 2
00:38:22.0531 5844	ca3daf3f ( HiddenFile.Multi.Generic ) - skipped by user
00:38:22.0531 5844	ca3daf3f ( HiddenFile.Multi.Generic ) - User select action: Skip 
00:38:22.0531 5844	HKLM\SYSTEM\ControlSet001\servicesedbook - will be deleted on reboot
00:38:22.0531 5844	HKLM\SYSTEM\ControlSet002\servicesedbook - will be deleted on reboot
00:38:22.0546 5844	HKLM\SYSTEM\ControlSet003\servicesedbook - will be deleted on reboot
00:38:22.0546 5844	C:\WINDOWS\system32\DRIVERSedbook.sys - will be deleted on reboot
00:38:22.0546 5844	redbook ( ForgedFile.Multi.Generic ) - User select action: Delete 
00:38:30.0171 1980	Deinitialize success

Bon j'ai delete le redbook (le Rootkit donc ?), par contre j'ai pas vu cure.
Bonne nuit !

juju666 · Answer

Et lui ? 

00:38:22.0531 5844 ca3daf3f ( HiddenFile.Multi.Generic ) - skipped by user 

Par contre t'aurais supprimé zacces avant ou il est coriace.

&#9654 /!\ IMPORTANT /!\  
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
Protections résidentes : https://forum.pcastuces.com/default.asp
 et https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ 
~~
Pare feu Windows XP : http://support.microsoft.com/kb/283673/fr
Pare feu Windows Vista/7 : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
~~ 
Windows Defender : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
_______________________________________________________________

&#9654 Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :  

http://download.bleepingcomputer.com/sUBs/ComboFix.exe  

&#9654 Double-clique sur ComboFix.exe  
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter  

&#9654 &#9654 SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
&#9654 &#9654 Ne touche à rien (souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC  

&#9654 En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.  
&#9654 Une fois le scan achevé, un rapport va s''afficher : Poste son contenu  
&#9654 &#9654 /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\  

Notes: 
-> Le rapport se trouve également là : C:\ComboFix.txt   
-> tutoriel combofix

Zephir45 · Answer

En effet  il a l'air d'être coriace, TDSSKiller continue de trouver les deux agents alors que j'ai cure / delete hier et aujourd'hui.   
Je vais faire ta manip après avoir mis sur clé quelques fichiers, dans 1h quoi.

Edit : Bon j'ai fait la manip décrite pour Fsecure et désactivé le pare-feu mais Combofix me dit qu'il est toujours actif. Pas grave je lance...

Zephir45 · Answer

Merci, je pense que ça a marché ;
Voici le rapport combofix : 

ComboFix 11-10-04.04 - Proprietaire 04/11/2011  20:08:45.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2047.1705 [GMT 1:00]
Lancé depuis: c:\documents and settings\Proprietaire\Bureau\Zephir.exe.exe
AV: Anti-virus firewall 9.10 *Enabled/Outdated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Anti-virus firewall 9.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Proprietaire\WINDOWS
c:\progra~1\Wanadoo\GestMaj.exe
c:\program files\Audiosurf\mybarnsp39.tmp	bHElper.dll
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\War_Rock_20100722.exe
c:\windows\$NtUninstallKB39677$
c:\windows\$NtUninstallKB39677$\2179549020
c:\windows\$NtUninstallKB39677$\3393040191\@
c:\windows\$NtUninstallKB39677$\3393040191\click.tlb
c:\windows\$NtUninstallKB39677$\3393040191\L\ydsicngk
c:\windows\$NtUninstallKB39677$\3393040191\loader.tlb
c:\windows\$NtUninstallKB39677$\3393040191\U\@00000001
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000c0
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000cb
c:\windows\$NtUninstallKB39677$\3393040191\U\@000000cf
c:\windows\$NtUninstallKB39677$\3393040191\U\@80000000
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000c0
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000cb
c:\windows\$NtUninstallKB39677$\3393040191\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\system32\ 
c:\windows\system32\c_29110.nls
.
Une copie infectée de c:\windows\system32\drivers\afd.sys a été trouvée et désinfectée 
Copie restaurée à partir de - The cat found it :) 
Une copie infectée de c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134839.exe 
.
Une copie infectée de c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134847.exe 
.
Une copie infectée de c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134840.EXE 
.
Une copie infectée de c:\windows\System32\FTRTSVC.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134841.exe 
.
Une copie infectée de c:\program files\iPod\bin\iPodService.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134848.exe 
.
Une copie infectée de c:\program files\Java\jre6\bin\jqs.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134842.exe 
.
Une copie infectée de c:\program files\CDBurnerXP\NMSAccessU.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134843.exe 
.
c:\windows\system32
vsvc32.exe . . . est infecté!!
c:\windows\system32
vsvc32.exe . . . was deleted!! You should re-install the program it pertains to
.
Une copie infectée de c:\program files\TomTom HOME 2\TomTomHOMEService.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134846.exe 
.
Une copie infectée de c:\windows\System32\FTRTSVC.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{91484C9A-5442-4E3F-8FE1-EEDBE120CC83}\RP274\A0134841.exe
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ca3daf3f
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-10-04 au 2011-11-04  ))))))))))))))))))))))))))))))))))))
.
.
2011-11-04 19:06 . 2011-02-16 13:25	138496	-c--a-w-	c:\windows\system32\dllcache\afd.sys
2011-11-04 19:06 . 2011-02-16 13:25	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-11-04 18:52 . 2011-11-04 18:55	--------	d-----w-	C:\Zephir.exe
2011-11-04 18:32 . 2011-11-04 18:32	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-03 23:39 . 2011-11-04 17:16	48016	--sha-w-	c:\windows\system32\c_29110.nl_
2011-11-03 19:38 . 2011-11-03 19:38	--------	d-----w-	c:\program files\Trend Micro
2011-11-02 15:01 . 2011-09-29 07:16	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-02 15:01 . 2011-09-29 07:16	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-11-02 15:01 . 2011-09-29 07:16	773080	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-02 15:01 . 2011-09-29 07:16	719832	----a-w-	c:\program files\Mozilla Firefox\mozcpp19.dll
2011-11-02 15:01 . 2011-09-29 07:16	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-02 15:01 . 2011-09-29 07:16	1833944	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-11-02 15:01 . 2011-09-29 07:16	16856	----a-w-	c:\program files\Mozilla Firefox\plugin-container.exe
2011-11-02 15:01 . 2011-09-29 07:16	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-02 15:01 . 2011-09-29 00:26	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-02 15:01 . 2011-09-29 00:26	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 17:15 . 2006-03-02 12:00	162816	----a-w-	c:\windows\system32\drivers
etbt.sys
2011-11-04 17:10 . 2006-03-02 12:00	54144	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2011-11-04 17:06 . 2011-05-19 17:21	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-04 17:03 . 2006-03-02 12:00	66048	----a-w-	c:\windows\system32\drivers\serial.sys
2011-09-09 09:12 . 2006-03-02 12:00	606208	----a-w-	c:\windows\system32\crypt32.dll
2011-08-31 15:00 . 2011-09-22 18:54	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-17 15:38 . 2010-07-23 18:57	42672	----a-w-	c:\windows\system32\drivers\fsbts.sys
2011-09-29 07:16 . 2011-11-02 15:01	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"Raptr"="c:\progra~1\Raptraptrstub.exe" [2011-08-23 53160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-10-28 199264]
"F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-10-28 1653344]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Proprietaire\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-7-30 385024]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-7-23 962661]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Spotify\spotify.exe"=
"c:\Program Files\Winamp\winamp.exe"=
"c:\Program Files\Steam\Steam.exe"=
"c:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\Raptr\raptr.exe"=
"c:\Program Files\Raptr\raptr_im.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56526:TCP"= 56526:TCP:Pando Media Booster
"56526:UDP"= 56526:UDP:Pando Media Booster
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [23/07/2010 19:57 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [23/07/2010 19:56 80000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19/05/2011 18:21 218688]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [23/07/2010 19:56 68064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [23/07/2010 19:56 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [23/07/2010 19:56 61088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/07/2010 18:47 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10/05/2010 09:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10/05/2010 09:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10/05/2010 09:44 16696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1060284298-839522115-1004Core.job
- c:\documents and settings\Proprietaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-22 12:16]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1060284298-839522115-1004UA.job
- c:\documents and settings\Proprietaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-22 12:16]
.
2011-11-02 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-03-02 17:34]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{D98D28DE-85E3-47AF-9A48-8D2B7444C99A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} -
LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
FF - ProfilePath - c:\documents and settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\3mx2o02i.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)
WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)
HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\GestMaj.exe
HKLM-Run-WOOTASKBARICON - c:\progra~1\Wanadoo\GestMaj.exe
HKLM-Run-adiras - adiras.exe
SafeBoot-27153512.sys
SafeBoot-32904844.sys
SafeBoot-38555438.sys
SafeBoot-44303599.sys
SafeBoot-66257842.sys
SafeBoot-78381703.sys
SafeBoot-80902774.sys
AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 20:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 2584 bytes
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,c8,ea,03,2a,10,51,4f,8e,8b,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,c8,ea,03,2a,10,51,4f,8e,8b,9f,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(3588)
c:\progra~1\Raptr\ltc_help32-54388.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'explorer.exe'(2436)
c:\progra~1\Raptr\ltc_help32-54388.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE
c:\windows\System32\FTRTSVC.exe
c:\program files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Raptraptr.exe
c:\progra~1\Raptraptr_im.exe
.
**************************************************************************
.
Heure de fin: 2011-11-04  20:24:34 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-11-04 19:24
.
Avant-CF: 191 639 683 072 octets libres
Après-CF: 191 909 060 608 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - E53BDDD4B4F8AB0F1A1A3D182C5D41BF

juju666 · Answer

Analyse ces fichiers sur virustotal, clique sur reanlyse si nécessaire et colle les liens de ta barre d'adresse ici :

C:\Zephir.exe      
c:\windows\system32\c_29110.nl_

Zephir45 · Answer

Je ne sais pas si j'ai bien compris ; je suppose qu'il faut que j'upload ces fichiers sur le site VirusTotal mais alors :
-C:\Zephir.exe est en rapport avec Combofix (renommé). Et c'est un dossier, le seul fichier qu'il contient charge indéfiniment sur VirusTotal.
-l'autre est introuvable (via l'explorateur, au moins) - n'a t'il pas été supprimé ?

PS : Je suppose que mon anitvirus a été corrompu aussi ?

Bonne nuit en tous cas ;(

juju666 · Answer

&#9654 &#9654 DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

&#9654 &#9654 SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!! 

&#9654 Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 


KillAll::

Rootkit::
c:\windows\system32\c_29110.nls      

Driver::
ca3daf3f

Folder::
c:\program files\Vuze_Remote\
c:\program files\PokerStars.FR

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]   
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]  
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]   
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]    => Microsoft Security Center  
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56526:TCP"=-     
"56526:UDP"=-

File::
c:\windows\Tasks\shutdown.job      

DDS::
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe 


&#9654 Enregistre ce fichier sous le nom  CFScript 

&#9654 Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif 

&#9654 Combofix se lance, laisse toi guider.. 

&#9654 Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal! 
Ne touche à rien tant que le scan n'est pas terminé. 
&#9654 Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis 

&#9654 Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Zephir45 · Answer

ComboFix 11-10-04.04 - Proprietaire 05/10/2011  17:00:16.2.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2047.1444 [GMT 2:00]
Lancé depuis: c:\documents and settings\Proprietaire\Bureau\Zephir.exe.exe
Commutateurs utilisés :: c:\documents and settings\Proprietaire\Bureau\CFScript.txt
AV: Anti-virus firewall 9.10 *Enabled/Outdated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Anti-virus firewall 9.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\windows\Tasks\shutdown.job"
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PokerStars.FR
c:\program files\PokerStars.FR\_update2.dat
c:\program files\PokerStars.FR\_update2black.dat
c:\program files\PokerStars.FR\_update2default.dat
c:\program files\PokerStars.FR\_update2g.dat
c:\program files\PokerStars.FR\_update2gcd.dat
c:\program files\PokerStars.FR\_update2oldblack.dat
c:\program files\PokerStars.FR\_update2rare.dat
c:\program files\PokerStars.FR\_update2s.dat
c:\program files\PokerStars.FR\_update2simple.dat
c:\program files\PokerStars.FR\_update2skyrock.dat
c:\program files\PokerStars.FR\_update2xblack.dat
c:\program files\PokerStars.FR\_updcache.dat
c:\program files\PokerStars.FR\backup\gx\cashierpaysystem.jpg
c:\program files\PokerStars.FR\backup\gx	emplates\browser.css
c:\program files\PokerStars.FR\backup\gx	emplates\dialog.css
c:\program files\PokerStars.FR\backup\gx	emplates\dialog.html
c:\program files\PokerStars.FR\backup\gx	emplates\help.html
c:\program files\PokerStars.FR\backup\gx	emplates\menu.xml
c:\program files\PokerStars.FR\backup\gx	mp.jpg
c:\program files\PokerStars.FR\backup\i18n.msg_cli.txt
c:\program files\PokerStars.FR\backup\PokerStars.exe
c:\program files\PokerStars.FR\backup\PokerStars.ini
c:\program files\PokerStars.FR\backup	hemes\&default\gx.ini
c:\program files\PokerStars.FR\backup	hemes\black\gx.ini
c:\program files\PokerStars.FR\backup	hemes\black	emplates\dialog.html
c:\program files\PokerStars.FR\backup	hemes\oldblack\gx.ini
c:\program files\PokerStars.FR\backup\update.ini
c:\program files\PokerStars.FR\fw.ini
c:\program files\PokerStars.FR\gx\arr.a.bmp
c:\program files\PokerStars.FR\gx\arr.bmp
c:\program files\PokerStars.FR\gx\bg.jpg
c:\program files\PokerStars.FR\gx\bg.png
c:\program files\PokerStars.FR\gx\blt.a.bmp
c:\program files\PokerStars.FR\gx\blt.bmp
c:\program files\PokerStars.FR\gx\cards.jpg
c:\program files\PokerStars.FR\gx\cashierpaysystem.a.bmp
c:\program files\PokerStars.FR\gx\cashierpaysystem.bmp
c:\program files\PokerStars.FR\gx\cashierpaysystem.jpg
c:\program files\PokerStars.FR\gx\cashierpaysystemfast.png
c:\program files\PokerStars.FR\gx\cheque.jpg
c:\program files\PokerStars.FR\gx\chequeCA.jpg
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chipone.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\chipone.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\mini-dealer.png
c:\program files\PokerStars.FR\gx\chips&deck\chips\0\mini-dealer2.png
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\1\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\2\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\3\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\4\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\5\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip-d.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip-d.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip000025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0001.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0001.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0005.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0005.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0025.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0025.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0100.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0100.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0500.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip0500.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip1000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip100000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip25000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip5000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000000.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\chips\6\chip500000000.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\1\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardface.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardface.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\back.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardfade.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardfade.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardnoshow.png
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\cardshow.png
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\smback.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\default\smback.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\1\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\large\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase-mini.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase-mini.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\0\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\1\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\2\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\3\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\4\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\5\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardbase.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardbase.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardrank.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardrank.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardsuit.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\cardsuit.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\deck.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\6\deck.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\back.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\back.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\cardfade.a.bmp
c:\program files\PokerStars.FR\gx\chips&deck\deck\simple\cardfade.bmp
c:\program files\PokerStars.FR\gx\close.a.bmp
c:\program files\PokerStars.FR\gx\close.bmp
c:\program files\PokerStars.FR\gx\ctep.bmp
c:\program files\PokerStars.FR\gx\ctrls\bb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\bb.bmp
c:\program files\PokerStars.FR\gx\ctrls\bracket-bg.jpg
c:\program files\PokerStars.FR\gx\ctrls\bracket-bg.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-bye.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header-curr.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header-final.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-header.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-logo.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-adv.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-in.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-out.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-player-won.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spacer.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-b.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-sm.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade-t.png
c:\program files\PokerStars.FR\gx\ctrls\bracket-spade.png
c:\program files\PokerStars.FR\gx\ctrls\btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb-fd.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb-fd.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashiergb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierrb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cashierrb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb2.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cb2.bmp
c:\program files\PokerStars.FR\gx\ctrls\cbtn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\cbtn.bmp
c:\program files\PokerStars.FR\gx\ctrls\close.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\close.bmp
c:\program files\PokerStars.FR\gx\ctrls\collapse.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\collapse.bmp
c:\program files\PokerStars.FR\gx\ctrls\detach.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\detach.bmp
c:\program files\PokerStars.FR\gx\ctrls\disclose.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\disclose.bmp
c:\program files\PokerStars.FR\gx\ctrls\drag-btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\drag-btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\edited-icon.png
c:\program files\PokerStars.FR\gx\ctrls\gblk.bmp
c:\program files\PokerStars.FR\gx\ctrls\gear-icon.png
c:\program files\PokerStars.FR\gx\ctrls\gear-icon2.png
c:\program files\PokerStars.FR\gx\ctrls\helper-bar.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-bg.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-collapse.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-lock.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-refresh.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-reset.bmp
c:\program files\PokerStars.FR\gx\ctrls\helper-size.bmp
c:\program files\PokerStars.FR\gx\ctrls\lb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\lb.bmp
c:\program files\PokerStars.FR\gx\ctrls\lock.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\lock.bmp
c:\program files\PokerStars.FR\gx\ctrls
ote-icon.png
c:\program files\PokerStars.FR\gx\ctrls\progress-b.png
c:\program files\PokerStars.FR\gx\ctrls\progress-red.png
c:\program files\PokerStars.FR\gx\ctrls\progress.png
c:\program files\PokerStars.FR\gx\ctrlsblk.bmp
c:\program files\PokerStars.FR\gx\ctrlsbtn.a.bmp
c:\program files\PokerStars.FR\gx\ctrlsbtn.bmp
c:\program files\PokerStars.FR\gx\ctrlsefresh.a.bmp
c:\program files\PokerStars.FR\gx\ctrlsefresh.bmp
c:\program files\PokerStars.FR\gx\ctrlseset.a.bmp
c:\program files\PokerStars.FR\gx\ctrlseset.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-both.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-both.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-pause.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-pause.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-play.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\s-btn-play.bmp
c:\program files\PokerStars.FR\gx\ctrls\share-on-boom.png
c:\program files\PokerStars.FR\gx\ctrls\sizebox.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\sizebox.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider-grip.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider-grip.bmp
c:\program files\PokerStars.FR\gx\ctrls\slider.bmp
c:\program files\PokerStars.FR\gx\ctrls\ss-btn.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\ss-btn.bmp
c:\program files\PokerStars.FR\gx\ctrls\stb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\stb.bmp
c:\program files\PokerStars.FR\gx\ctrls\stellar-bar.png
c:\program files\PokerStars.FR\gx\ctrls	abs.a.bmp
c:\program files\PokerStars.FR\gx\ctrls	abs.bmp
c:\program files\PokerStars.FR\gx\ctrls	ourn-link.a.bmp
c:\program files\PokerStars.FR\gx\ctrls	ourn-link.bmp
c:\program files\PokerStars.FR\gx\ctrls	ta-back.bmp
c:\program files\PokerStars.FR\gx\ctrls	ta-border.a.bmp
c:\program files\PokerStars.FR\gx\ctrls	ta-border.bmp
c:\program files\PokerStars.FR\gx\ctrls\wb.a.bmp
c:\program files\PokerStars.FR\gx\ctrls\wb.bmp
c:\program files\PokerStars.FR\gx\cvn.jpg
c:\program files\PokerStars.FR\gx\cvn_astro.jpg
c:\program files\PokerStars.FR\gx\dialog.a.bmp
c:\program files\PokerStars.FR\gx\dialog.bmp
c:\program files\PokerStars.FR\gx\dl.jpg
c:\program files\PokerStars.FR\gx\fdicon-table.png
c:\program files\PokerStars.FR\gx\fdicon.png
c:\program files\PokerStars.FR\gx\fg-active.png
c:\program files\PokerStars.FR\gx\fg-inactive.png
c:\program files\PokerStars.FR\gx\fg-on.a.bmp
c:\program files\PokerStars.FR\gx\fg-on.bmp
c:\program files\PokerStars.FR\gx\fg.a.bmp
c:\program files\PokerStars.FR\gx\fg.b.bmp
c:\program files\PokerStars.FR\gx\fg.bmp
c:\program files\PokerStars.FR\gx\fg.png
c:\program files\PokerStars.FR\gx\fg10.png
c:\program files\PokerStars.FR\gx\fg2.png
c:\program files\PokerStars.FR\gx\fg4.png
c:\program files\PokerStars.FR\gx\fg6.png
c:\program files\PokerStars.FR\gx\fg7.png
c:\program files\PokerStars.FR\gx\fg8.png
c:\program files\PokerStars.FR\gx\fg9.png
c:\program files\PokerStars.FR\gx\filter-ico.a.bmp
c:\program files\PokerStars.FR\gx\filter-ico.bmp
c:\program files\PokerStars.FR\gx\filter.a.bmp
c:\program files\PokerStars.FR\gx\filter.bmp
c:\program files\PokerStars.FR\gx\filterb.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar08.pff
c:\program files\PokerStars.FR\gx\fonts\ar09.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar09.pff
c:\program files\PokerStars.FR\gx\fonts\ar10.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\ar10.pff
c:\program files\PokerStars.FR\gx\fonts\arb08.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb08.pff
c:\program files\PokerStars.FR\gx\fonts\arb09.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb09.pff
c:\program files\PokerStars.FR\gx\fonts\arb10.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb10.pff
c:\program files\PokerStars.FR\gx\fonts\arb11.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb11.pff
c:\program files\PokerStars.FR\gx\fonts\arb11i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb12.pff
c:\program files\PokerStars.FR\gx\fonts\arb12i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1250i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1251i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1252i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1253i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1254i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1255i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1256i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.cp1257i.bmp
c:\program files\PokerStars.FR\gx\fonts\arb14.pff
c:\program files\PokerStars.FR\gx\fonts\arb14i.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu09.pff
c:\program files\PokerStars.FR\gx\fonts\arbu10.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu10.pff
c:\program files\PokerStars.FR\gx\fonts\arbu12.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\arbu12.pff
c:\program files\PokerStars.FR\gx\fonts\aru08.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\aru08.pff
c:\program files\PokerStars.FR\gx\fonts\gmb075.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb075.pff
c:\program files\PokerStars.FR\gx\fonts\gmb08.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb08.pff
c:\program files\PokerStars.FR\gx\fonts\gmb09.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb09.pff
c:\program files\PokerStars.FR\gx\fonts\gmb10.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb10.pff
c:\program files\PokerStars.FR\gx\fonts\gmb11.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb11.pff
c:\program files\PokerStars.FR\gx\fonts\gmb12.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb12.pff
c:\program files\PokerStars.FR\gx\fonts\gmb14.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb14.pff
c:\program files\PokerStars.FR\gx\fonts\gmb16.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb16.pff
c:\program files\PokerStars.FR\gx\fonts\gmb18.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb18.pff
c:\program files\PokerStars.FR\gx\fonts\gmb20.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\gmb20.pff
c:\program files\PokerStars.FR\gx\fonts\lg08.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lg08.pff
c:\program files\PokerStars.FR\gx\fonts\lg09.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lg09.pff
c:\program files\PokerStars.FR\gx\fonts\lgb075.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb075.pff
c:\program files\PokerStars.FR\gx\fonts\lgb08.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb08.pff
c:\program files\PokerStars.FR\gx\fonts\lgb09.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb09.pff
c:\program files\PokerStars.FR\gx\fonts\lgb10.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb10.pff
c:\program files\PokerStars.FR\gx\fonts\lgb11.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb11.pff
c:\program files\PokerStars.FR\gx\fonts\lgb12.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb12.pff
c:\program files\PokerStars.FR\gx\fonts\lgb14.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb14.pff
c:\program files\PokerStars.FR\gx\fonts\lgb16.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1250.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1251.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1252.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1253.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1254.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1255.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1256.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.cp1257.bmp
c:\program files\PokerStars.FR\gx\fonts\lgb16.pff
c:\program files\PokerStars.FR\gx\fonts\lgb18.bmp
c:\progr

g3n-h@ckm@n · Answer

salut pour avancer :

héberge le rapport comme tu l'as fait pour zhpdiag :)

Zephir45 · Answer

Ah exact le rapport était coupé.
https://pjjoint.malekal.com/files.php?id=n5g15y13l13l6s13s12138e10c14s13u7j10g1212q14p7m11l6
Bonne nuit :)

juju666 · Answer

&#9654 Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

&#9654 &#9654 Désactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "exécuter en tant qu'administrateur"

&#9654 clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la présence d''un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

&#9654 &#9654 Ensuite

&#9654 sur les lignes rouge:

&#9654 Services:cliques droit delete service
&#9654 Process:cliques droit kill process
&#9654 Adl ,file:cliques droit delete files

Zephir45 · Answer

Désolé du retard mais j'ai dû attendre le weekend car le scan a duré au moins 4h.
Pas de lignes rouges, voici le rapport :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-08 20:25:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 WDC_WD6400AAKS-22A7B2 rev.01.03B01
Running: hhl6dsqb.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kgldrpow.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwCreateProcess [0xBA772CC6]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwCreateProcessEx [0xBA772CE0]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwCreateThread [0xBA771E7C]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwLoadDriver [0xBA7721AC]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwMapViewOfSection [0xBA771BBC]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwOpenSection [0xBA7725DE]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwRenameKey [0xBA77387C]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwSetSystemInformation [0xBA77242E]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwSuspendProcess [0xBA771A3C]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwSuspendThread [0xBA771EB0]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwSystemDebugControl [0xBA772032]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwTerminateProcess [0xBA771996]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwTerminateThread [0xBA771AF6]
SSDT            \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation)  ZwWriteVirtualMemory [0xBA771F76]

Code            fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)                                                       IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 46A                                                                                    804E4CC4 12 Bytes  [3C, 1A, 77, BA, B0, 1E, 77, ...] {CMP AL, 0x1a; JA 0xffffffffffffffbe; MOV AL, 0x1e; JA 0xffffffffffffffc2; XOR AH, [EAX]; JA 0xffffffffffffffc6}
.text           C:\WINDOWS\system32\DRIVERS
v4_mini.sys                                                                               section is writeable [0xB992F360, 0x32E00D, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                 section is writeable [0xB3880300, 0x3ACC8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                 section is writeable [0xF77D7300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!DispatchMessageW                                                          7E398A01 5 Bytes  JMP 068D5110 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!PeekMessageW                                                              7E39929B 5 Bytes  JMP 068DD150 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!DispatchMessageA                                                          7E3996B8 5 Bytes  JMP 068D4108 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!AnimateWindow                                                             7E3A2156 5 Bytes  JMP 068D9130 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!SetForegroundWindow                                                       7E3A42ED 5 Bytes  JMP 068DA138 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!WindowFromPoint                                                           7E3A9766 5 Bytes  JMP 068D3100 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!SetWindowPos                                                              7E3A99F3 5 Bytes  JMP 068D8128 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!PeekMessageA                                                              7E3AA340 5 Bytes  JMP 068DC148 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!ShowWindow                                                                7E3AAF56 5 Bytes  JMP 068D6118 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!DestroyWindow                                                             7E3AB19C 5 Bytes  JMP 068D7120 
.text           C:\PROGRA~1\Raptraptr.exe[2740] USER32.dll!SetCapture                                                                7E3AC35E 5 Bytes  JMP 068DB140 
.text           C:\PROGRA~1\Raptraptr.exe[2740] GDI32.dll!BitBlt                                                                     77EF6F79 5 Bytes  JMP 068D20F8 
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe[2928] ntdll.dll!NtCreateProcess                                7C91D14E 5 Bytes  JMP 06DB100C 
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe[2928] ntdll.dll!NtCreateProcessEx                              7C91D15E 5 Bytes  JMP 06DB200C 
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe[2928] ntdll.dll!LdrLoadDll                                     7C92632D 5 Bytes  JMP 0121F860 C:\Program Files\Mozilla Firefox 4.0 Beta 9\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe[2928] kernel32.dll!LoadLibraryExW                              7C801AF5 5 Bytes  JMP 06DB000C 
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe[4084] USER32.dll!SetWindowLongA                       7E3AC29D 5 Bytes  JMP 1069DD6C C:\Program Files\Mozilla Firefox 4.0 Beta 9\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe[4084] USER32.dll!SetWindowLongW                       7E3AC2BB 5 Bytes  JMP 1069DCFE C:\Program Files\Mozilla Firefox 4.0 Beta 9\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe[4084] USER32.dll!GetWindowInfo                        7E3AC49C 5 Bytes  JMP 10458420 C:\Program Files\Mozilla Firefox 4.0 Beta 9\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe[4084] USER32.dll!TrackPopupMenu                       7E3E531E 5 Bytes  JMP 104589D4 C:\Program Files\Mozilla Firefox 4.0 Beta 9\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                                                               fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\Tcp                                                                                              fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\Udp                                                                                              fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\RawIp                                                                                            fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                      fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

g3n-h@ckm@n · Answer

salut Juju m'a demandé de t'aider à finir :) desinstalle Adobe reader 9 =========================================== __________________________________________________ =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <= =>il est fort déconseillé de le transposer sur un autre ordinateur !<= ---------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: File:: c:\windows\system32\c_29110.nl_ Folder:: c:\windows\system32\config\systemprofile\Application Data\Toolbar4 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "nwiz"=- "QuickTime Task"=- "iTunesHelper"=- RegLock:: [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] ------------------------------------------------------------------ ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ▶ Quitte le Bloc Notes ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Infection des ports USB ?

22 réponses

Votre réponse

Discussions similaires

Newsletters